| $label<\\/td> | \\([^<]\\{1,\\}\\)<\\/td><\\/tr>/\\1/i\")\n printf \"%s\" \"$lookup_result\"\n return 0\n}\n\n# html\n_zyxel_gs1900_get_model() {\n html=\"$1\"\n model_name=$(_zyxel_html_table_lookup \"$html\" \"Model Name:\")\n printf \"%s\" \"$model_name\"\n}\n\n# html\n_zyxel_gs1900_get_firmware_version() {\n html=\"$1\"\n firmware_version=$(_zyxel_html_table_lookup \"$html\" \"Firmware Version:\" | _egrep_o \"V[^.]+.[^(]+\")\n printf \"%s\" \"$firmware_version\"\n}\n\n# version_number\n_zyxel_gs1900_parse_major_version() {\n printf \"%s\" \"$1\" | sed 's/^V\\([0-9]\\{1,\\}\\).\\{1,\\}$/\\1/gi'\n}\n\n# version_number\n_zyxel_gs1900_parse_minor_version() {\n printf \"%s\" \"$1\" | sed 's/^.\\{1,\\}\\.\\([0-9]\\{1,\\}\\)$/\\1/gi'\n}\n"
},
{
"path": "dnsapi/README.md",
"content": "# How to use DNS API\nDNS api usage:\n\n\nhttps://github.com/acmesh-official/acme.sh/wiki/dnsapi\n\n"
},
{
"path": "dnsapi/dns_1984hosting.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_1984hosting_info='1984.hosting\nDomains: 1984.is\nSite: 1984.hosting\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_1984hosting\nOptions:\n One984HOSTING_Username Username\n One984HOSTING_Password Password\nIssues: github.com/acmesh-official/acme.sh/issues/2851\nAuthor: Adrian Fedoreanu\n'\n\n######## Public functions #####################\n\n# Usage: dns_1984hosting_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Add a text record.\ndns_1984hosting_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Add TXT record using 1984Hosting.\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if ! _1984hosting_login; then\n _err \"1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file.\"\n return 1\n fi\n\n _debug \"First detect the root zone.\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain '$fulldomain'.\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Add TXT record $fulldomain with value '$txtvalue'.\"\n value=\"$(printf '%s' \"$txtvalue\" | _url_encode)\"\n url=\"https://1984.hosting/domains/entry/\"\n\n postdata=\"entry=new\"\n postdata=\"$postdata&type=TXT\"\n postdata=\"$postdata&ttl=900\"\n postdata=\"$postdata&zone=$_domain\"\n postdata=\"$postdata&host=$_sub_domain\"\n postdata=\"$postdata&rdata=%22$value%22\"\n _debug2 postdata \"$postdata\"\n\n _authpost \"$postdata\" \"$url\"\n if _contains \"$_response\" '\"haserrors\": true'; then\n _err \"1984Hosting failed to add TXT record for $_sub_domain bad RC from _post.\"\n return 1\n elif _contains \"$_response\" \"html>\"; then\n _err \"1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file.\"\n return 1\n elif _contains \"$_response\" '\"auth\": false'; then\n _err \"1984Hosting failed to add TXT record for $_sub_domain. Invalid or expired cookie.\"\n return 1\n fi\n\n _info \"Added acme challenge TXT record for $fulldomain at 1984Hosting.\"\n return 0\n}\n\n# Usage: fulldomain txtvalue\n# Remove the txt record after validation.\ndns_1984hosting_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Delete TXT record using 1984Hosting.\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if ! _1984hosting_login; then\n _err \"1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file.\"\n return 1\n fi\n\n _debug \"First detect the root zone.\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain '$fulldomain'.\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug \"Delete $fulldomain TXT record.\"\n\n url=\"https://1984.hosting/domains\"\n if ! _get_zone_id \"$url\" \"$_domain\"; then\n _err \"Invalid zone '$_domain'.\"\n return 1\n fi\n\n _htmlget \"$url/$_zone_id\" \"$txtvalue\"\n entry_id=\"$(echo \"$_response\" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')\"\n _debug2 entry_id \"$entry_id\"\n if [ -z \"$entry_id\" ]; then\n _err \"Error getting TXT entry_id for $1.\"\n return 1\n fi\n\n _authpost \"entry=$entry_id\" \"$url/delentry/\"\n if ! _contains \"$_response\" '\"ok\": true'; then\n _err \"1984Hosting failed to delete TXT record for $entry_id bad RC from _post.\"\n return 1\n fi\n\n _info \"Deleted acme challenge TXT record for $fulldomain at 1984Hosting.\"\n return 0\n}\n\n#################### Private functions below ##################################\n_1984hosting_login() {\n if ! _check_credentials; then return 1; fi\n\n if _check_cookies; then\n _debug \"Already logged in.\"\n return 0\n fi\n\n _debug \"Login to 1984Hosting as user $One984HOSTING_Username.\"\n username=$(printf '%s' \"$One984HOSTING_Username\" | _url_encode)\n password=$(printf '%s' \"$One984HOSTING_Password\" | _url_encode)\n url=\"https://1984.hosting/api/auth/\"\n\n _get \"https://1984.hosting/accounts/login/\" | grep \"csrfmiddlewaretoken\"\n csrftoken=\"$(grep -i '^set-cookie:' \"$HTTP_HEADER\" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')\"\n sessionid=\"$(grep -i '^set-cookie:' \"$HTTP_HEADER\" | _egrep_o 'cookie1984nammnamm=[^;]*;' | tr -d ';')\"\n\n if [ -z \"$csrftoken\" ] || [ -z \"$sessionid\" ]; then\n _err \"One or more cookies are empty: '$csrftoken', '$sessionid'.\"\n return 1\n fi\n\n export _H1=\"Cookie: $csrftoken; $sessionid\"\n export _H2=\"Referer: https://1984.hosting/accounts/login/\"\n csrf_header=$(echo \"$csrftoken\" | sed 's/csrftoken=//' | _head_n 1)\n export _H3=\"X-CSRFToken: $csrf_header\"\n\n response=\"$(_post \"username=$username&password=$password&otpkey=\" $url)\"\n response=\"$(echo \"$response\" | _normalizeJson)\"\n _debug2 response \"$response\"\n\n if _contains \"$response\" '\"loggedin\": true'; then\n One984HOSTING_SESSIONID_COOKIE=\"$(grep -i '^set-cookie:' \"$HTTP_HEADER\" | _egrep_o 'cookie1984nammnamm=[^;]*;' | tr -d ';')\"\n One984HOSTING_CSRFTOKEN_COOKIE=\"$(grep -i '^set-cookie:' \"$HTTP_HEADER\" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')\"\n export One984HOSTING_SESSIONID_COOKIE\n export One984HOSTING_CSRFTOKEN_COOKIE\n _saveaccountconf_mutable One984HOSTING_Username \"$One984HOSTING_Username\"\n _saveaccountconf_mutable One984HOSTING_Password \"$One984HOSTING_Password\"\n _saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE \"$One984HOSTING_SESSIONID_COOKIE\"\n _saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE \"$One984HOSTING_CSRFTOKEN_COOKIE\"\n return 0\n fi\n return 1\n}\n\n_check_credentials() {\n One984HOSTING_Username=\"${One984HOSTING_Username:-$(_readaccountconf_mutable One984HOSTING_Username)}\"\n One984HOSTING_Password=\"${One984HOSTING_Password:-$(_readaccountconf_mutable One984HOSTING_Password)}\"\n if [ -z \"$One984HOSTING_Username\" ] || [ -z \"$One984HOSTING_Password\" ]; then\n One984HOSTING_Username=\"\"\n One984HOSTING_Password=\"\"\n _clearaccountconf_mutable One984HOSTING_Username\n _clearaccountconf_mutable One984HOSTING_Password\n _err \"You haven't specified 1984Hosting username or password yet.\"\n _err \"Please export as One984HOSTING_Username / One984HOSTING_Password and try again.\"\n return 1\n fi\n return 0\n}\n\n_check_cookies() {\n One984HOSTING_SESSIONID_COOKIE=\"${One984HOSTING_SESSIONID_COOKIE:-$(_readaccountconf_mutable One984HOSTING_SESSIONID_COOKIE)}\"\n One984HOSTING_CSRFTOKEN_COOKIE=\"${One984HOSTING_CSRFTOKEN_COOKIE:-$(_readaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE)}\"\n if [ -z \"$One984HOSTING_SESSIONID_COOKIE\" ] || [ -z \"$One984HOSTING_CSRFTOKEN_COOKIE\" ]; then\n _debug \"No cached cookie(s) found.\"\n return 1\n fi\n\n _authget \"https://1984.hosting/api/auth/\"\n if _contains \"$_response\" '\"ok\": true'; then\n _debug \"Cached cookies still valid.\"\n return 0\n fi\n\n _debug \"Cached cookies no longer valid. Clearing cookies.\"\n One984HOSTING_SESSIONID_COOKIE=\"\"\n One984HOSTING_CSRFTOKEN_COOKIE=\"\"\n _clearaccountconf_mutable One984HOSTING_SESSIONID_COOKIE\n _clearaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE\n return 1\n}\n\n# _acme-challenge.www.domain.com\n# Returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=\"$1\"\n i=1\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n\n # not valid\n if [ -z \"$h\" ]; then\n return 1\n fi\n\n _authget \"https://1984.hosting/domains/zonestatus/$h/?cached=no\"\n if _contains \"$_response\" '\"ok\": true'; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n# Usage: _get_zone_id url domain.com\n# Returns zone id for domain.com\n_get_zone_id() {\n url=$1\n domain=$2\n _htmlget \"$url\" \"$domain\"\n _zone_id=\"$(echo \"$_response\" | _egrep_o 'zone\\/[0-9]+' | _head_n 1)\"\n _debug2 _zone_id \"$_zone_id\"\n if [ -z \"$_zone_id\" ]; then\n _err \"Error getting _zone_id for $2.\"\n return 1\n fi\n return 0\n}\n\n# Add extra headers to request\n_authget() {\n export _H1=\"Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE\"\n _response=$(_get \"$1\" | _normalizeJson)\n _debug2 _response \"$_response\"\n}\n\n# Truncate huge HTML response\n_htmlget() {\n export _H1=\"Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE\"\n _response=$(_get \"$1\" | grep \"$2\")\n if _contains \"$_response\" \"@$2\"; then\n _response=$(echo \"$_response\" | grep -v \"[@]\" | _head_n 1)\n fi\n _debug2 _response \"$_response\"\n}\n\n# Add extra headers to request\n_authpost() {\n url=\"https://1984.hosting/domains\"\n _get_zone_id \"$url\" \"$_domain\"\n csrf_header=\"$(echo \"$One984HOSTING_CSRFTOKEN_COOKIE\" | _egrep_o \"=[^=][0-9a-zA-Z]*\" | tr -d \"=\")\"\n export _H1=\"Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE\"\n export _H2=\"Referer: https://1984.hosting/domains/$_zone_id\"\n export _H3=\"X-CSRFToken: $csrf_header\"\n _response=\"$(_post \"$1\" \"$2\" | _normalizeJson)\"\n _debug2 _response \"$_response\"\n}\n"
},
{
"path": "dnsapi/dns_acmedns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_acmedns_info='acme-dns Server API\n The acme-dns is a limited DNS server with RESTful API to handle ACME DNS challenges.\nSite: github.com/joohoi/acme-dns\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_acmedns\nOptions:\n ACMEDNS_USERNAME Username. Optional.\n ACMEDNS_PASSWORD Password. Optional.\n ACMEDNS_SUBDOMAIN Subdomain. Optional.\n ACMEDNS_BASE_URL API endpoint. Default: \"https://auth.acme-dns.io\".\nIssues: github.com/dampfklon/acme.sh\nAuthor: Wolfgang Ebner, Sven Neubuaer\n'\n\n######## Public functions #####################\n\n#Usage: dns_acmedns_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_acmedns_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using acme-dns\"\n _debug \"fulldomain $fulldomain\"\n _debug \"txtvalue $txtvalue\"\n\n #for compatiblity from account conf\n ACMEDNS_USERNAME=\"${ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}\"\n _clearaccountconf_mutable ACMEDNS_USERNAME\n ACMEDNS_PASSWORD=\"${ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}\"\n _clearaccountconf_mutable ACMEDNS_PASSWORD\n ACMEDNS_SUBDOMAIN=\"${ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}\"\n _clearaccountconf_mutable ACMEDNS_SUBDOMAIN\n\n ACMEDNS_BASE_URL=\"${ACMEDNS_BASE_URL:-$(_readdomainconf ACMEDNS_BASE_URL)}\"\n ACMEDNS_USERNAME=\"${ACMEDNS_USERNAME:-$(_readdomainconf ACMEDNS_USERNAME)}\"\n ACMEDNS_PASSWORD=\"${ACMEDNS_PASSWORD:-$(_readdomainconf ACMEDNS_PASSWORD)}\"\n ACMEDNS_SUBDOMAIN=\"${ACMEDNS_SUBDOMAIN:-$(_readdomainconf ACMEDNS_SUBDOMAIN)}\"\n\n if [ \"$ACMEDNS_BASE_URL\" = \"\" ]; then\n ACMEDNS_BASE_URL=\"https://auth.acme-dns.io\"\n fi\n\n ACMEDNS_UPDATE_URL=\"$ACMEDNS_BASE_URL/update\"\n ACMEDNS_REGISTER_URL=\"$ACMEDNS_BASE_URL/register\"\n\n if [ -z \"$ACMEDNS_USERNAME\" ] || [ -z \"$ACMEDNS_PASSWORD\" ]; then\n response=\"$(_post \"\" \"$ACMEDNS_REGISTER_URL\" \"\" \"POST\")\"\n _debug response \"$response\"\n ACMEDNS_USERNAME=$(echo \"$response\" | sed -n 's/^{.*\\\"username\\\":[ ]*\\\"\\([^\\\"]*\\)\\\".*}/\\1/p')\n _debug \"received username: $ACMEDNS_USERNAME\"\n ACMEDNS_PASSWORD=$(echo \"$response\" | sed -n 's/^{.*\\\"password\\\":[ ]*\\\"\\([^\\\"]*\\)\\\".*}/\\1/p')\n _debug \"received password: $ACMEDNS_PASSWORD\"\n ACMEDNS_SUBDOMAIN=$(echo \"$response\" | sed -n 's/^{.*\\\"subdomain\\\":[ ]*\\\"\\([^\\\"]*\\)\\\".*}/\\1/p')\n _debug \"received subdomain: $ACMEDNS_SUBDOMAIN\"\n ACMEDNS_FULLDOMAIN=$(echo \"$response\" | sed -n 's/^{.*\\\"fulldomain\\\":[ ]*\\\"\\([^\\\"]*\\)\\\".*}/\\1/p')\n _info \"##########################################################\"\n _info \"# Create $fulldomain CNAME $ACMEDNS_FULLDOMAIN DNS entry #\"\n _info \"##########################################################\"\n _info \"Press enter to continue... \"\n read -r _\n fi\n\n _savedomainconf ACMEDNS_BASE_URL \"$ACMEDNS_BASE_URL\"\n _savedomainconf ACMEDNS_USERNAME \"$ACMEDNS_USERNAME\"\n _savedomainconf ACMEDNS_PASSWORD \"$ACMEDNS_PASSWORD\"\n _savedomainconf ACMEDNS_SUBDOMAIN \"$ACMEDNS_SUBDOMAIN\"\n\n export _H1=\"X-Api-User: $ACMEDNS_USERNAME\"\n export _H2=\"X-Api-Key: $ACMEDNS_PASSWORD\"\n data=\"{\\\"subdomain\\\":\\\"$ACMEDNS_SUBDOMAIN\\\", \\\"txt\\\": \\\"$txtvalue\\\"}\"\n\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$ACMEDNS_UPDATE_URL\" \"\" \"POST\")\"\n _debug response \"$response\"\n\n if ! echo \"$response\" | grep \"\\\"$txtvalue\\\"\" >/dev/null; then\n _err \"invalid response of acme-dns\"\n return 1\n fi\n\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_acmedns_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using acme-dns\"\n _debug \"fulldomain $fulldomain\"\n _debug \"txtvalue $txtvalue\"\n}\n\n#################### Private functions below ##################################\n"
},
{
"path": "dnsapi/dns_acmeproxy.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_acmeproxy_info='AcmeProxy Server API\n AcmeProxy can be used to as a single host in your network to request certificates through a DNS API.\n Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host.\nSite: github.com/mdbraber/acmeproxy\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy\nOptions:\n ACMEPROXY_ENDPOINT API Endpoint\n ACMEPROXY_USERNAME Username\n ACMEPROXY_PASSWORD Password\nIssues: github.com/acmesh-official/acme.sh/issues/2251\nAuthor: Maarten den Braber\n'\n\ndns_acmeproxy_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n action=\"present\"\n\n _debug \"Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'\"\n _acmeproxy_request \"$fulldomain\" \"$txtvalue\" \"$action\"\n}\n\ndns_acmeproxy_rm() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n action=\"cleanup\"\n\n _debug \"Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'\"\n _acmeproxy_request \"$fulldomain\" \"$txtvalue\" \"$action\"\n}\n\n_acmeproxy_request() {\n\n ## Nothing to see here, just some housekeeping\n fulldomain=$1\n txtvalue=$2\n action=$3\n\n _info \"Using acmeproxy\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ACMEPROXY_ENDPOINT=\"${ACMEPROXY_ENDPOINT:-$(_readaccountconf_mutable ACMEPROXY_ENDPOINT)}\"\n ACMEPROXY_USERNAME=\"${ACMEPROXY_USERNAME:-$(_readaccountconf_mutable ACMEPROXY_USERNAME)}\"\n ACMEPROXY_PASSWORD=\"${ACMEPROXY_PASSWORD:-$(_readaccountconf_mutable ACMEPROXY_PASSWORD)}\"\n\n ## Check for the endpoint\n if [ -z \"$ACMEPROXY_ENDPOINT\" ]; then\n ACMEPROXY_ENDPOINT=\"\"\n _err \"You didn't specify the endpoint\"\n _err \"Please set them via 'export ACMEPROXY_ENDPOINT=https://ip:port' and try again.\"\n return 1\n fi\n\n ## Save the credentials to the account file\n _saveaccountconf_mutable ACMEPROXY_ENDPOINT \"$ACMEPROXY_ENDPOINT\"\n _saveaccountconf_mutable ACMEPROXY_USERNAME \"$ACMEPROXY_USERNAME\"\n _saveaccountconf_mutable ACMEPROXY_PASSWORD \"$ACMEPROXY_PASSWORD\"\n\n if [ -z \"$ACMEPROXY_USERNAME\" ] || [ -z \"$ACMEPROXY_PASSWORD\" ]; then\n _info \"ACMEPROXY_USERNAME and/or ACMEPROXY_PASSWORD not set - using without client authentication! Make sure you're using server authentication (e.g. IP-based)\"\n export _H1=\"Accept: application/json\"\n export _H2=\"Content-Type: application/json\"\n else\n ## Base64 encode the credentials\n credentials=$(printf \"%b\" \"$ACMEPROXY_USERNAME:$ACMEPROXY_PASSWORD\" | _base64)\n\n ## Construct the HTTP Authorization header\n export _H1=\"Authorization: Basic $credentials\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Content-Type: application/json\"\n fi\n\n ## Add the challenge record to the acmeproxy grid member\n response=\"$(_post \"{\\\"fqdn\\\": \\\"$fulldomain.\\\", \\\"value\\\": \\\"$txtvalue\\\"}\" \"$ACMEPROXY_ENDPOINT/$action\" \"\" \"POST\")\"\n\n ## Let's see if we get something intelligible back from the unit\n if echo \"$response\" | grep \"\\\"$txtvalue\\\"\" >/dev/null; then\n _info \"Successfully updated the txt record\"\n return 0\n else\n _err \"Error encountered during record addition\"\n _err \"$response\"\n return 1\n fi\n\n}\n\n#################### Private functions below ##################################\n"
},
{
"path": "dnsapi/dns_active24.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_active24_info='Active24.cz\nSite: Active24.cz\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24\nOptions:\n Active24_ApiKey API Key. Called \"Identifier\" in the Active24 Admin\n Active24_ApiSecret API Secret. Called \"Secret key\" in the Active24 Admin\nIssues: github.com/acmesh-official/acme.sh/issues/2059\n'\n\nActive24_Api=\"https://rest.active24.cz\"\n# export Active24_ApiKey=ak48l3h7-ak5d-qn4t-p8gc-b6fs8c3l\n# export Active24_ApiSecret=ajvkeo3y82ndsu2smvxy3o36496dcascksldncsq\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_active24_add() {\n fulldomain=$1\n txtvalue=$2\n\n _active24_init\n\n _info \"Adding txt record\"\n if _active24_rest POST \"/v2/service/$_service_id/dns/record\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":300}\"; then\n if _contains \"$response\" \"error\"; then\n _err \"Add txt record error.\"\n return 1\n else\n _info \"Added, OK\"\n return 0\n fi\n fi\n\n _err \"Add txt record error.\"\n return 1\n}\n\n# Usage: fulldomain txtvalue\n# Used to remove the txt record after validation\ndns_active24_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _active24_init\n\n _debug \"Getting txt records\"\n # The API needs to send data in body in order the filter to work\n # TODO: web can also add content $txtvalue to filter and then get the id from response\n _active24_rest GET \"/v2/service/$_service_id/dns/record\" \"{\\\"page\\\":1,\\\"descending\\\":true,\\\"sortBy\\\":\\\"name\\\",\\\"rowsPerPage\\\":100,\\\"totalRecords\\\":0,\\\"filters\\\":{\\\"type\\\":[\\\"TXT\\\"],\\\"name\\\":\\\"${_sub_domain}\\\"}}\"\n #_active24_rest GET \"/v2/service/$_service_id/dns/record?rowsPerPage=100\"\n\n if _contains \"$response\" \"error\"; then\n _err \"Error\"\n return 1\n fi\n\n # Note: it might never be more than one record actually, NEEDS more INVESTIGATION\n record_ids=$(printf \"%s\" \"$response\" | _egrep_o \"[^{]+${txtvalue}[^}]+\" | _egrep_o '\"id\" *: *[^,]+' | cut -d ':' -f 2)\n _debug2 record_ids \"$record_ids\"\n\n for redord_id in $record_ids; do\n _debug \"Removing record_id\" \"$redord_id\"\n _debug \"txtvalue\" \"$txtvalue\"\n if _active24_rest DELETE \"/v2/service/$_service_id/dns/record/$redord_id\" \"\"; then\n if _contains \"$response\" \"error\"; then\n _err \"Unable to remove txt record.\"\n return 1\n else\n _info \"Removed txt record.\"\n return 0\n fi\n fi\n done\n\n _err \"No txt records found.\"\n return 1\n}\n\n_get_root() {\n domain=$1\n i=1\n p=1\n\n if ! _active24_rest GET \"/v1/user/self/service\"; then\n return 1\n fi\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug \"h\" \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"\\\"$h\\\"\" >/dev/null; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_active24_init() {\n Active24_ApiKey=\"${Active24_ApiKey:-$(_readaccountconf_mutable Active24_ApiKey)}\"\n Active24_ApiSecret=\"${Active24_ApiSecret:-$(_readaccountconf_mutable Active24_ApiSecret)}\"\n #Active24_ServiceId=\"${Active24_ServiceId:-$(_readaccountconf_mutable Active24_ServiceId)}\"\n\n if [ -z \"$Active24_ApiKey\" ] || [ -z \"$Active24_ApiSecret\" ]; then\n Active24_ApiKey=\"\"\n Active24_ApiSecret=\"\"\n _err \"You don't specify Active24 api key and ApiSecret yet.\"\n _err \"Please create your key and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable Active24_ApiKey \"$Active24_ApiKey\"\n _saveaccountconf_mutable Active24_ApiSecret \"$Active24_ApiSecret\"\n\n _debug \"A24 API CHECK\"\n if ! _active24_rest GET \"/v2/check\"; then\n _err \"A24 API check failed with: $response\"\n return 1\n fi\n\n if ! echo \"$response\" | tr -d \" \" | grep \\\"verified\\\":true >/dev/null; then\n _err \"A24 API check failed with: $response\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _active24_get_service_id \"$_domain\"\n _debug _service_id \"$_service_id\"\n}\n\n_active24_get_service_id() {\n _d=$1\n if ! _active24_rest GET \"/v1/user/self/zone/${_d}\"; then\n return 1\n else\n response=$(echo \"$response\" | _json_decode)\n _service_id=$(echo \"$response\" | _egrep_o '\"id\" *: *[^,]+' | cut -d ':' -f 2)\n fi\n}\n\n_active24_rest() {\n m=$1\n ep_qs=$2 # with query string\n # ep=$2\n ep=$(printf \"%s\" \"$ep_qs\" | cut -d '?' -f1) # no query string\n data=\"$3\"\n\n _debug \"A24 $ep\"\n _debug \"A24 $Active24_ApiKey\"\n _debug \"A24 $Active24_ApiSecret\"\n\n timestamp=$(_time)\n datez=$(date -u +\"%Y%m%dT%H%M%SZ\")\n canonicalRequest=\"${m} ${ep} ${timestamp}\"\n signature=$(printf \"%s\" \"$canonicalRequest\" | _hmac sha1 \"$(printf \"%s\" \"$Active24_ApiSecret\" | _hex_dump | tr -d \" \")\" hex)\n authorization64=\"$(printf \"%s:%s\" \"$Active24_ApiKey\" \"$signature\" | _base64)\"\n\n export _H1=\"Date: ${datez}\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Content-Type: application/json\"\n export _H4=\"Authorization: Basic ${authorization64}\"\n\n _debug2 H1 \"$_H1\"\n _debug2 H2 \"$_H2\"\n _debug2 H3 \"$_H3\"\n _debug2 H4 \"$_H4\"\n\n # _sleep 1\n\n if [ \"$m\" != \"GET\" ]; then\n _debug2 \"${m} $Active24_Api${ep_qs}\"\n _debug \"data\" \"$data\"\n response=\"$(_post \"$data\" \"$Active24_Api${ep_qs}\" \"\" \"$m\" \"application/json\")\"\n else\n if [ -z \"$data\" ]; then\n _debug2 \"GET $Active24_Api${ep_qs}\"\n response=\"$(_get \"$Active24_Api${ep_qs}\")\"\n else\n _debug2 \"GET $Active24_Api${ep_qs} with data: ${data}\"\n response=\"$(_post \"$data\" \"$Active24_Api${ep_qs}\" \"\" \"$m\" \"application/json\")\"\n fi\n fi\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_ad.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ad_info='AlwaysData.com\nSite: AlwaysData.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ad\nOptions:\n AD_API_KEY API Key\nIssues: github.com/acmesh-official/acme.sh/pull/503\nAuthor: Paul Koppen\n'\n\nAD_API_URL=\"https://$AD_API_KEY:@api.alwaysdata.com/v1\"\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_ad_add() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$AD_API_KEY\" ]; then\n AD_API_KEY=\"\"\n _err \"You didn't specify the AD api key yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n _saveaccountconf AD_API_KEY \"$AD_API_KEY\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _ad_tmpl_json=\"{\\\"domain\\\":$_domain_id,\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"value\\\":\\\"$txtvalue\\\"}\"\n\n if _ad_rest POST \"record/\" \"$_ad_tmpl_json\" && [ -z \"$response\" ]; then\n _info \"txt record updated success.\"\n return 0\n fi\n\n return 1\n}\n\n#fulldomain txtvalue\ndns_ad_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _ad_rest GET \"record/?domain=$_domain_id&name=$_sub_domain\"\n\n if [ -n \"$response\" ]; then\n record_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":\\s*[0-9]+\" | cut -d : -f 2 | tr -d \" \" | _head_n 1)\n _debug record_id \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if _ad_rest DELETE \"record/$record_id/\" && [ -z \"$response\" ]; then\n _info \"txt record deleted success.\"\n return 0\n fi\n _debug response \"$response\"\n return 1\n fi\n\n return 1\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=12345\n_get_root() {\n domain=$1\n i=2\n p=1\n\n if _ad_rest GET \"domain/\"; then\n response=\"$(echo \"$response\" | tr -d \"\\n\" | sed 's/{/\\n&/g')\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n hostedzone=\"$(echo \"$response\" | _egrep_o \"{.*\\\"name\\\":\\s*\\\"$h\\\".*}\")\"\n if [ \"$hostedzone\" ]; then\n _domain_id=$(printf \"%s\\n\" \"$hostedzone\" | _egrep_o \"\\\"id\\\":\\s*[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n fi\n return 1\n}\n\n#method uri qstr data\n_ad_rest() {\n mtd=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n\n _debug mtd \"$mtd\"\n _debug ep \"$ep\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$mtd\" != \"GET\" ]; then\n # both POST and DELETE.\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$AD_API_URL/$ep\" \"\" \"$mtd\")\"\n else\n response=\"$(_get \"$AD_API_URL/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_ali.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ali_info='AlibabaCloud.com\nDomains: Aliyun.com\nSite: AlibabaCloud.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali\nOptions:\n Ali_Key API Key\n Ali_Secret API Secret\n'\n\n# NOTICE:\n# This file is referenced by Alibaba Cloud Services deploy hooks\n# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276\n# Be careful when modifying this file, especially when making breaking changes for common functions\n\nAli_DNS_API=\"https://alidns.aliyuncs.com/\"\n\n#Usage: dns_ali_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_ali_add() {\n fulldomain=$1\n txtvalue=$2\n\n _prepare_ali_credentials || return 1\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n\n _debug \"Add record\"\n _add_record_query \"$_domain\" \"$_sub_domain\" \"$txtvalue\" && _ali_rest \"Add record\"\n}\n\ndns_ali_rm() {\n fulldomain=$1\n txtvalue=$2\n Ali_Key=\"${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}\"\n Ali_Secret=\"${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n\n _clean\n}\n\n#################### Alibaba Cloud common functions below ####################\n\n_prepare_ali_credentials() {\n Ali_Key=\"${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}\"\n Ali_Secret=\"${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}\"\n if [ -z \"$Ali_Key\" ] || [ -z \"$Ali_Secret\" ]; then\n Ali_Key=\"\"\n Ali_Secret=\"\"\n _err \"You don't specify aliyun api key and secret yet.\"\n return 1\n fi\n\n #save the api key and secret to the account conf file.\n _saveaccountconf_mutable Ali_Key \"$Ali_Key\"\n _saveaccountconf_mutable Ali_Secret \"$Ali_Secret\"\n}\n\n# act ign mtd\n_ali_rest() {\n act=\"$1\"\n ign=\"$2\"\n mtd=\"${3:-GET}\"\n\n signature=$(printf \"%s\" \"$mtd&%2F&$(printf \"%s\" \"$query\" | _url_encode upper-hex)\" | _hmac \"sha1\" \"$(printf \"%s\" \"$Ali_Secret&\" | _hex_dump | tr -d \" \")\" | _base64)\n signature=$(printf \"%s\" \"$signature\" | _url_encode upper-hex)\n url=\"$endpoint?Signature=$signature\"\n\n if [ \"$mtd\" = \"GET\" ]; then\n url=\"$url&$query\"\n response=\"$(_get \"$url\")\"\n else\n response=\"$(_post \"$query\" \"$url\" \"\" \"$mtd\" \"application/x-www-form-urlencoded\")\"\n fi\n\n _ret=\"$?\"\n _debug2 response \"$response\"\n if [ \"$_ret\" != \"0\" ]; then\n _err \"Error <$act>\"\n return 1\n fi\n\n if [ -z \"$ign\" ]; then\n message=\"$(echo \"$response\" | _egrep_o \"\\\"Message\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\")\"\n if [ \"$message\" ]; then\n _err \"$message\"\n return 1\n fi\n fi\n}\n\n_ali_nonce() {\n if [ \"$ACME_OPENSSL_BIN\" ]; then\n \"$ACME_OPENSSL_BIN\" rand -hex 16 2>/dev/null && return 0\n fi\n printf \"%s\" \"$(date +%s)$$$(date +%N)\" | _digest sha256 hex | cut -c 1-32\n}\n\n_ali_timestamp() {\n date -u +\"%Y-%m-%dT%H%%3A%M%%3A%SZ\"\n}\n\n#################### Private functions below ####################\n\n_get_root() {\n domain=$1\n i=1\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n _describe_records_query \"$h\"\n if ! _ali_rest \"Get root\" \"ignore\"; then\n return 1\n fi\n\n if _contains \"$response\" \"PageNumber\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _debug _sub_domain \"$_sub_domain\"\n _domain=\"$h\"\n _debug _domain \"$_domain\"\n return 0\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_check_exist_query() {\n _qdomain=\"$1\"\n _qsubdomain=\"$2\"\n endpoint=$Ali_DNS_API\n query=''\n query=$query'AccessKeyId='$Ali_Key\n query=$query'&Action=DescribeDomainRecords'\n query=$query'&DomainName='$_qdomain\n query=$query'&Format=json'\n query=$query'&RRKeyWord='$_qsubdomain\n query=$query'&SignatureMethod=HMAC-SHA1'\n query=$query\"&SignatureNonce=$(_ali_nonce)\"\n query=$query'&SignatureVersion=1.0'\n query=$query'&Timestamp='$(_ali_timestamp)\n query=$query'&TypeKeyWord=TXT'\n query=$query'&Version=2015-01-09'\n}\n\n_add_record_query() {\n endpoint=$Ali_DNS_API\n query=''\n query=$query'AccessKeyId='$Ali_Key\n query=$query'&Action=AddDomainRecord'\n query=$query'&DomainName='$1\n query=$query'&Format=json'\n query=$query'&RR='$2\n query=$query'&SignatureMethod=HMAC-SHA1'\n query=$query\"&SignatureNonce=$(_ali_nonce)\"\n query=$query'&SignatureVersion=1.0'\n query=$query'&Timestamp='$(_ali_timestamp)\n query=$query'&Type=TXT'\n query=$query'&Value='$3\n query=$query'&Version=2015-01-09'\n}\n\n_delete_record_query() {\n endpoint=$Ali_DNS_API\n query=''\n query=$query'AccessKeyId='$Ali_Key\n query=$query'&Action=DeleteDomainRecord'\n query=$query'&Format=json'\n query=$query'&RecordId='$1\n query=$query'&SignatureMethod=HMAC-SHA1'\n query=$query\"&SignatureNonce=$(_ali_nonce)\"\n query=$query'&SignatureVersion=1.0'\n query=$query'&Timestamp='$(_ali_timestamp)\n query=$query'&Version=2015-01-09'\n}\n\n_describe_records_query() {\n endpoint=$Ali_DNS_API\n query=''\n query=$query'AccessKeyId='$Ali_Key\n query=$query'&Action=DescribeDomainRecords'\n query=$query'&DomainName='$1\n query=$query'&Format=json'\n query=$query'&SignatureMethod=HMAC-SHA1'\n query=$query\"&SignatureNonce=$(_ali_nonce)\"\n query=$query'&SignatureVersion=1.0'\n query=$query'&Timestamp='$(_ali_timestamp)\n query=$query'&Version=2015-01-09'\n}\n\n_clean() {\n _check_exist_query \"$_domain\" \"$_sub_domain\"\n # do not correct grammar here\n if ! _ali_rest \"Check exist records\" \"ignore\"; then\n return 1\n fi\n\n record_id=\"$(echo \"$response\" | tr '{' \"\\n\" | grep \"$_sub_domain\" | grep -- \"$txtvalue\" | tr \",\" \"\\n\" | grep RecordId | cut -d '\"' -f 4)\"\n _debug2 record_id \"$record_id\"\n\n if [ -z \"$record_id\" ]; then\n _debug \"record not found, skip\"\n else\n _delete_record_query \"$record_id\"\n _ali_rest \"Delete record $record_id\" \"ignore\"\n fi\n\n}\n"
},
{
"path": "dnsapi/dns_alviy.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_alviy_info='Alviy.com\nSite: Alviy.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_alviy\nOptions:\n Alviy_token API token. Get it from the https://cloud.alviy.com/token\nIssues: github.com/acmesh-official/acme.sh/issues/5115\n'\n\nAlviy_Api=\"https://cloud.alviy.com/api/v1\"\n\n######## Public functions #####################\n\n#Usage: dns_alviy_add _acme-challenge.www.domain.com \"content\"\ndns_alviy_add() {\n fulldomain=$1\n txtvalue=$2\n\n Alviy_token=\"${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}\"\n if [ -z \"$Alviy_token\" ]; then\n Alviy_token=\"\"\n _err \"Please specify Alviy token.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable Alviy_token \"$Alviy_token\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting existing records\"\n if _alviy_txt_exists \"$_domain\" \"$fulldomain\" \"$txtvalue\"; then\n _info \"This record already exists, skipping\"\n return 0\n fi\n\n _add_data=\"{\\\"content\\\":\\\"$txtvalue\\\",\\\"type\\\":\\\"TXT\\\"}\"\n _debug2 _add_data \"$_add_data\"\n _info \"Adding record\"\n if _alviy_rest POST \"zone/$_domain/domain/$fulldomain/\" \"$_add_data\"; then\n _debug \"Checking updated records of '${fulldomain}'\"\n\n if ! _alviy_txt_exists \"$_domain\" \"$fulldomain\" \"$txtvalue\"; then\n _err \"TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!\"\n return 1\n fi\n\n else\n _err \"Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set.\"\n return 1\n fi\n\n _sleep 10\n _info \"Added TXT record '${txtvalue}' for '${fulldomain}'.\"\n return 0\n}\n\n#fulldomain\ndns_alviy_rm() {\n fulldomain=$1\n txtvalue=$2\n\n Alviy_token=\"${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if ! _alviy_txt_exists \"$_domain\" \"$fulldomain\" \"$txtvalue\"; then\n _info \"The record does not exist, skip\"\n return 0\n fi\n\n _add_data=\"\"\n uuid=$(echo \"$response\" | tr \"{\" \"\\n\" | grep \"$txtvalue\" | tr \",\" \"\\n\" | grep uuid | cut -d \\\" -f4)\n # delete record\n _debug \"Delete TXT record for '${fulldomain}'\"\n if ! _alviy_rest DELETE \"zone/$_domain/record/$uuid\" \"{\\\"confirm\\\":1}\"; then\n _err \"Cannot delete empty TXT record for '$fulldomain'\"\n return 1\n fi\n _info \"The record '$fulldomain'='$txtvalue' deleted\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=3\n a=\"init\"\n while [ -n \"$a\" ]; do\n a=$(printf \"%s\" \"$domain\" | cut -d . -f $i-)\n i=$((i + 1))\n done\n n=$((i - 3))\n h=$(printf \"%s\" \"$domain\" | cut -d . -f $n-)\n if [ -z \"$h\" ]; then\n #not valid\n _alviy_rest GET \"zone/$domain/\"\n _debug \"can't get host from $domain\"\n return 1\n fi\n\n if ! _alviy_rest GET \"zone/$h/\"; then\n return 1\n fi\n\n if _contains \"$response\" '\"code\":\"NOT_FOUND\"'; then\n _debug \"$h not found\"\n else\n s=$((n - 1))\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f -$s)\n _domain=\"$h\"\n return 0\n fi\n return 1\n}\n\n_alviy_txt_exists() {\n zone=$1\n domain=$2\n content_data=$3\n _debug \"Getting existing records\"\n\n if ! _alviy_rest GET \"zone/$zone/domain/$domain/TXT/\"; then\n _info \"The record does not exist\"\n return 1\n fi\n\n if ! _contains \"$response\" \"$3\"; then\n _info \"The record has other value\"\n return 1\n fi\n # GOOD code return - TRUE function\n return 0\n}\n\n_alviy_rest() {\n method=$1\n path=\"$2\"\n content_data=\"$3\"\n _debug \"$path\"\n\n export _H1=\"Authorization: Bearer $Alviy_token\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$content_data\" ] || [ \"$method\" = \"DELETE\" ]; then\n _debug \"data ($method): \" \"$content_data\"\n response=\"$(_post \"$content_data\" \"$Alviy_Api/$path\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$Alviy_Api/$path\")\"\n fi\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n if [ \"$_code\" = \"401\" ]; then\n _err \"It seems that your api key or secret is not correct.\"\n return 1\n fi\n\n if [ \"$_code\" != \"200\" ]; then\n _err \"API call error ($method): $path Response code $_code\"\n fi\n if [ \"$?\" != \"0\" ]; then\n _err \"error on rest call ($method): $path. Response:\"\n _err \"$response\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_anx.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_anx_info='Anexia.com CloudDNS\nSite: Anexia.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_anx\nOptions:\n ANX_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/3238\n'\n\nANX_API='https://engine.anexia-it.com/api/clouddns/v1'\n\n######## Public functions #####################\n\ndns_anx_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using ANX CDNS API\"\n\n ANX_Token=\"${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if [ \"$ANX_Token\" ]; then\n _saveaccountconf_mutable ANX_Token \"$ANX_Token\"\n else\n _err \"You didn't specify a ANEXIA Engine API token.\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n # Always add records, wildcard need two records with the same name\n _anx_rest POST \"zone.json/${_domain}/records\" \"{\\\"name\\\":\\\"$_sub_domain\\\",\\\"type\\\":\\\"TXT\\\",\\\"rdata\\\":\\\"$txtvalue\\\"}\"\n if _contains \"$response\" \"$txtvalue\"; then\n return 0\n else\n return 1\n fi\n}\n\ndns_anx_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using ANX CDNS API\"\n\n ANX_Token=\"${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}\"\n\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _get_record_id\n\n if _is_uuid \"$_record_id\"; then\n if ! _anx_rest DELETE \"zone.json/${_domain}/records/$_record_id\"; then\n _err \"Delete record\"\n return 1\n fi\n else\n _info \"No record found.\"\n fi\n echo \"$response\" | tr -d \" \" | grep \\\"status\\\":\\\"OK\\\" >/dev/null\n}\n\n#################### Private functions below ##################################\n\n_is_uuid() {\n pattern='^\\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\\}?$'\n if echo \"$1\" | _egrep_o \"$pattern\" >/dev/null; then\n return 0\n fi\n return 1\n}\n\n_get_record_id() {\n _debug subdomain \"$_sub_domain\"\n _debug domain \"$_domain\"\n\n if _anx_rest GET \"zone.json/${_domain}/records?name=$_sub_domain&type=TXT\"; then\n _debug response \"$response\"\n if _contains \"$response\" \"\\\"name\\\":\\\"$_sub_domain\\\"\" >/dev/null; then\n _record_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\[.\\\"identifier\\\":\\\"[^\\\"]*\\\"\" | head -n 1 | cut -d : -f 2 | tr -d \\\")\n else\n _record_id=''\n fi\n else\n _err \"Search existing record\"\n fi\n}\n\n_anx_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: Token $ANX_Token\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"${ANX_API}/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"${ANX_API}/$ep\")\"\n fi\n\n # shellcheck disable=SC2181\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug response \"$response\"\n return 0\n}\n\n_get_root() {\n domain=$1\n i=1\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n _anx_rest GET \"zone.json/${h}\"\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n"
},
{
"path": "dnsapi/dns_artfiles.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_artfiles_info='ArtFiles.de\nSite: ArtFiles.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_artfiles\nOptions:\n AF_API_USERNAME API Username\n AF_API_PASSWORD API Password\nIssues: github.com/acmesh-official/acme.sh/issues/4718\nAuthor: Martin Arndt \n'\n\n########## API configuration ###################################################\n\nAF_API_SUCCESS='status\":\"OK'\nAF_URL_DCP='https://dcp.c.artfiles.de/api/'\nAF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain='\nAF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html'\n\n########## Public functions ####################################################\n\n# Adds a new TXT record for given ACME challenge value & domain.\n# Usage: dns_artfiles_add _acme-challenge.www.example.com \"ACME challenge value\"\ndns_artfiles_add() {\n domain=\"$1\"\n txtValue=\"$2\"\n _info 'Using ArtFiles.de DNS addition API…'\n _debug 'Domain' \"$domain\"\n _debug 'txtValue' \"$txtValue\"\n\n _set_credentials\n _saveaccountconf_mutable 'AF_API_USERNAME' \"$AF_API_USERNAME\"\n _saveaccountconf_mutable 'AF_API_PASSWORD' \"$AF_API_PASSWORD\"\n\n _set_headers\n _get_zone \"$domain\"\n _dns 'GET'\n if ! _contains \"$response\" 'TXT'; then\n _err 'Retrieving TXT records failed.'\n\n return 1\n fi\n\n _clean_records\n _dns 'SET' \"$(printf -- '%s\\n_acme-challenge \"%s\"' \"$response\" \"$txtValue\")\"\n if ! _contains \"$response\" \"$AF_API_SUCCESS\"; then\n _err 'Adding ACME challenge value failed.'\n\n return 1\n fi\n}\n\n# Removes the existing TXT record for given ACME challenge value & domain.\n# Usage: dns_artfiles_rm _acme-challenge.www.example.com \"ACME challenge value\"\ndns_artfiles_rm() {\n domain=\"$1\"\n txtValue=\"$2\"\n _info 'Using ArtFiles.de DNS removal API…'\n _debug 'Domain' \"$domain\"\n _debug 'txtValue' \"$txtValue\"\n\n _set_credentials\n _set_headers\n _get_zone \"$domain\"\n if ! _dns 'GET'; then\n return 1\n fi\n\n if ! _contains \"$response\" \"$txtValue\"; then\n _err 'Retrieved TXT records are missing given ACME challenge value.'\n\n return 1\n fi\n\n _clean_records\n response=\"$(printf -- '%s' \"$response\" | sed '/_acme-challenge \"'\"$txtValue\"'\"/d')\"\n _dns 'SET' \"$response\"\n if ! _contains \"$response\" \"$AF_API_SUCCESS\"; then\n _err 'Removing ACME challenge value failed.'\n\n return 1\n fi\n}\n\n########## Private functions ###################################################\n\n# Cleans awful TXT records response of ArtFiles's API & pretty prints it.\n# Usage: _clean_records\n_clean_records() {\n _info 'Cleaning TXT records…'\n # Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid\n # usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\\'\n # from '\\\"' & turn '\\n' into real LF characters.\n # Yup, awful API to use - but that's all we got to get this working, so… ;)\n _debug2 'Raw ' \"$response\"\n response=\"$(printf -- '%s' \"$response\" | sed 's/^.*TXT\":\"\\([^}]*\\).*$/\\1/;s/,\".*$//;s/.$//;s/\\\\\"/\"/g;s/\\\\n/\\n/g')\"\n _debug2 'Clean' \"$response\"\n}\n\n# Executes an HTTP GET or POST request for getting or setting DNS records,\n# containing given payload upon POST.\n# Usage: _dns [GET | SET] [payload]\n_dns() {\n _info 'Executing HTTP request…'\n action=\"$1\"\n payload=\"$(printf -- '%s' \"$2\" | _url_encode)\"\n url=\"$(printf -- '%s%s' \"$AF_URL_DNS\" \"$domain\" | sed 's/{\\*}/'\"$(printf -- '%s' \"$action\" | _lower_case)\"'/')\"\n\n if [ \"$action\" = 'SET' ]; then\n _debug2 'Payload' \"$payload\"\n response=\"$(_post '' \"$url&TXT=$payload\" '' 'POST' 'application/x-www-form-urlencoded')\"\n else\n response=\"$(_get \"$url\" '' 10)\"\n fi\n\n if ! _contains \"$response\" \"$AF_API_SUCCESS\"; then\n _err \"DNS API error: $response\"\n\n return 1\n fi\n\n _debug 'Response' \"$response\"\n\n return 0\n}\n\n# Gets the root domain zone for given domain.\n# Usage: _get_zone _acme-challenge.www.example.com\n_get_zone() {\n fqdn=\"$1\"\n domains=\"$(_get \"$AF_URL_DOMAINS\" '' 10)\"\n _info 'Getting domain zone…'\n _debug2 'FQDN' \"$fqdn\"\n _debug2 'Domains' \"$domains\"\n\n while _contains \"$fqdn\" \".\"; do\n if _contains \"$domains\" \"$fqdn\"; then\n domain=\"$fqdn\"\n _info \"Found root domain zone: $domain\"\n break\n else\n fqdn=\"${fqdn#*.}\"\n _debug2 'FQDN' \"$fqdn\"\n fi\n done\n\n if [ \"$domain\" = \"$fqdn\" ]; then\n return 0\n fi\n\n _err 'Couldn'\\''t find root domain zone.'\n\n return 1\n}\n\n# Sets the credentials for accessing ArtFiles's API\n# Usage: _set_credentials\n_set_credentials() {\n _info 'Setting credentials…'\n AF_API_USERNAME=\"${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}\"\n AF_API_PASSWORD=\"${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}\"\n if [ -z \"$AF_API_USERNAME\" ] || [ -z \"$AF_API_PASSWORD\" ]; then\n _err 'Missing ArtFiles.de username and/or password.'\n _err 'Please ensure both are set via export command & try again.'\n\n return 1\n fi\n}\n\n# Adds the HTTP Authorization & Content-Type headers to a follow-up request.\n# Usage: _set_headers\n_set_headers() {\n _info 'Setting headers…'\n encoded=\"$(printf -- '%s:%s' \"$AF_API_USERNAME\" \"$AF_API_PASSWORD\" | _base64)\"\n export _H1=\"Authorization: Basic $encoded\"\n export _H2='Content-Type: application/json'\n}\n"
},
{
"path": "dnsapi/dns_arvan.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_arvan_info='ArvanCloud.ir\nSite: ArvanCloud.ir\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_arvan\nOptions:\n Arvan_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/2796\nAuthor: Vahid Fardi\n'\n\nARVAN_API_URL=\"https://napi.arvancloud.ir/cdn/4.0/domains\"\n\n######## Public functions #####################\n\n#Usage: dns_arvan_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_arvan_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using Arvan\"\n\n Arvan_Token=\"${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}\"\n\n if [ -z \"$Arvan_Token\" ]; then\n _err \"You didn't specify \\\"Arvan_Token\\\" token yet.\"\n _err \"You can get yours from here https://npanel.arvancloud.ir/profile/api-keys\"\n return 1\n fi\n #save the api token to the account conf file.\n _saveaccountconf_mutable Arvan_Token \"$Arvan_Token\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n if _arvan_rest POST \"$_domain/dns-records\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"value\\\":{\\\"text\\\":\\\"$txtvalue\\\"},\\\"ttl\\\":120}\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"response id is $response\"\n _info \"Added, OK\"\n return 0\n elif _contains \"$response\" \"Record Data is duplicate\"; then\n _info \"Already exists, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_arvan_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using Arvan\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n Arvan_Token=\"${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _arvan_rest GET \"${_domain}/dns-records\"\n if ! printf \"%s\" \"$response\" | grep \\\"current_page\\\":1 >/dev/null; then\n _err \"Error on Arvan Api\"\n _err \"Please create a github issue with debbug log\"\n return 1\n fi\n\n _record_id=$(echo \"$response\" | _egrep_o \".\\\"id\\\":\\\"[^\\\"]*\\\",\\\"type\\\":\\\"txt\\\",\\\"name\\\":\\\"_acme-challenge\\\",\\\"value\\\":{\\\"text\\\":\\\"$txtvalue\\\"}\" | cut -d : -f 2 | cut -d , -f 1 | tr -d \\\")\n if ! _arvan_rest \"DELETE\" \"${_domain}/dns-records/${_record_id}\"; then\n _err \"Error on Arvan Api\"\n return 1\n fi\n _debug \"$response\"\n _contains \"$response\" 'dns record deleted'\n return 0\n}\n\n#################### Private functions below ##################################\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _arvan_rest GET \"$h\"; then\n return 1\n fi\n if _contains \"$response\" \"\\\"domain\\\":\\\"$h\\\"\"; then\n _domain_id=$(echo \"$response\" | cut -d : -f 3 | cut -d , -f 1 | tr -d \\\")\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_arvan_rest() {\n mtd=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n\n token_trimmed=$(echo \"$Arvan_Token\" | tr -d '\"')\n export _H1=\"Authorization: $token_trimmed\"\n\n if [ \"$mtd\" = \"DELETE\" ]; then\n #DELETE Request shouldn't have Content-Type\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$ARVAN_API_URL/$ep\" \"\" \"$mtd\")\"\n elif [ \"$mtd\" = \"POST\" ]; then\n export _H2=\"Content-Type: application/json\"\n export _H3=\"Accept: application/json\"\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$ARVAN_API_URL/$ep\" \"\" \"$mtd\")\"\n else\n response=\"$(_get \"$ARVAN_API_URL/$ep$data\")\"\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_aurora.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_aurora_info='versio.nl AuroraDNS\nDomains: pcextreme.nl\nSite: versio.nl\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_aurora\nOptions:\n AURORA_Key API Key\n AURORA_Secret API Secret\nIssues: github.com/acmesh-official/acme.sh/issues/3459\nAuthor: Jasper Zonneveld\n'\n\nAURORA_Api=\"https://api.auroradns.eu\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_aurora_add() {\n fulldomain=$1\n txtvalue=$2\n\n AURORA_Key=\"${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}\"\n AURORA_Secret=\"${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}\"\n\n if [ -z \"$AURORA_Key\" ] || [ -z \"$AURORA_Secret\" ]; then\n AURORA_Key=\"\"\n AURORA_Secret=\"\"\n _err \"You didn't specify an Aurora api key and secret yet.\"\n _err \"You can get yours from here https://cp.pcextreme.nl/auroradns/users.\"\n return 1\n fi\n\n #save the api key and secret to the account conf file.\n _saveaccountconf_mutable AURORA_Key \"$AURORA_Key\"\n _saveaccountconf_mutable AURORA_Secret \"$AURORA_Secret\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n if _aurora_rest POST \"zones/$_domain_id/records\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":300}\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n return 0\n elif _contains \"$response\" \"RecordExistsError\"; then\n _info \"Already exists, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n\n}\n\n#fulldomain txtvalue\ndns_aurora_rm() {\n fulldomain=$1\n txtvalue=$2\n\n AURORA_Key=\"${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}\"\n AURORA_Secret=\"${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting records\"\n _aurora_rest GET \"zones/${_domain_id}/records\"\n\n if ! _contains \"$response\" \"$txtvalue\"; then\n _info \"Don't need to remove.\"\n else\n records=$(echo \"$response\" | _normalizeJson | tr -d \"[]\" | sed \"s/},{/}|{/g\" | tr \"|\" \"\\n\")\n if [ \"$(echo \"$records\" | wc -l)\" -le 2 ]; then\n _err \"Can not parse records.\"\n return 1\n fi\n record_id=$(echo \"$records\" | grep \"\\\"type\\\": *\\\"TXT\\\"\" | grep \"\\\"name\\\": *\\\"$_sub_domain\\\"\" | grep \"\\\"content\\\": *\\\"$txtvalue\\\"\" | _egrep_o \"\\\"id\\\": *\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\" | _head_n 1 | tr -d \" \")\n _debug \"record_id\" \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if ! _aurora_rest DELETE \"zones/$_domain_id/records/$record_id\"; then\n _err \"Delete record error.\"\n return 1\n fi\n fi\n return 0\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=1\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _aurora_rest GET \"zones/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\": \\\"$h\\\"\"; then\n _domain_id=$(echo \"$response\" | _normalizeJson | tr -d \"{}\" | tr \",\" \"\\n\" | grep \"\\\"id\\\": *\\\"\" | cut -d : -f 2 | tr -d \\\" | _head_n 1 | tr -d \" \")\n _debug _domain_id \"$_domain_id\"\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_aurora_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n key_trimmed=$(echo \"$AURORA_Key\" | tr -d '\"')\n secret_trimmed=$(echo \"$AURORA_Secret\" | tr -d '\"')\n\n timestamp=$(date -u +\"%Y%m%dT%H%M%SZ\")\n signature=$(printf \"%s/%s%s\" \"$m\" \"$ep\" \"$timestamp\" | _hmac sha256 \"$(printf \"%s\" \"$secret_trimmed\" | _hex_dump | tr -d \" \")\" | _base64)\n authorization=$(printf \"AuroraDNSv1 %s\" \"$(printf \"%s:%s\" \"$key_trimmed\" \"$signature\" | _base64)\")\n\n export _H1=\"Content-Type: application/json; charset=UTF-8\"\n export _H2=\"X-AuroraDNS-Date: $timestamp\"\n export _H3=\"Authorization: $authorization\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$AURORA_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$AURORA_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_autodns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_autodns_info='InternetX autoDNS\n InternetX autoDNS XML API\nSite: InternetX.com/autodns/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_autodns\nOptions:\n AUTODNS_USER Username\n AUTODNS_PASSWORD Password\n AUTODNS_CONTEXT Context\nAuthor: \n'\n\nAUTODNS_API=\"https://gateway.autodns.com\"\n\n# Arguments:\n# txtdomain\n# txt\ndns_autodns_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n AUTODNS_USER=\"${AUTODNS_USER:-$(_readaccountconf_mutable AUTODNS_USER)}\"\n AUTODNS_PASSWORD=\"${AUTODNS_PASSWORD:-$(_readaccountconf_mutable AUTODNS_PASSWORD)}\"\n AUTODNS_CONTEXT=\"${AUTODNS_CONTEXT:-$(_readaccountconf_mutable AUTODNS_CONTEXT)}\"\n\n if [ -z \"$AUTODNS_USER\" ] || [ -z \"$AUTODNS_CONTEXT\" ] || [ -z \"$AUTODNS_PASSWORD\" ]; then\n _err \"You don't specify autodns user, password and context.\"\n return 1\n fi\n\n _saveaccountconf_mutable AUTODNS_USER \"$AUTODNS_USER\"\n _saveaccountconf_mutable AUTODNS_PASSWORD \"$AUTODNS_PASSWORD\"\n _saveaccountconf_mutable AUTODNS_CONTEXT \"$AUTODNS_CONTEXT\"\n\n _debug \"First detect the root zone\"\n\n if ! _get_autodns_zone \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _zone \"$_zone\"\n _debug _system_ns \"$_system_ns\"\n\n _info \"Adding TXT record\"\n\n autodns_response=\"$(_autodns_zone_update \"$_zone\" \"$_sub_domain\" \"$txtvalue\" \"$_system_ns\")\"\n\n if [ \"$?\" -eq \"0\" ]; then\n _info \"Added, OK\"\n return 0\n fi\n\n return 1\n}\n\n# Arguments:\n# txtdomain\n# txt\ndns_autodns_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n AUTODNS_USER=\"${AUTODNS_USER:-$(_readaccountconf_mutable AUTODNS_USER)}\"\n AUTODNS_PASSWORD=\"${AUTODNS_PASSWORD:-$(_readaccountconf_mutable AUTODNS_PASSWORD)}\"\n AUTODNS_CONTEXT=\"${AUTODNS_CONTEXT:-$(_readaccountconf_mutable AUTODNS_CONTEXT)}\"\n\n if [ -z \"$AUTODNS_USER\" ] || [ -z \"$AUTODNS_CONTEXT\" ] || [ -z \"$AUTODNS_PASSWORD\" ]; then\n _err \"You don't specify autodns user, password and context.\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n\n if ! _get_autodns_zone \"$fulldomain\"; then\n _err \"zone not found\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _zone \"$_zone\"\n _debug _system_ns \"$_system_ns\"\n\n _info \"Delete TXT record\"\n\n autodns_response=\"$(_autodns_zone_cleanup \"$_zone\" \"$_sub_domain\" \"$txtvalue\" \"$_system_ns\")\"\n\n if [ \"$?\" -eq \"0\" ]; then\n _info \"Deleted, OK\"\n return 0\n fi\n\n return 1\n}\n\n#################### Private functions below ##################################\n\n# Arguments:\n# fulldomain\n# Returns:\n# _sub_domain=_acme-challenge.www\n# _zone=domain.com\n# _system_ns\n_get_autodns_zone() {\n domain=\"$1\"\n\n i=2\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n\n if [ -z \"$h\" ]; then\n # not valid\n return 1\n fi\n\n autodns_response=\"$(_autodns_zone_inquire \"$h\")\"\n\n if [ \"$?\" -ne \"0\" ]; then\n _err \"invalid domain\"\n return 1\n fi\n\n if _contains \"$autodns_response\" \"1\" >/dev/null; then\n _zone=\"$(echo \"$autodns_response\" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)\"\n _system_ns=\"$(echo \"$autodns_response\" | _egrep_o '[^<]*' | cut -d '>' -f 2 | cut -d '<' -f 1)\"\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n return 0\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n_build_request_auth_xml() {\n printf \"\n %s\n %s\n %s\n \" \"$AUTODNS_USER\" \"$AUTODNS_PASSWORD\" \"$AUTODNS_CONTEXT\"\n}\n\n# Arguments:\n# zone\n_build_zone_inquire_xml() {\n printf \"\n \n %s\n \n 0205\n \n 1\n 1\n \n \n name\n eq\n %s\n \n \n \" \"$(_build_request_auth_xml)\" \"$1\"\n}\n\n# Arguments:\n# zone\n# subdomain\n# txtvalue\n# system_ns\n_build_zone_update_xml() {\n printf \"\n \n %s\n \n 0202001\n \n \n %s\n 600\n TXT\n %s\n \n \n \n %s\n %s\n \n \n \" \"$(_build_request_auth_xml)\" \"$2\" \"$3\" \"$1\" \"$4\"\n}\n\n# Arguments:\n# zone\n_autodns_zone_inquire() {\n request_data=\"$(_build_zone_inquire_xml \"$1\")\"\n autodns_response=\"$(_autodns_api_call \"$request_data\")\"\n ret=\"$?\"\n\n printf \"%s\" \"$autodns_response\"\n return \"$ret\"\n}\n\n# Arguments:\n# zone\n# subdomain\n# txtvalue\n# system_ns\n_autodns_zone_update() {\n request_data=\"$(_build_zone_update_xml \"$1\" \"$2\" \"$3\" \"$4\")\"\n autodns_response=\"$(_autodns_api_call \"$request_data\")\"\n ret=\"$?\"\n\n printf \"%s\" \"$autodns_response\"\n return \"$ret\"\n}\n\n# Arguments:\n# zone\n# subdomain\n# txtvalue\n# system_ns\n_autodns_zone_cleanup() {\n request_data=\"$(_build_zone_update_xml \"$1\" \"$2\" \"$3\" \"$4\")\"\n # replace 'rr_add>' with 'rr_rem>' in request_data\n request_data=\"$(printf -- \"%s\" \"$request_data\" | sed 's/rr_add>/rr_rem>/g')\"\n autodns_response=\"$(_autodns_api_call \"$request_data\")\"\n ret=\"$?\"\n\n printf \"%s\" \"$autodns_response\"\n return \"$ret\"\n}\n\n# Arguments:\n# request_data\n_autodns_api_call() {\n request_data=\"$1\"\n\n _debug request_data \"$request_data\"\n\n autodns_response=\"$(_post \"$request_data\" \"$AUTODNS_API\")\"\n ret=\"$?\"\n\n _debug autodns_response \"$autodns_response\"\n\n if [ \"$ret\" -ne \"0\" ]; then\n _err \"error\"\n return 1\n fi\n\n if _contains \"$autodns_response\" \"success\" >/dev/null; then\n _info \"success\"\n printf \"%s\" \"$autodns_response\"\n return 0\n fi\n\n return 1\n}\n"
},
{
"path": "dnsapi/dns_aws.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_aws_info='Amazon AWS Route53 domain API\nSite: docs.aws.amazon.com/route53/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_aws\nOptions:\n AWS_ACCESS_KEY_ID API Key ID\n AWS_SECRET_ACCESS_KEY API Secret\n'\n\n# All `_sleep` commands are included to avoid Route53 throttling, see\n# https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests\n\nAWS_HOST=\"route53.amazonaws.com\"\nAWS_URL=\"https://$AWS_HOST\"\n\nAWS_WIKI=\"https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Amazon-Route53-API\"\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_aws_add() {\n fulldomain=$1\n txtvalue=$2\n\n AWS_ACCESS_KEY_ID=\"${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}\"\n AWS_SECRET_ACCESS_KEY=\"${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}\"\n AWS_DNS_SLOWRATE=\"${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}\"\n\n if [ -z \"$AWS_ACCESS_KEY_ID\" ] || [ -z \"$AWS_SECRET_ACCESS_KEY\" ]; then\n _use_container_role || _use_instance_role\n fi\n\n if [ -z \"$AWS_ACCESS_KEY_ID\" ] || [ -z \"$AWS_SECRET_ACCESS_KEY\" ]; then\n AWS_ACCESS_KEY_ID=\"\"\n AWS_SECRET_ACCESS_KEY=\"\"\n _err \"You haven't specified the aws route53 api key id and and api key secret yet.\"\n _err \"Please create your key and try again. see $(__green $AWS_WIKI)\"\n return 1\n fi\n\n #save for future use, unless using a role which will be fetched as needed\n if [ -z \"$_using_role\" ]; then\n _saveaccountconf_mutable AWS_ACCESS_KEY_ID \"$AWS_ACCESS_KEY_ID\"\n _saveaccountconf_mutable AWS_SECRET_ACCESS_KEY \"$AWS_SECRET_ACCESS_KEY\"\n _saveaccountconf_mutable AWS_DNS_SLOWRATE \"$AWS_DNS_SLOWRATE\"\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n _sleep 1\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Getting existing records for $fulldomain\"\n if ! aws_rest GET \"2013-04-01$_domain_id/rrset\" \"name=$fulldomain&type=TXT\"; then\n _sleep 1\n return 1\n fi\n\n if _contains \"$response\" \"$fulldomain.\"; then\n _resource_record=\"$(echo \"$response\" | sed 's//\"/g' | tr '\"' \"\\n\" | grep \"$fulldomain.\" | _egrep_o \"\" | sed \"s///\" | sed \"s###\")\"\n _debug \"_resource_record\" \"$_resource_record\"\n else\n _debug \"single new add\"\n fi\n\n if [ \"$_resource_record\" ] && _contains \"$response\" \"$txtvalue\"; then\n _info \"The TXT record already exists. Skipping.\"\n _sleep 1\n return 0\n fi\n\n _debug \"Adding records\"\n\n _aws_tmpl_xml=\"UPSERT$fulldomainTXT300$_resource_record\\\"$txtvalue\\\"\"\n\n if aws_rest POST \"2013-04-01$_domain_id/rrset/\" \"\" \"$_aws_tmpl_xml\" && _contains \"$response\" \"ChangeResourceRecordSetsResponse\"; then\n _info \"TXT record updated successfully.\"\n if [ -n \"$AWS_DNS_SLOWRATE\" ]; then\n _info \"Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds\"\n _sleep \"$AWS_DNS_SLOWRATE\"\n else\n _sleep 1\n fi\n\n return 0\n fi\n _sleep 1\n return 1\n}\n\n#fulldomain txtvalue\ndns_aws_rm() {\n fulldomain=$1\n txtvalue=$2\n\n AWS_ACCESS_KEY_ID=\"${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}\"\n AWS_SECRET_ACCESS_KEY=\"${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}\"\n AWS_DNS_SLOWRATE=\"${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}\"\n\n if [ -z \"$AWS_ACCESS_KEY_ID\" ] || [ -z \"$AWS_SECRET_ACCESS_KEY\" ]; then\n _use_container_role || _use_instance_role\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n _sleep 1\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Getting existing records for $fulldomain\"\n if ! aws_rest GET \"2013-04-01$_domain_id/rrset\" \"name=$fulldomain&type=TXT\"; then\n _sleep 1\n return 1\n fi\n\n if _contains \"$response\" \"$fulldomain.\"; then\n _resource_record=\"$(echo \"$response\" | sed 's//\"/g' | tr '\"' \"\\n\" | grep \"$fulldomain.\" | _egrep_o \"\" | sed \"s///\" | sed \"s###\")\"\n _debug \"_resource_record\" \"$_resource_record\"\n else\n _debug \"no records exist, skip\"\n _sleep 1\n return 0\n fi\n\n _aws_tmpl_xml=\"DELETE$_resource_record$fulldomain.TXT300\"\n\n if aws_rest POST \"2013-04-01$_domain_id/rrset/\" \"\" \"$_aws_tmpl_xml\" && _contains \"$response\" \"ChangeResourceRecordSetsResponse\"; then\n _info \"TXT record deleted successfully.\"\n if [ -n \"$AWS_DNS_SLOWRATE\" ]; then\n _info \"Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds\"\n _sleep \"$AWS_DNS_SLOWRATE\"\n else\n _sleep 1\n fi\n\n return 0\n fi\n _sleep 1\n return 1\n}\n\n#################### Private functions below ##################################\n\n_get_root() {\n domain=$1\n i=1\n p=1\n\n # iterate over names (a.b.c.d -> b.c.d -> c.d -> d)\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100 | sed 's/\\./\\\\./g')\n _debug \"Checking domain: $h\"\n if [ -z \"$h\" ]; then\n _err \"invalid domain\"\n return 1\n fi\n\n # iterate over paginated result for list_hosted_zones\n aws_rest GET \"2013-04-01/hostedzone\"\n while true; do\n if _contains \"$response\" \"$h.\"; then\n hostedzone=\"$(echo \"$response\" | tr -d '\\n' | sed 's//#&/g' | tr '#' '\\n' | _egrep_o \"[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>\")\"\n _debug hostedzone \"$hostedzone\"\n if [ \"$hostedzone\" ]; then\n _domain_id=$(printf \"%s\\n\" \"$hostedzone\" | _egrep_o \".*<.Id>\" | head -n 1 | _egrep_o \">.*<\" | tr -d \"<>\")\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n _err \"Can't find domain with id: $h\"\n return 1\n fi\n fi\n if _contains \"$response\" \"true\" && _contains \"$response\" \"\"; then\n _debug \"IsTruncated\"\n _nextMarker=\"$(echo \"$response\" | _egrep_o \".*\" | cut -d '>' -f 2 | cut -d '<' -f 1)\"\n _debug \"NextMarker\" \"$_nextMarker\"\n else\n break\n fi\n _debug \"Checking domain: $h - Next Page \"\n aws_rest GET \"2013-04-01/hostedzone\" \"marker=$_nextMarker\"\n done\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_use_container_role() {\n # automatically set if running inside ECS\n if [ -z \"$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI\" ]; then\n _debug \"No ECS environment variable detected\"\n return 1\n fi\n _use_metadata \"169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI\"\n}\n\n_use_instance_role() {\n _instance_role_name_url=\"http://169.254.169.254/latest/meta-data/iam/security-credentials/\"\n\n if _get \"$_instance_role_name_url\" true 1 | _head_n 1 | grep -Fq 401; then\n _debug \"Using IMDSv2\"\n _token_url=\"http://169.254.169.254/latest/api/token\"\n export _H1=\"X-aws-ec2-metadata-token-ttl-seconds: 21600\"\n _token=\"$(_post \"\" \"$_token_url\" \"\" \"PUT\")\"\n _secure_debug3 \"_token\" \"$_token\"\n if [ -z \"$_token\" ]; then\n _debug \"Unable to fetch IMDSv2 token from instance metadata\"\n return 1\n fi\n export _H1=\"X-aws-ec2-metadata-token: $_token\"\n fi\n\n if ! _get \"$_instance_role_name_url\" true 1 | _head_n 1 | grep -Fq 200; then\n _debug \"Unable to fetch IAM role from instance metadata\"\n return 1\n fi\n\n _instance_role_name=$(_get \"$_instance_role_name_url\" \"\" 1)\n _debug \"_instance_role_name\" \"$_instance_role_name\"\n _use_metadata \"$_instance_role_name_url$_instance_role_name\" \"$_token\"\n\n}\n\n_use_metadata() {\n export _H1=\"X-aws-ec2-metadata-token: $2\"\n _aws_creds=\"$(\n _get \"$1\" \"\" 1 |\n _normalizeJson |\n tr '{,}' '\\n' |\n while read -r _line; do\n _key=\"$(echo \"${_line%%:*}\" | tr -d '\\\"')\"\n _value=\"${_line#*:}\"\n _debug3 \"_key\" \"$_key\"\n _secure_debug3 \"_value\" \"$_value\"\n case \"$_key\" in\n AccessKeyId) echo \"AWS_ACCESS_KEY_ID=$_value\" ;;\n SecretAccessKey) echo \"AWS_SECRET_ACCESS_KEY=$_value\" ;;\n Token) echo \"AWS_SESSION_TOKEN=$_value\" ;;\n esac\n done |\n paste -sd' ' -\n )\"\n _secure_debug \"_aws_creds\" \"$_aws_creds\"\n\n if [ -z \"$_aws_creds\" ]; then\n return 1\n fi\n\n eval \"$_aws_creds\"\n _using_role=true\n}\n\n#method uri qstr data\naws_rest() {\n mtd=\"$1\"\n ep=\"$2\"\n qsr=\"$3\"\n data=\"$4\"\n\n _debug mtd \"$mtd\"\n _debug ep \"$ep\"\n _debug qsr \"$qsr\"\n _debug data \"$data\"\n\n CanonicalURI=\"/$ep\"\n _debug2 CanonicalURI \"$CanonicalURI\"\n\n CanonicalQueryString=\"$qsr\"\n _debug2 CanonicalQueryString \"$CanonicalQueryString\"\n\n RequestDate=\"$(date -u +\"%Y%m%dT%H%M%SZ\")\"\n _debug2 RequestDate \"$RequestDate\"\n\n #RequestDate=\"20161120T141056Z\" ##############\n\n export _H1=\"x-amz-date: $RequestDate\"\n\n aws_host=\"$AWS_HOST\"\n CanonicalHeaders=\"host:$aws_host\\nx-amz-date:$RequestDate\\n\"\n SignedHeaders=\"host;x-amz-date\"\n if [ -n \"$AWS_SESSION_TOKEN\" ]; then\n export _H3=\"x-amz-security-token: $AWS_SESSION_TOKEN\"\n CanonicalHeaders=\"${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\\n\"\n SignedHeaders=\"${SignedHeaders};x-amz-security-token\"\n fi\n _debug2 CanonicalHeaders \"$CanonicalHeaders\"\n _debug2 SignedHeaders \"$SignedHeaders\"\n\n RequestPayload=\"$data\"\n _debug2 RequestPayload \"$RequestPayload\"\n\n Hash=\"sha256\"\n\n CanonicalRequest=\"$mtd\\n$CanonicalURI\\n$CanonicalQueryString\\n$CanonicalHeaders\\n$SignedHeaders\\n$(printf \"%s\" \"$RequestPayload\" | _digest \"$Hash\" hex)\"\n _debug2 CanonicalRequest \"$CanonicalRequest\"\n\n HashedCanonicalRequest=\"$(printf \"$CanonicalRequest%s\" | _digest \"$Hash\" hex)\"\n _debug2 HashedCanonicalRequest \"$HashedCanonicalRequest\"\n\n Algorithm=\"AWS4-HMAC-SHA256\"\n _debug2 Algorithm \"$Algorithm\"\n\n RequestDateOnly=\"$(echo \"$RequestDate\" | cut -c 1-8)\"\n _debug2 RequestDateOnly \"$RequestDateOnly\"\n\n Region=\"us-east-1\"\n Service=\"route53\"\n\n CredentialScope=\"$RequestDateOnly/$Region/$Service/aws4_request\"\n _debug2 CredentialScope \"$CredentialScope\"\n\n StringToSign=\"$Algorithm\\n$RequestDate\\n$CredentialScope\\n$HashedCanonicalRequest\"\n\n _debug2 StringToSign \"$StringToSign\"\n\n kSecret=\"AWS4$AWS_SECRET_ACCESS_KEY\"\n\n #kSecret=\"wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY\" ############################\n\n _secure_debug2 kSecret \"$kSecret\"\n\n kSecretH=\"$(printf \"%s\" \"$kSecret\" | _hex_dump | tr -d \" \")\"\n _secure_debug2 kSecretH \"$kSecretH\"\n\n kDateH=\"$(printf \"$RequestDateOnly%s\" | _hmac \"$Hash\" \"$kSecretH\" hex)\"\n _debug2 kDateH \"$kDateH\"\n\n kRegionH=\"$(printf \"$Region%s\" | _hmac \"$Hash\" \"$kDateH\" hex)\"\n _debug2 kRegionH \"$kRegionH\"\n\n kServiceH=\"$(printf \"$Service%s\" | _hmac \"$Hash\" \"$kRegionH\" hex)\"\n _debug2 kServiceH \"$kServiceH\"\n\n kSigningH=\"$(printf \"%s\" \"aws4_request\" | _hmac \"$Hash\" \"$kServiceH\" hex)\"\n _debug2 kSigningH \"$kSigningH\"\n\n signature=\"$(printf \"$StringToSign%s\" | _hmac \"$Hash\" \"$kSigningH\" hex)\"\n _debug2 signature \"$signature\"\n\n Authorization=\"$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature\"\n _debug2 Authorization \"$Authorization\"\n\n _H2=\"Authorization: $Authorization\"\n _debug _H2 \"$_H2\"\n\n url=\"$AWS_URL/$ep\"\n if [ \"$qsr\" ]; then\n url=\"$AWS_URL/$ep?$qsr\"\n fi\n\n if [ \"$mtd\" = \"GET\" ]; then\n response=\"$(_get \"$url\")\"\n else\n response=\"$(_post \"$data\" \"$url\")\"\n fi\n\n _ret=\"$?\"\n _debug2 response \"$response\"\n if [ \"$_ret\" = \"0\" ]; then\n if _contains \"$response\" \"/dev/null; then\n _azion_token=$(echo \"$response\" | _egrep_o \"\\\"token\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\")\n export AZION_Token=\"$_azion_token\"\n else\n _err \"Failed to generate Azion token\"\n return 1\n fi\n}\n\n_azion_rest() {\n _method=$1\n _uri=\"$2\"\n _data=\"$3\"\n\n if [ -z \"$AZION_Token\" ]; then\n _get_token\n fi\n _debug2 token \"$AZION_Token\"\n\n export _H1=\"Accept: application/json; version=3\"\n export _H2=\"Content-Type: application/json\"\n export _H3=\"Authorization: token $AZION_Token\"\n\n if [ \"$_method\" != \"GET\" ]; then\n _debug _data \"$_data\"\n response=\"$(_post \"$_data\" \"$AZION_Api/$_uri\" \"\" \"$_method\")\"\n else\n response=\"$(_get \"$AZION_Api/$_uri\")\"\n fi\n\n _debug2 response \"$response\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $_method $_uri $_data\"\n return 1\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_azure.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_azure_info='Azure\nSite: Azure.microsoft.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure\nOptions:\n AZUREDNS_SUBSCRIPTIONID Subscription ID\n AZUREDNS_TENANTID Tenant ID\n AZUREDNS_APPID App ID. App ID of the service principal\n AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal\n AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. \"true\"/\"false\"\n AZUREDNS_BEARERTOKEN Bearer Token. Used instead of service principal credentials or managed identity. Optional.\n'\n\nwiki=https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS\n\n######## Public functions #####################\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\n#\n# Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/create-or-update?view=rest-dns-2018-05-01&tabs=HTTP\n#\n\ndns_azure_add() {\n fulldomain=$1\n txtvalue=$2\n\n AZUREDNS_SUBSCRIPTIONID=\"${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}\"\n if [ -z \"$AZUREDNS_SUBSCRIPTIONID\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure Subscription ID\"\n return 1\n fi\n #save subscription id to account conf file.\n _saveaccountconf_mutable AZUREDNS_SUBSCRIPTIONID \"$AZUREDNS_SUBSCRIPTIONID\"\n\n AZUREDNS_MANAGEDIDENTITY=\"${AZUREDNS_MANAGEDIDENTITY:-$(_readaccountconf_mutable AZUREDNS_MANAGEDIDENTITY)}\"\n if [ \"$AZUREDNS_MANAGEDIDENTITY\" = true ]; then\n _info \"Using Azure managed identity\"\n #save managed identity as preferred authentication method, clear service principal credentials from conf file.\n _saveaccountconf_mutable AZUREDNS_MANAGEDIDENTITY \"$AZUREDNS_MANAGEDIDENTITY\"\n _saveaccountconf_mutable AZUREDNS_TENANTID \"\"\n _saveaccountconf_mutable AZUREDNS_APPID \"\"\n _saveaccountconf_mutable AZUREDNS_CLIENTSECRET \"\"\n _saveaccountconf_mutable AZUREDNS_BEARERTOKEN \"\"\n else\n _info \"You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token\"\n AZUREDNS_TENANTID=\"${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}\"\n AZUREDNS_APPID=\"${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}\"\n AZUREDNS_CLIENTSECRET=\"${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}\"\n AZUREDNS_BEARERTOKEN=\"${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}\"\n if [ -z \"$AZUREDNS_BEARERTOKEN\" ]; then\n if [ -z \"$AZUREDNS_TENANTID\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure Tenant ID \"\n return 1\n fi\n\n if [ -z \"$AZUREDNS_APPID\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure App ID\"\n return 1\n fi\n\n if [ -z \"$AZUREDNS_CLIENTSECRET\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure Client Secret\"\n return 1\n fi\n else\n _info \"Using provided bearer token\"\n fi\n\n #save account details to account conf file, don't opt in for azure manages identity check.\n _saveaccountconf_mutable AZUREDNS_MANAGEDIDENTITY \"false\"\n _saveaccountconf_mutable AZUREDNS_TENANTID \"$AZUREDNS_TENANTID\"\n _saveaccountconf_mutable AZUREDNS_APPID \"$AZUREDNS_APPID\"\n _saveaccountconf_mutable AZUREDNS_CLIENTSECRET \"$AZUREDNS_CLIENTSECRET\"\n _saveaccountconf_mutable AZUREDNS_BEARERTOKEN \"$AZUREDNS_BEARERTOKEN\"\n fi\n\n if [ -z \"$AZUREDNS_BEARERTOKEN\" ]; then\n accesstoken=$(_azure_getaccess_token \"$AZUREDNS_MANAGEDIDENTITY\" \"$AZUREDNS_TENANTID\" \"$AZUREDNS_APPID\" \"$AZUREDNS_CLIENTSECRET\")\n else\n accesstoken=$(echo \"$AZUREDNS_BEARERTOKEN\" | sed \"s/Bearer //g\")\n fi\n\n if ! _get_root \"$fulldomain\" \"$AZUREDNS_SUBSCRIPTIONID\" \"$accesstoken\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n acmeRecordURI=\"https://management.azure.com$(printf '%s' \"$_domain_id\" | sed 's/\\\\//g')/TXT/$_sub_domain?api-version=2017-09-01\"\n _debug \"$acmeRecordURI\"\n # Get existing TXT record\n _azure_rest GET \"$acmeRecordURI\" \"\" \"$accesstoken\"\n values=\"{\\\"value\\\":[\\\"$txtvalue\\\"]}\"\n timestamp=\"$(_time)\"\n if [ \"$_code\" = \"200\" ]; then\n vlist=\"$(echo \"$response\" | _egrep_o \"\\\"value\\\"\\\\s*:\\\\s*\\\\[\\\\s*\\\"[^\\\"]*\\\"\\\\s*]\" | cut -d : -f 2 | tr -d \"[]\\\"\")\"\n _debug \"existing TXT found\"\n _debug \"$vlist\"\n existingts=\"$(echo \"$response\" | _egrep_o \"\\\"acmetscheck\\\"\\\\s*:\\\\s*\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \"\\\"\")\"\n if [ -z \"$existingts\" ]; then\n # the record was not created by acme.sh. Copy the exisiting entires\n existingts=$timestamp\n fi\n _diff=\"$(_math \"$timestamp - $existingts\")\"\n _debug \"existing txt age: $_diff\"\n # only use recently added records and discard if older than 2 hours because they are probably orphaned\n if [ \"$_diff\" -lt 7200 ]; then\n _debug \"existing txt value: $vlist\"\n for v in $vlist; do\n values=\"$values ,{\\\"value\\\":[\\\"$v\\\"]}\"\n done\n fi\n fi\n # Add the txtvalue TXT Record\n body=\"{\\\"properties\\\":{\\\"metadata\\\":{\\\"acmetscheck\\\":\\\"$timestamp\\\"},\\\"TTL\\\":10, \\\"TXTRecords\\\":[$values]}}\"\n _azure_rest PUT \"$acmeRecordURI\" \"$body\" \"$accesstoken\"\n if [ \"$_code\" = \"200\" ] || [ \"$_code\" = '201' ]; then\n _info \"validation value added\"\n return 0\n else\n _err \"error adding validation value ($_code)\"\n return 1\n fi\n}\n\n# Usage: fulldomain txtvalue\n# Used to remove the txt record after validation\n#\n# Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/delete?view=rest-dns-2018-05-01&tabs=HTTP\n#\ndns_azure_rm() {\n fulldomain=$1\n txtvalue=$2\n\n AZUREDNS_SUBSCRIPTIONID=\"${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}\"\n if [ -z \"$AZUREDNS_SUBSCRIPTIONID\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure Subscription ID \"\n return 1\n fi\n\n AZUREDNS_MANAGEDIDENTITY=\"${AZUREDNS_MANAGEDIDENTITY:-$(_readaccountconf_mutable AZUREDNS_MANAGEDIDENTITY)}\"\n if [ \"$AZUREDNS_MANAGEDIDENTITY\" = true ]; then\n _info \"Using Azure managed identity\"\n else\n _info \"You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token\"\n AZUREDNS_TENANTID=\"${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}\"\n AZUREDNS_APPID=\"${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}\"\n AZUREDNS_CLIENTSECRET=\"${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}\"\n AZUREDNS_BEARERTOKEN=\"${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}\"\n if [ -z \"$AZUREDNS_BEARERTOKEN\" ]; then\n if [ -z \"$AZUREDNS_TENANTID\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure Tenant ID \"\n return 1\n fi\n\n if [ -z \"$AZUREDNS_APPID\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure App ID\"\n return 1\n fi\n\n if [ -z \"$AZUREDNS_CLIENTSECRET\" ]; then\n AZUREDNS_SUBSCRIPTIONID=\"\"\n AZUREDNS_TENANTID=\"\"\n AZUREDNS_APPID=\"\"\n AZUREDNS_CLIENTSECRET=\"\"\n AZUREDNS_BEARERTOKEN=\"\"\n _err \"You didn't specify the Azure Client Secret\"\n return 1\n fi\n else\n _info \"Using provided bearer token\"\n fi\n fi\n\n if [ -z \"$AZUREDNS_BEARERTOKEN\" ]; then\n accesstoken=$(_azure_getaccess_token \"$AZUREDNS_MANAGEDIDENTITY\" \"$AZUREDNS_TENANTID\" \"$AZUREDNS_APPID\" \"$AZUREDNS_CLIENTSECRET\")\n else\n accesstoken=$(echo \"$AZUREDNS_BEARERTOKEN\" | sed \"s/Bearer //g\")\n fi\n\n if ! _get_root \"$fulldomain\" \"$AZUREDNS_SUBSCRIPTIONID\" \"$accesstoken\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n acmeRecordURI=\"https://management.azure.com$(printf '%s' \"$_domain_id\" | sed 's/\\\\//g')/TXT/$_sub_domain?api-version=2017-09-01\"\n _debug \"$acmeRecordURI\"\n # Get existing TXT record\n _azure_rest GET \"$acmeRecordURI\" \"\" \"$accesstoken\"\n timestamp=\"$(_time)\"\n if [ \"$_code\" = \"200\" ]; then\n vlist=\"$(echo \"$response\" | _egrep_o \"\\\"value\\\"\\\\s*:\\\\s*\\\\[\\\\s*\\\"[^\\\"]*\\\"\\\\s*]\" | cut -d : -f 2 | tr -d \"[]\\\"\" | grep -v -- \"$txtvalue\")\"\n values=\"\"\n comma=\"\"\n for v in $vlist; do\n values=\"$values$comma{\\\"value\\\":[\\\"$v\\\"]}\"\n comma=\",\"\n done\n if [ -z \"$values\" ]; then\n # No values left remove record\n _debug \"removing validation record completely $acmeRecordURI\"\n _azure_rest DELETE \"$acmeRecordURI\" \"\" \"$accesstoken\"\n if [ \"$_code\" = \"200\" ] || [ \"$_code\" = '204' ]; then\n _info \"validation record removed\"\n else\n _err \"error removing validation record ($_code)\"\n return 1\n fi\n else\n # Remove only txtvalue from the TXT Record\n body=\"{\\\"properties\\\":{\\\"metadata\\\":{\\\"acmetscheck\\\":\\\"$timestamp\\\"},\\\"TTL\\\":10, \\\"TXTRecords\\\":[$values]}}\"\n _azure_rest PUT \"$acmeRecordURI\" \"$body\" \"$accesstoken\"\n if [ \"$_code\" = \"200\" ] || [ \"$_code\" = '201' ]; then\n _info \"validation value removed\"\n return 0\n else\n _err \"error removing validation value ($_code)\"\n return 1\n fi\n fi\n fi\n}\n\n################### Private functions below ##################################\n\n_azure_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n accesstoken=\"$4\"\n\n MAX_REQUEST_RETRY_TIMES=5\n _request_retry_times=0\n while [ \"${_request_retry_times}\" -lt \"$MAX_REQUEST_RETRY_TIMES\" ]; do\n _debug3 _request_retry_times \"$_request_retry_times\"\n export _H1=\"authorization: Bearer $accesstoken\"\n export _H2=\"accept: application/json\"\n export _H3=\"Content-Type: application/json\"\n # clear headers from previous request to avoid getting wrong http code on timeouts\n : >\"$HTTP_HEADER\"\n _debug \"$ep\"\n if [ \"$m\" != \"GET\" ]; then\n _secure_debug2 \"data $data\"\n response=\"$(_post \"$data\" \"$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$ep\")\"\n fi\n _ret=\"$?\"\n _secure_debug2 \"response $response\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n if [ \"$_code\" = \"401\" ]; then\n # we have an invalid access token set to expired\n _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO \"0\"\n _err \"Access denied. Invalid access token. Make sure your Azure settings are correct. See: $wiki\"\n return 1\n fi\n # See https://learn.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes\n if [ \"$_ret\" != \"0\" ] || [ -z \"$_code\" ] || [ \"$_code\" = \"408\" ] || [ \"$_code\" = \"500\" ] || [ \"$_code\" = \"503\" ] || [ \"$_code\" = \"504\" ]; then\n _request_retry_times=\"$(_math \"$_request_retry_times\" + 1)\"\n _info \"REST call error $_code retrying $ep in $_request_retry_times s\"\n _sleep \"$_request_retry_times\"\n continue\n fi\n break\n done\n if [ \"$_request_retry_times\" = \"$MAX_REQUEST_RETRY_TIMES\" ]; then\n _err \"Error Azure REST called was retried $MAX_REQUEST_RETRY_TIMES times.\"\n _err \"Calling $ep failed.\"\n return 1\n fi\n response=\"$(echo \"$response\" | _normalizeJson)\"\n return 0\n}\n\n## Ref: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#request-an-access-token\n_azure_getaccess_token() {\n managedIdentity=$1\n tenantID=$2\n clientID=$3\n clientSecret=$4\n\n accesstoken=\"${AZUREDNS_ACCESSTOKEN:-$(_readaccountconf_mutable AZUREDNS_ACCESSTOKEN)}\"\n expires_on=\"${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}\"\n\n # can we reuse the bearer token?\n if [ -n \"$accesstoken\" ] && [ -n \"$expires_on\" ]; then\n if [ \"$(_time)\" -lt \"$expires_on\" ]; then\n # brearer token is still valid - reuse it\n _debug \"reusing bearer token\"\n printf \"%s\" \"$accesstoken\"\n return 0\n else\n _debug \"bearer token expired\"\n fi\n fi\n _debug \"getting new bearer token\"\n\n if [ \"$managedIdentity\" = true ]; then\n # https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http\n if [ -n \"$IDENTITY_ENDPOINT\" ]; then\n # Some Azure environments may set IDENTITY_ENDPOINT (formerly MSI_ENDPOINT) to have an alternative metadata endpoint\n url=\"$IDENTITY_ENDPOINT?api-version=2019-08-01&resource=https://management.azure.com/\"\n headers=\"X-IDENTITY-HEADER: $IDENTITY_HEADER\"\n else\n url=\"http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/\"\n headers=\"Metadata: true\"\n fi\n\n export _H1=\"$headers\"\n response=\"$(_get \"$url\")\"\n response=\"$(echo \"$response\" | _normalizeJson)\"\n accesstoken=$(echo \"$response\" | _egrep_o \"\\\"access_token\\\":\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\")\n expires_on=$(echo \"$response\" | _egrep_o \"\\\"expires_on\\\":\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\")\n else\n export _H1=\"accept: application/json\"\n export _H2=\"Content-Type: application/x-www-form-urlencoded\"\n body=\"resource=$(printf \"%s\" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf \"%s\" \"$clientID\" | _url_encode)&client_secret=$(printf \"%s\" \"$clientSecret\" | _url_encode)&grant_type=client_credentials\"\n _secure_debug2 \"data $body\"\n response=\"$(_post \"$body\" \"https://login.microsoftonline.com/$tenantID/oauth2/token\" \"\" \"POST\")\"\n _ret=\"$?\"\n _secure_debug2 \"response $response\"\n response=\"$(echo \"$response\" | _normalizeJson)\"\n accesstoken=$(echo \"$response\" | _egrep_o \"\\\"access_token\\\":\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\")\n expires_on=$(echo \"$response\" | _egrep_o \"\\\"expires_on\\\":\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\")\n fi\n\n if [ -z \"$accesstoken\" ]; then\n _err \"No acccess token received. Check your Azure settings. See: $wiki\"\n return 1\n fi\n if [ \"$_ret\" != \"0\" ]; then\n _err \"error $response\"\n return 1\n fi\n _saveaccountconf_mutable AZUREDNS_ACCESSTOKEN \"$accesstoken\"\n _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO \"$expires_on\"\n printf \"%s\" \"$accesstoken\"\n return 0\n}\n\n_get_root() {\n domain=$1\n subscriptionId=$2\n accesstoken=$3\n i=1\n p=1\n\n ## Ref: https://learn.microsoft.com/en-us/rest/api/dns/zones/list?view=rest-dns-2018-05-01&tabs=HTTP\n ## returns up to 100 zones in one response. Handling more results is not implemented\n ## (ZoneListResult with continuation token for the next page of results)\n ##\n ## TODO: handle more than 100 results, as per:\n ## https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-dns-limits\n ## The new limit is 250 Public DNS zones per subscription, while the old limit was only 100\n ##\n _azure_rest GET \"https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\\$top=500&api-version=2017-09-01\" \"\" \"$accesstoken\"\n # Find matching domain name in Json response\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug2 \"Checking domain: $h\"\n if [ -z \"$h\" ]; then\n #not valid\n _err \"Invalid domain\"\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _domain_id=$(echo \"$response\" | _egrep_o \"\\\\{\\\"id\\\":\\\"[^\\\"]*\\\\/$h\\\"\" | head -n 1 | cut -d : -f 2 | tr -d \\\")\n if [ \"$_domain_id\" ]; then\n if [ \"$i\" = 1 ]; then\n #create the record at the domain apex (@) if only the domain name was provided as --domain-alias\n _sub_domain=\"@\"\n else\n _sub_domain=$(echo \"$domain\" | cut -d . -f 1-\"$p\")\n fi\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n"
},
{
"path": "dnsapi/dns_beget.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_beget_info='Beget.com\nSite: Beget.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_beget\nOptions:\n BEGET_User API user\n BEGET_Password API password\nIssues: github.com/acmesh-official/acme.sh/issues/6200\nAuthor: ARNik \n'\n\nBeget_Api=\"https://api.beget.com/api\"\n\n#################### Public functions ####################\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_beget_add() {\n fulldomain=$1\n txtvalue=$2\n _debug \"dns_beget_add() $fulldomain $txtvalue\"\n fulldomain=$(echo \"$fulldomain\" | _lower_case)\n\n Beget_Username=\"${Beget_Username:-$(_readaccountconf_mutable Beget_Username)}\"\n Beget_Password=\"${Beget_Password:-$(_readaccountconf_mutable Beget_Password)}\"\n\n if [ -z \"$Beget_Username\" ] || [ -z \"$Beget_Password\" ]; then\n Beget_Username=\"\"\n Beget_Password=\"\"\n _err \"You must export variables: Beget_Username, and Beget_Password\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable Beget_Username \"$Beget_Username\"\n _saveaccountconf_mutable Beget_Password \"$Beget_Password\"\n\n _info \"Prepare subdomain.\"\n if ! _prepare_subdomain \"$fulldomain\"; then\n _err \"Can't prepare subdomain.\"\n return 1\n fi\n\n _info \"Get domain records\"\n data=\"{\\\"fqdn\\\":\\\"$fulldomain\\\"}\"\n res=$(_api_call \"$Beget_Api/dns/getData\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't get domain records.\"\n return 1\n fi\n\n _info \"Add new TXT record\"\n data=\"{\\\"fqdn\\\":\\\"$fulldomain\\\",\\\"records\\\":{\"\n data=${data}$(_parce_records \"$res\" \"A\")\n data=${data}$(_parce_records \"$res\" \"AAAA\")\n data=${data}$(_parce_records \"$res\" \"CAA\")\n data=${data}$(_parce_records \"$res\" \"MX\")\n data=${data}$(_parce_records \"$res\" \"SRV\")\n data=${data}$(_parce_records \"$res\" \"TXT\")\n data=$(echo \"$data\" | sed 's/,$//')\n data=${data}'}}'\n\n str=$(_txt_to_dns_json \"$txtvalue\")\n data=$(_add_record \"$data\" \"TXT\" \"$str\")\n\n res=$(_api_call \"$Beget_Api/dns/changeRecords\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't change domain records.\"\n return 1\n fi\n\n return 0\n}\n\n# Usage: fulldomain txtvalue\n# Used to remove the txt record after validation\ndns_beget_rm() {\n fulldomain=$1\n txtvalue=$2\n _debug \"dns_beget_rm() $fulldomain $txtvalue\"\n fulldomain=$(echo \"$fulldomain\" | _lower_case)\n\n Beget_Username=\"${Beget_Username:-$(_readaccountconf_mutable Beget_Username)}\"\n Beget_Password=\"${Beget_Password:-$(_readaccountconf_mutable Beget_Password)}\"\n\n _info \"Get current domain records\"\n data=\"{\\\"fqdn\\\":\\\"$fulldomain\\\"}\"\n res=$(_api_call \"$Beget_Api/dns/getData\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't get domain records.\"\n return 1\n fi\n\n _info \"Remove TXT record\"\n data=\"{\\\"fqdn\\\":\\\"$fulldomain\\\",\\\"records\\\":{\"\n data=${data}$(_parce_records \"$res\" \"A\")\n data=${data}$(_parce_records \"$res\" \"AAAA\")\n data=${data}$(_parce_records \"$res\" \"CAA\")\n data=${data}$(_parce_records \"$res\" \"MX\")\n data=${data}$(_parce_records \"$res\" \"SRV\")\n data=${data}$(_parce_records \"$res\" \"TXT\")\n data=$(echo \"$data\" | sed 's/,$//')\n data=${data}'}}'\n\n str=$(_txt_to_dns_json \"$txtvalue\")\n data=$(_rm_record \"$data\" \"$str\")\n\n res=$(_api_call \"$Beget_Api/dns/changeRecords\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't change domain records.\"\n return 1\n fi\n\n return 0\n}\n\n#################### Private functions below ####################\n\n# Create subdomain if needed\n# Usage: _prepare_subdomain [fulldomain]\n_prepare_subdomain() {\n fulldomain=$1\n\n _info \"Detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if [ -z \"$_sub_domain\" ]; then\n _debug \"$fulldomain is a root domain.\"\n return 0\n fi\n\n _info \"Get subdomain list\"\n res=$(_api_call \"$Beget_Api/domain/getSubdomainList\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't get subdomain list.\"\n return 1\n fi\n\n if _contains \"$res\" \"\\\"fqdn\\\":\\\"$fulldomain\\\"\"; then\n _debug \"Subdomain $fulldomain already exist.\"\n return 0\n fi\n\n _info \"Subdomain $fulldomain does not exist. Let's create one.\"\n data=\"{\\\"subdomain\\\":\\\"$_sub_domain\\\",\\\"domain_id\\\":$_domain_id}\"\n res=$(_api_call \"$Beget_Api/domain/addSubdomainVirtual\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't create subdomain.\"\n return 1\n fi\n\n _debug \"Cleanup subdomen records\"\n data=\"{\\\"fqdn\\\":\\\"$fulldomain\\\",\\\"records\\\":{}}\"\n res=$(_api_call \"$Beget_Api/dns/changeRecords\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _debug \"Can't cleanup $fulldomain records.\"\n fi\n\n data=\"{\\\"fqdn\\\":\\\"www.$fulldomain\\\",\\\"records\\\":{}}\"\n res=$(_api_call \"$Beget_Api/dns/changeRecords\" \"$data\")\n if ! _is_api_reply_ok \"$res\"; then\n _debug \"Can't cleanup www.$fulldomain records.\"\n fi\n\n return 0\n}\n\n# Usage: _get_root _acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=32436365\n_get_root() {\n fulldomain=$1\n i=1\n p=1\n\n _debug \"Get domain list\"\n res=$(_api_call \"$Beget_Api/domain/getList\")\n if ! _is_api_reply_ok \"$res\"; then\n _err \"Can't get domain list.\"\n return 1\n fi\n\n while true; do\n h=$(printf \"%s\" \"$fulldomain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n\n if [ -z \"$h\" ]; then\n return 1\n fi\n\n if _contains \"$res\" \"$h\"; then\n _domain_id=$(echo \"$res\" | _egrep_o \"\\\"id\\\":[0-9]*,\\\"fqdn\\\":\\\"$h\\\"\" | cut -d , -f1 | cut -d : -f2)\n if [ \"$_domain_id\" ]; then\n if [ \"$h\" != \"$fulldomain\" ]; then\n _sub_domain=$(echo \"$fulldomain\" | cut -d . -f 1-\"$p\")\n else\n _sub_domain=\"\"\n fi\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n# Parce DNS records from json string\n# Usage: _parce_records [j_str] [record_name]\n_parce_records() {\n j_str=$1\n record_name=$2\n res=\"\\\"$record_name\\\":[\"\n res=${res}$(echo \"$j_str\" | _egrep_o \"\\\"$record_name\\\":\\[.*\" | cut -d '[' -f2 | cut -d ']' -f1)\n res=${res}\"],\"\n echo \"$res\"\n}\n\n# Usage: _add_record [data] [record_name] [record_data]\n_add_record() {\n data=$1\n record_name=$2\n record_data=$3\n echo \"$data\" | sed \"s/\\\"$record_name\\\":\\[/\\\"$record_name\\\":\\[$record_data,/\" | sed \"s/,\\]/\\]/\"\n}\n\n# Usage: _rm_record [data] [record_data]\n_rm_record() {\n data=$1\n record_data=$2\n echo \"$data\" | sed \"s/$record_data//g\" | sed \"s/,\\+/,/g\" |\n sed \"s/{,/{/g\" | sed \"s/,}/}/g\" |\n sed \"s/\\[,/\\[/g\" | sed \"s/,\\]/\\]/g\"\n}\n\n_txt_to_dns_json() {\n echo \"{\\\"ttl\\\":600,\\\"txtdata\\\":\\\"$1\\\"}\"\n}\n\n# Usage: _api_call [api_url] [input_data]\n_api_call() {\n api_url=\"$1\"\n input_data=\"$2\"\n\n _debug \"_api_call $api_url\"\n _debug \"Request: $input_data\"\n\n # res=$(curl -s -L -D ./http.header \\\n # \"$api_url\" \\\n # --data-urlencode login=$Beget_Username \\\n # --data-urlencode passwd=$Beget_Password \\\n # --data-urlencode input_format=json \\\n # --data-urlencode output_format=json \\\n # --data-urlencode \"input_data=$input_data\")\n\n url=\"$api_url?login=$Beget_Username&passwd=$Beget_Password&input_format=json&output_format=json\"\n if [ -n \"$input_data\" ]; then\n url=${url}\"&input_data=\"\n url=${url}$(echo \"$input_data\" | _url_encode)\n fi\n res=$(_get \"$url\")\n\n _debug \"Reply: $res\"\n echo \"$res\"\n}\n\n# Usage: _is_api_reply_ok [api_reply]\n_is_api_reply_ok() {\n _contains \"$1\" '^{\"status\":\"success\",\"answer\":{\"status\":\"success\",\"result\":.*}}$'\n}\n"
},
{
"path": "dnsapi/dns_bookmyname.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_bookmyname_info='BookMyName.com\nSite: BookMyName.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname\nOptions:\n BOOKMYNAME_USERNAME Username\n BOOKMYNAME_PASSWORD Password\nIssues: github.com/acmesh-official/acme.sh/issues/3209\nAuthor: @Neilpang\n'\n\n######## Public functions #####################\n\n# BookMyName urls:\n# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value=\"XXXXXXXX\"'\n# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value=\"XXXXXXXX\"'\n\n# Output:\n#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX\n#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX\n\n# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised.\n\n# Usage:\n# export BOOKMYNAME_USERNAME=\"ABCDE-FREE\"\n# export BOOKMYNAME_PASSWORD=\"MyPassword\"\n# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld\n\n#Usage: dns_bookmyname_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_bookmyname_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using bookmyname\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n BOOKMYNAME_USERNAME=\"${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}\"\n BOOKMYNAME_PASSWORD=\"${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}\"\n\n if [ -z \"$BOOKMYNAME_USERNAME\" ] || [ -z \"$BOOKMYNAME_PASSWORD\" ]; then\n BOOKMYNAME_USERNAME=\"\"\n BOOKMYNAME_PASSWORD=\"\"\n _err \"You didn't specify BookMyName username and password yet.\"\n _err \"Please specify them and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable BOOKMYNAME_USERNAME \"$BOOKMYNAME_USERNAME\"\n _saveaccountconf_mutable BOOKMYNAME_PASSWORD \"$BOOKMYNAME_PASSWORD\"\n\n uri=\"https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/\"\n data=\"?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}\"\n result=\"$(_get \"${uri}${data}\")\"\n _debug \"Result: $result\"\n\n if ! _startswith \"$result\" 'good: update done, cid '; then\n _err \"Can't add $fulldomain\"\n return 1\n fi\n\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_bookmyname_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using bookmyname\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n BOOKMYNAME_USERNAME=\"${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}\"\n BOOKMYNAME_PASSWORD=\"${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}\"\n\n uri=\"https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/\"\n data=\"?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}\"\n result=\"$(_get \"${uri}${data}\")\"\n _debug \"Result: $result\"\n\n if ! _startswith \"$result\" 'good: remove done 1, cid '; then\n _info \"Can't remove $fulldomain\"\n fi\n\n}\n\n#################### Private functions below ##################################\n"
},
{
"path": "dnsapi/dns_bunny.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_bunny_info='Bunny.net\nSite: Bunny.net/dns/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny\nOptions:\n BUNNY_API_KEY API Key\nIssues: github.com/acmesh-official/acme.sh/issues/4296\nAuthor: \n'\n\n##################### Public functions #####################\n\n## Create the text record for validation.\n## Usage: fulldomain txtvalue\n## EG: \"_acme-challenge.www.other.domain.com\" \"XKrxpRBosdq0HG9i01zxXp5CPBs\"\ndns_bunny_add() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=$2\n\n BUNNY_API_KEY=\"${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}\"\n # Check if API Key is set\n if [ -z \"$BUNNY_API_KEY\" ]; then\n BUNNY_API_KEY=\"\"\n _err \"You did not specify Bunny.net API key.\"\n _err \"Please export BUNNY_API_KEY and try again.\"\n return 1\n fi\n\n _info \"Using Bunny.net dns validation - add record\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ## save the env vars (key and domain split location) for later automated use\n _saveaccountconf_mutable BUNNY_API_KEY \"$BUNNY_API_KEY\"\n\n ## split the domain for Bunny API\n if ! _get_base_domain \"$fulldomain\"; then\n _err \"domain not found in your account for addition\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug _domain_id \"$_domain_id\"\n\n ## Set the header with our post type and auth key\n export _H1=\"Accept: application/json\"\n export _H2=\"AccessKey: $BUNNY_API_KEY\"\n export _H3=\"Content-Type: application/json\"\n PURL=\"https://api.bunny.net/dnszone/$_domain_id/records\"\n PBODY='{\"Id\":'$_domain_id',\"Type\":3,\"Name\":\"'$_sub_domain'\",\"Value\":\"'$txtvalue'\",\"ttl\":120}'\n\n _debug PURL \"$PURL\"\n _debug PBODY \"$PBODY\"\n\n ## the create request - POST\n ## args: BODY, URL, [need64, httpmethod]\n response=\"$(_post \"$PBODY\" \"$PURL\" \"\" \"PUT\")\"\n\n ## check response\n if [ \"$?\" != \"0\" ]; then\n _err \"error in response: $response\"\n return 1\n fi\n _debug2 response \"$response\"\n\n ## finished correctly\n return 0\n}\n\n## Remove the txt record after validation.\n## Usage: fulldomain txtvalue\n## EG: \"_acme-challenge.www.other.domain.com\" \"XKrxpRBosdq0HG9i01zxXp5CPBs\"\ndns_bunny_rm() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=$2\n\n BUNNY_API_KEY=\"${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}\"\n # Check if API Key Exists\n if [ -z \"$BUNNY_API_KEY\" ]; then\n BUNNY_API_KEY=\"\"\n _err \"You did not specify Bunny.net API key.\"\n _err \"Please export BUNNY_API_KEY and try again.\"\n return 1\n fi\n\n _info \"Using Bunny.net dns validation - remove record\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ## split the domain for Bunny API\n if ! _get_base_domain \"$fulldomain\"; then\n _err \"Domain not found in your account for TXT record removal\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug _domain_id \"$_domain_id\"\n\n ## Set the header with our post type and key auth key\n export _H1=\"Accept: application/json\"\n export _H2=\"AccessKey: $BUNNY_API_KEY\"\n ## get URL for the list of DNS records\n GURL=\"https://api.bunny.net/dnszone/$_domain_id\"\n\n ## 1) Get the domain/zone records\n ## the fetch request - GET\n ## args: URL, [onlyheader, timeout]\n domain_list=\"$(_get \"$GURL\")\"\n\n ## check response\n if [ \"$?\" != \"0\" ]; then\n _err \"error in domain_list response: $domain_list\"\n return 1\n fi\n _debug2 domain_list \"$domain_list\"\n\n ## 2) search through records\n ## check for what we are looking for: \"Type\":3,\"Value\":\"$txtvalue\",\"Name\":\"$_sub_domain\"\n record=\"$(echo \"$domain_list\" | _egrep_o \"\\\"Id\\\"\\s*\\:\\s*\\\"*[0-9]+\\\"*,\\s*\\\"Type\\\"[^}]*\\\"Value\\\"\\s*\\:\\s*\\\"$txtvalue\\\"[^}]*\\\"Name\\\"\\s*\\:\\s*\\\"$_sub_domain\\\"\")\"\n\n if [ -n \"$record\" ]; then\n\n ## We found records\n rec_ids=\"$(echo \"$record\" | _egrep_o \"Id\\\"\\s*\\:\\s*\\\"*[0-9]+\" | _egrep_o \"[0-9]+\")\"\n _debug rec_ids \"$rec_ids\"\n if [ -n \"$rec_ids\" ]; then\n echo \"$rec_ids\" | while IFS= read -r rec_id; do\n ## delete the record\n ## delete URL for removing the one we dont want\n DURL=\"https://api.bunny.net/dnszone/$_domain_id/records/$rec_id\"\n\n ## the removal request - DELETE\n ## args: BODY, URL, [need64, httpmethod]\n response=\"$(_post \"\" \"$DURL\" \"\" \"DELETE\")\"\n\n ## check response (sort of)\n if [ \"$?\" != \"0\" ]; then\n _err \"error in remove response: $response\"\n return 1\n fi\n _debug2 response \"$response\"\n\n done\n fi\n fi\n\n ## finished correctly\n return 0\n}\n\n##################### Private functions below #####################\n\n## Split the domain provided into the \"base domain\" and the \"start prefix\".\n## This function searches for the longest subdomain in your account\n## for the full domain given and splits it into the base domain (zone)\n## and the prefix/record to be added/removed\n## USAGE: fulldomain\n## EG: \"_acme-challenge.two.three.four.domain.com\"\n## returns\n## _sub_domain=\"_acme-challenge.two\"\n## _domain=\"three.four.domain.com\" *IF* zone \"three.four.domain.com\" exists\n## _domain_id=234\n## if only \"domain.com\" exists it will return\n## _sub_domain=\"_acme-challenge.two.three.four\"\n## _domain=\"domain.com\"\n## _domain_id=234\n_get_base_domain() {\n # args\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n _debug fulldomain \"$fulldomain\"\n\n # domain max legal length = 253\n MAX_DOM=255\n page=1\n\n ## get a list of domains for the account to check thru\n ## Set the headers\n export _H1=\"Accept: application/json\"\n export _H2=\"AccessKey: $BUNNY_API_KEY\"\n _debug BUNNY_API_KEY \"$BUNNY_API_KEY\"\n ## get URL for the list of domains\n ## may get: \"links\":{\"pages\":{\"last\":\".../v2/domains/DOM/records?page=2\",\"next\":\".../v2/domains/DOM/records?page=2\"}}\n DOMURL=\"https://api.bunny.net/dnszone\"\n\n ## while we dont have a matching domain we keep going\n while [ -z \"$found\" ]; do\n ## get the domain list (current page)\n domain_list=\"$(_get \"$DOMURL\")\"\n\n ## check response\n if [ \"$?\" != \"0\" ]; then\n _err \"error in domain_list response: $domain_list\"\n return 1\n fi\n _debug2 domain_list \"$domain_list\"\n\n i=1\n while [ \"$i\" -gt 0 ]; do\n ## get next longest domain\n _domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f \"$i\"-\"$MAX_DOM\")\n ## check we got something back from our cut (or are we at the end)\n if [ -z \"$_domain\" ]; then\n break\n fi\n ## we got part of a domain back - grep it out\n found=\"$(echo \"$domain_list\" | _egrep_o \"\\\"Id\\\"\\s*:\\s*\\\"*[0-9]+\\\"*,\\s*\\\"Domain\\\"\\s*\\:\\s*\\\"$_domain\\\"\")\"\n ## check if it exists\n if [ -n \"$found\" ]; then\n ## exists - exit loop returning the parts\n sub_point=$(_math \"$i\" - 1)\n _sub_domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 1-\"$sub_point\")\n _domain_id=\"$(echo \"$found\" | _egrep_o \"Id\\\"\\s*\\:\\s*\\\"*[0-9]+\" | _egrep_o \"[0-9]+\")\"\n _debug _domain_id \"$_domain_id\"\n _debug _domain \"$_domain\"\n _debug _sub_domain \"$_sub_domain\"\n found=\"\"\n return 0\n fi\n ## increment cut point $i\n i=$(_math \"$i\" + 1)\n done\n\n if [ -z \"$found\" ]; then\n page=$(_math \"$page\" + 1)\n nextpage=\"https://api.bunny.net/dnszone?page=$page\"\n ## Find the next page if we don't have a match.\n hasnextpage=\"$(echo \"$domain_list\" | _egrep_o \"\\\"HasMoreItems\\\"\\s*:\\s*true\")\"\n if [ -z \"$hasnextpage\" ]; then\n _err \"No record and no nextpage in Bunny.net domain search.\"\n found=\"\"\n return 1\n fi\n _debug2 nextpage \"$nextpage\"\n DOMURL=\"$nextpage\"\n fi\n\n done\n\n ## We went through the entire domain zone list and didn't find one that matched.\n ## If we ever get here, something is broken in the code...\n _err \"Domain not found in Bunny.net account, but we should never get here!\"\n found=\"\"\n return 1\n}\n"
},
{
"path": "dnsapi/dns_cf.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_cf_info='CloudFlare\nSite: CloudFlare.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf\nOptions:\n CF_Key API Key\n CF_Email Your account email\nOptionsAlt:\n CF_Token API Token\n CF_Account_ID Account ID\n CF_Zone_ID Zone ID. Optional.\n'\n\nCF_Api=\"https://api.cloudflare.com/client/v4\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_cf_add() {\n fulldomain=$1\n txtvalue=$2\n\n CF_Token=\"${CF_Token:-$(_readaccountconf_mutable CF_Token)}\"\n CF_Account_ID=\"${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}\"\n CF_Zone_ID=\"${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}\"\n CF_Key=\"${CF_Key:-$(_readaccountconf_mutable CF_Key)}\"\n CF_Email=\"${CF_Email:-$(_readaccountconf_mutable CF_Email)}\"\n\n if [ \"$CF_Token\" ]; then\n if [ \"$CF_Zone_ID\" ]; then\n _savedomainconf CF_Token \"$CF_Token\"\n _savedomainconf CF_Account_ID \"$CF_Account_ID\"\n _savedomainconf CF_Zone_ID \"$CF_Zone_ID\"\n else\n _saveaccountconf_mutable CF_Token \"$CF_Token\"\n _saveaccountconf_mutable CF_Account_ID \"$CF_Account_ID\"\n _clearaccountconf_mutable CF_Zone_ID\n _clearaccountconf CF_Zone_ID\n fi\n else\n if [ -z \"$CF_Key\" ] || [ -z \"$CF_Email\" ]; then\n CF_Key=\"\"\n CF_Email=\"\"\n _err \"You didn't specify a Cloudflare api key and email yet.\"\n _err \"You can get yours from here https://dash.cloudflare.com/profile.\"\n return 1\n fi\n\n if ! _contains \"$CF_Email\" \"@\"; then\n _err \"It seems that the CF_Email=$CF_Email is not a valid email address.\"\n _err \"Please check and retry.\"\n return 1\n fi\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable CF_Key \"$CF_Key\"\n _saveaccountconf_mutable CF_Email \"$CF_Email\"\n\n _clearaccountconf_mutable CF_Token\n _clearaccountconf_mutable CF_Account_ID\n _clearaccountconf_mutable CF_Zone_ID\n _clearaccountconf CF_Token\n _clearaccountconf CF_Account_ID\n _clearaccountconf CF_Zone_ID\n\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _cf_rest GET \"zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain\"\n\n if ! echo \"$response\" | tr -d \" \" | grep \\\"success\\\":true >/dev/null; then\n _err \"Error\"\n return 1\n fi\n\n # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so\n # we can not use updating anymore.\n # count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"count\\\":[^,]*\" | cut -d : -f 2)\n # _debug count \"$count\"\n # if [ \"$count\" = \"0\" ]; then\n _info \"Adding record\"\n if _cf_rest POST \"zones/$_domain_id/dns_records\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$fulldomain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":120}\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n return 0\n elif _contains \"$response\" \"The record already exists\" ||\n _contains \"$response\" \"An identical record already exists.\" ||\n _contains \"$response\" '\"code\":81058'; then\n _info \"Already exists, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n\n}\n\n#fulldomain txtvalue\ndns_cf_rm() {\n fulldomain=$1\n txtvalue=$2\n\n CF_Token=\"${CF_Token:-$(_readaccountconf_mutable CF_Token)}\"\n CF_Account_ID=\"${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}\"\n CF_Zone_ID=\"${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}\"\n CF_Key=\"${CF_Key:-$(_readaccountconf_mutable CF_Key)}\"\n CF_Email=\"${CF_Email:-$(_readaccountconf_mutable CF_Email)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _cf_rest GET \"zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue\"\n\n if ! echo \"$response\" | tr -d \" \" | grep \\\"success\\\":true >/dev/null; then\n _err \"Error: $response\"\n return 1\n fi\n\n count=$(echo \"$response\" | _egrep_o \"\\\"count\\\": *[^,]*\" | cut -d : -f 2 | tr -d \" \")\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n record_id=$(echo \"$response\" | _egrep_o \"\\\"id\\\": *\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\" | _head_n 1 | tr -d \" \")\n _debug \"record_id\" \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if ! _cf_rest DELETE \"zones/$_domain_id/dns_records/$record_id\"; then\n _err \"Delete record error.\"\n return 1\n fi\n echo \"$response\" | tr -d \" \" | grep \\\"success\\\":true >/dev/null\n fi\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=1\n p=1\n\n # Use Zone ID directly if provided\n if [ \"$CF_Zone_ID\" ]; then\n if ! _cf_rest GET \"zones/$CF_Zone_ID\"; then\n return 1\n else\n if echo \"$response\" | tr -d \" \" | grep \\\"success\\\":true >/dev/null; then\n _domain=$(echo \"$response\" | _egrep_o \"\\\"name\\\": *\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\" | _head_n 1 | tr -d \" \")\n if [ \"$_domain\" ]; then\n _cutlength=$((${#domain} - ${#_domain} - 1))\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -c \"1-$_cutlength\")\n _domain_id=$CF_Zone_ID\n return 0\n else\n return 1\n fi\n else\n return 1\n fi\n fi\n fi\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if [ \"$CF_Account_ID\" ]; then\n if ! _cf_rest GET \"zones?name=$h&account.id=$CF_Account_ID\"; then\n return 1\n fi\n else\n if ! _cf_rest GET \"zones?name=$h\"; then\n return 1\n fi\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" || _contains \"$response\" '\"total_count\":1'; then\n _domain_id=$(echo \"$response\" | _egrep_o \"\\[.\\\"id\\\": *\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\" | tr -d \" \")\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_cf_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n email_trimmed=$(echo \"$CF_Email\" | tr -d '\"')\n key_trimmed=$(echo \"$CF_Key\" | tr -d '\"')\n token_trimmed=$(echo \"$CF_Token\" | tr -d '\"')\n\n export _H1=\"Content-Type: application/json\"\n if [ \"$token_trimmed\" ]; then\n export _H2=\"Authorization: Bearer $token_trimmed\"\n else\n export _H2=\"X-Auth-Email: $email_trimmed\"\n export _H3=\"X-Auth-Key: $key_trimmed\"\n fi\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$CF_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$CF_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_clouddns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_clouddns_info='vshosting.cz CloudDNS\nSite: github.com/vshosting/clouddns\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_clouddns\nOptions:\n CLOUDDNS_EMAIL Email\n CLOUDDNS_PASSWORD Password\n CLOUDDNS_CLIENT_ID Client ID\nIssues: github.com/acmesh-official/acme.sh/issues/2699\nAuthor: Radek Sprta \n'\n\nCLOUDDNS_API='https://admin.vshosting.cloud/clouddns'\nCLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login'\n\n######## Public functions #####################\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_clouddns_add() {\n fulldomain=$1\n txtvalue=$2\n _debug \"fulldomain\" \"$fulldomain\"\n\n CLOUDDNS_CLIENT_ID=\"${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}\"\n CLOUDDNS_EMAIL=\"${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}\"\n CLOUDDNS_PASSWORD=\"${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}\"\n\n if [ -z \"$CLOUDDNS_PASSWORD\" ] || [ -z \"$CLOUDDNS_EMAIL\" ] || [ -z \"$CLOUDDNS_CLIENT_ID\" ]; then\n CLOUDDNS_CLIENT_ID=\"\"\n CLOUDDNS_EMAIL=\"\"\n CLOUDDNS_PASSWORD=\"\"\n _err \"You didn't specify a CloudDNS password, email and client ID yet.\"\n return 1\n fi\n if ! _contains \"$CLOUDDNS_EMAIL\" \"@\"; then\n _err \"It seems that the CLOUDDNS_EMAIL=$CLOUDDNS_EMAIL is not a valid email address.\"\n _err \"Please check and retry.\"\n return 1\n fi\n # Save CloudDNS client id, email and password to config file\n _saveaccountconf_mutable CLOUDDNS_CLIENT_ID \"$CLOUDDNS_CLIENT_ID\"\n _saveaccountconf_mutable CLOUDDNS_EMAIL \"$CLOUDDNS_EMAIL\"\n _saveaccountconf_mutable CLOUDDNS_PASSWORD \"$CLOUDDNS_PASSWORD\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # Add TXT record\n data=\"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$fulldomain.\\\",\\\"value\\\":\\\"$txtvalue\\\",\\\"domainId\\\":\\\"$_domain_id\\\"}\"\n if _clouddns_api POST \"record-txt\" \"$data\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n elif _contains \"$response\" '\"code\":4136'; then\n _info \"Already exists, OK\"\n else\n _err \"Add TXT record error.\"\n return 1\n fi\n fi\n\n _debug \"Publishing record changes\"\n _clouddns_api PUT \"domain/$_domain_id/publish\" \"{\\\"soaTtl\\\":300}\"\n}\n\n# Usage: rm _acme-challenge.www.domain.com\ndns_clouddns_rm() {\n fulldomain=$1\n _debug \"fulldomain\" \"$fulldomain\"\n\n CLOUDDNS_CLIENT_ID=\"${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}\"\n CLOUDDNS_EMAIL=\"${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}\"\n CLOUDDNS_PASSWORD=\"${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # Get record ID\n _clouddns_api GET \"domain/$_domain_id\"\n if _contains \"$response\" \"lastDomainRecordList\"; then\n re=\"\\\"lastDomainRecordList\\\".*\\\"id\\\":\\\"([^\\\"}]*)\\\"[^}]*\\\"name\\\":\\\"$fulldomain.\\\",\"\n _last_domains=$(echo \"$response\" | _egrep_o \"$re\")\n re2=\"\\\"id\\\":\\\"([^\\\"}]*)\\\"[^}]*\\\"name\\\":\\\"$fulldomain.\\\",\"\n _record_id=$(echo \"$_last_domains\" | _egrep_o \"$re2\" | _head_n 1 | cut -d : -f 2 | cut -d , -f 1 | tr -d \"\\\"\")\n _debug _record_id \"$_record_id\"\n else\n _err \"Could not retrieve record ID\"\n return 1\n fi\n\n _info \"Removing record\"\n if _clouddns_api DELETE \"record/$_record_id\"; then\n if _contains \"$response\" \"\\\"error\\\":\"; then\n _err \"Could not remove record\"\n return 1\n fi\n fi\n\n _debug \"Publishing record changes\"\n _clouddns_api PUT \"domain/$_domain_id/publish\" \"{\\\"soaTtl\\\":300}\"\n}\n\n#################### Private functions below ##################################\n\n# Usage: _get_root _acme-challenge.www.domain.com\n# Returns:\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n\n # Get domain root\n data=\"{\\\"search\\\": [{\\\"name\\\": \\\"clientId\\\", \\\"operator\\\": \\\"eq\\\", \\\"value\\\": \\\"$CLOUDDNS_CLIENT_ID\\\"}]}\"\n _clouddns_api \"POST\" \"domain/search\" \"$data\"\n domain_slice=\"$domain\"\n while [ -z \"$domain_root\" ]; do\n if _contains \"$response\" \"\\\"domainName\\\":\\\"$domain_slice\\.\\\"\"; then\n domain_root=\"$domain_slice\"\n _debug domain_root \"$domain_root\"\n fi\n domain_slice=\"$(echo \"$domain_slice\" | cut -d . -f 2-)\"\n done\n\n # Get domain id\n data=\"{\\\"search\\\": [{\\\"name\\\": \\\"clientId\\\", \\\"operator\\\": \\\"eq\\\", \\\"value\\\": \\\"$CLOUDDNS_CLIENT_ID\\\"}, \\\n {\\\"name\\\": \\\"domainName\\\", \\\"operator\\\": \\\"eq\\\", \\\"value\\\": \\\"$domain_root.\\\"}]}\"\n _clouddns_api \"POST\" \"domain/search\" \"$data\"\n if _contains \"$response\" \"\\\"id\\\":\\\"\"; then\n re='domainType\\\":\\\"[^\\\"]*\\\",\\\"id\\\":\\\"([^\\\"]*)\\\",' # Match domain id\n _domain_id=$(echo \"$response\" | _egrep_o \"$re\" | _head_n 1 | cut -d : -f 3 | tr -d \"\\\",\")\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | sed \"s/.$domain_root//\")\n _domain=\"$domain_root\"\n return 0\n fi\n _err 'Domain name not found on your CloudDNS account'\n return 1\n fi\n return 1\n}\n\n# Usage: _clouddns_api GET domain/search '{\"data\": \"value\"}'\n# Returns:\n# response='{\"message\": \"api response\"}'\n_clouddns_api() {\n method=$1\n endpoint=\"$2\"\n data=\"$3\"\n _debug endpoint \"$endpoint\"\n\n if [ -z \"$CLOUDDNS_TOKEN\" ]; then\n _clouddns_login\n fi\n _debug CLOUDDNS_TOKEN \"$CLOUDDNS_TOKEN\"\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: Bearer $CLOUDDNS_TOKEN\"\n\n if [ \"$method\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$CLOUDDNS_API/$endpoint\" \"\" \"$method\" | tr -d '\\t\\r\\n ')\"\n else\n response=\"$(_get \"$CLOUDDNS_API/$endpoint\" | tr -d '\\t\\r\\n ')\"\n fi\n\n # shellcheck disable=SC2181\n if [ \"$?\" != \"0\" ]; then\n _err \"Error $endpoint\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n\n# Returns:\n# CLOUDDNS_TOKEN=dslfje2rj23l\n_clouddns_login() {\n login_data=\"{\\\"email\\\": \\\"$CLOUDDNS_EMAIL\\\", \\\"password\\\": \\\"$CLOUDDNS_PASSWORD\\\"}\"\n response=\"$(_post \"$login_data\" \"$CLOUDDNS_LOGIN_API\" \"\" \"POST\" \"Content-Type: application/json\")\"\n\n if _contains \"$response\" \"\\\"accessToken\\\":\\\"\"; then\n CLOUDDNS_TOKEN=$(echo \"$response\" | _egrep_o \"\\\"accessToken\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\")\n export CLOUDDNS_TOKEN\n else\n echo 'Could not get CloudDNS access token; check your credentials'\n return 1\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_cloudns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_cloudns_info='ClouDNS.net\nSite: ClouDNS.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cloudns\nOptions:\n CLOUDNS_AUTH_ID Regular auth ID\n CLOUDNS_SUB_AUTH_ID Sub auth ID\n CLOUDNS_AUTH_PASSWORD Auth Password\nAuthor: Boyan Peychev \n'\n\nCLOUDNS_API=\"https://api.cloudns.net\"\nDOMAIN_TYPE=\nDOMAIN_MASTER=\n\n######## Public functions #####################\n\n#Usage: dns_cloudns_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_cloudns_add() {\n _info \"Using cloudns\"\n\n if ! _dns_cloudns_init_check; then\n return 1\n fi\n\n zone=\"$(_dns_cloudns_get_zone_name \"$1\")\"\n if [ -z \"$zone\" ]; then\n _err \"Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup.\"\n return 1\n fi\n\n host=\"$(echo \"$1\" | sed \"s/\\.$zone\\$//\")\"\n record=$2\n\n _debug zone \"$zone\"\n _debug host \"$host\"\n _debug record \"$record\"\n\n _info \"Adding the TXT record for $1\"\n _dns_cloudns_http_api_call \"dns/add-record.json\" \"domain-name=$zone&record-type=TXT&host=$host&record=$record&ttl=60\"\n if ! _contains \"$response\" \"\\\"status\\\":\\\"Success\\\"\"; then\n _err \"Record cannot be added.\"\n return 1\n fi\n _info \"Added.\"\n\n return 0\n}\n\n#Usage: dns_cloudns_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_cloudns_rm() {\n _info \"Using cloudns\"\n\n if ! _dns_cloudns_init_check; then\n return 1\n fi\n\n if [ -z \"$zone\" ]; then\n zone=\"$(_dns_cloudns_get_zone_name \"$1\")\"\n if [ -z \"$zone\" ]; then\n _err \"Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup.\"\n return 1\n fi\n fi\n\n host=\"$(echo \"$1\" | sed \"s/\\.$zone\\$//\")\"\n record=$2\n\n _dns_cloudns_get_zone_info \"$zone\"\n\n _debug \"Type\" \"$DOMAIN_TYPE\"\n _debug \"Cloud Master\" \"$DOMAIN_MASTER\"\n if _contains \"$DOMAIN_TYPE\" \"cloud\"; then\n zone=$DOMAIN_MASTER\n fi\n _debug \"ZONE\" \"$zone\"\n\n _dns_cloudns_http_api_call \"dns/records.json\" \"domain-name=$zone&host=$host&type=TXT\"\n if ! _contains \"$response\" \"\\\"id\\\":\"; then\n return 1\n fi\n\n for i in $(echo \"$response\" | tr '{' \"\\n\" | grep -- \"$record\"); do\n record_id=$(echo \"$i\" | tr ',' \"\\n\" | grep -E '^\"id\"' | sed -re 's/^\\\"id\\\"\\:\\\"([0-9]+)\\\"$/\\1/g')\n\n if [ -n \"$record_id\" ]; then\n _debug zone \"$zone\"\n _debug host \"$host\"\n _debug record \"$record\"\n _debug record_id \"$record_id\"\n\n _info \"Deleting the TXT record for $1\"\n _dns_cloudns_http_api_call \"dns/delete-record.json\" \"domain-name=$zone&record-id=$record_id\"\n\n if ! _contains \"$response\" \"\\\"status\\\":\\\"Success\\\"\"; then\n _err \"The TXT record for $1 cannot be deleted.\"\n else\n _info \"Deleted.\"\n fi\n fi\n done\n\n return 0\n}\n\n#################### Private functions below ##################################\n_dns_cloudns_init_check() {\n if [ -n \"$CLOUDNS_INIT_CHECK_COMPLETED\" ]; then\n return 0\n fi\n\n CLOUDNS_AUTH_ID=\"${CLOUDNS_AUTH_ID:-$(_readaccountconf_mutable CLOUDNS_AUTH_ID)}\"\n CLOUDNS_SUB_AUTH_ID=\"${CLOUDNS_SUB_AUTH_ID:-$(_readaccountconf_mutable CLOUDNS_SUB_AUTH_ID)}\"\n CLOUDNS_AUTH_PASSWORD=\"${CLOUDNS_AUTH_PASSWORD:-$(_readaccountconf_mutable CLOUDNS_AUTH_PASSWORD)}\"\n if [ -z \"$CLOUDNS_AUTH_ID$CLOUDNS_SUB_AUTH_ID\" ] || [ -z \"$CLOUDNS_AUTH_PASSWORD\" ]; then\n CLOUDNS_AUTH_ID=\"\"\n CLOUDNS_SUB_AUTH_ID=\"\"\n CLOUDNS_AUTH_PASSWORD=\"\"\n _err \"You don't specify cloudns api id and password yet.\"\n _err \"Please create you id and password and try again.\"\n return 1\n fi\n\n if [ -z \"$CLOUDNS_AUTH_ID\" ] && [ -z \"$CLOUDNS_SUB_AUTH_ID\" ]; then\n _err \"CLOUDNS_AUTH_ID or CLOUDNS_SUB_AUTH_ID is not configured\"\n return 1\n fi\n\n if [ -z \"$CLOUDNS_AUTH_PASSWORD\" ]; then\n _err \"CLOUDNS_AUTH_PASSWORD is not configured\"\n return 1\n fi\n\n _dns_cloudns_http_api_call \"dns/login.json\" \"\"\n\n if ! _contains \"$response\" \"\\\"status\\\":\\\"Success\\\"\"; then\n _err \"Invalid CLOUDNS_AUTH_ID or CLOUDNS_AUTH_PASSWORD. Please check your login credentials.\"\n return 1\n fi\n\n # save the api id and password to the account conf file.\n _saveaccountconf_mutable CLOUDNS_AUTH_ID \"$CLOUDNS_AUTH_ID\"\n _saveaccountconf_mutable CLOUDNS_SUB_AUTH_ID \"$CLOUDNS_SUB_AUTH_ID\"\n _saveaccountconf_mutable CLOUDNS_AUTH_PASSWORD \"$CLOUDNS_AUTH_PASSWORD\"\n\n CLOUDNS_INIT_CHECK_COMPLETED=1\n\n return 0\n}\n\n_dns_cloudns_get_zone_info() {\n zone=$1\n _dns_cloudns_http_api_call \"dns/get-zone-info.json\" \"domain-name=$zone\"\n if ! _contains \"$response\" \"\\\"status\\\":\\\"Failed\\\"\"; then\n DOMAIN_TYPE=$(echo \"$response\" | _egrep_o '\"type\":\"[^\"]*\"' | cut -d : -f 2 | tr -d '\"')\n if _contains \"$DOMAIN_TYPE\" \"cloud\"; then\n DOMAIN_MASTER=$(echo \"$response\" | _egrep_o '\"cloud-master\":\"[^\"]*\"' | cut -d : -f 2 | tr -d '\"')\n fi\n fi\n return 0\n}\n\n_dns_cloudns_get_zone_name() {\n i=2\n while true; do\n zoneForCheck=$(printf \"%s\" \"$1\" | cut -d . -f \"$i\"-100)\n\n if [ -z \"$zoneForCheck\" ]; then\n return 1\n fi\n\n _debug zoneForCheck \"$zoneForCheck\"\n\n _dns_cloudns_http_api_call \"dns/get-zone-info.json\" \"domain-name=$zoneForCheck\"\n\n if ! _contains \"$response\" \"\\\"status\\\":\\\"Failed\\\"\"; then\n echo \"$zoneForCheck\"\n return 0\n fi\n\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_dns_cloudns_http_api_call() {\n method=$1\n\n _debug CLOUDNS_AUTH_ID \"$CLOUDNS_AUTH_ID\"\n _debug CLOUDNS_SUB_AUTH_ID \"$CLOUDNS_SUB_AUTH_ID\"\n _debug CLOUDNS_AUTH_PASSWORD \"$CLOUDNS_AUTH_PASSWORD\"\n\n if [ -n \"$CLOUDNS_SUB_AUTH_ID\" ]; then\n auth_user=\"sub-auth-id=$CLOUDNS_SUB_AUTH_ID\"\n else\n auth_user=\"auth-id=$CLOUDNS_AUTH_ID\"\n fi\n\n encoded_password=$(echo \"$CLOUDNS_AUTH_PASSWORD\" | tr -d \"\\n\\r\" | _url_encode)\n if [ -z \"$2\" ]; then\n data=\"$auth_user&auth-password=$encoded_password\"\n else\n data=\"$auth_user&auth-password=$encoded_password&$2\"\n fi\n\n response=\"$(_get \"$CLOUDNS_API/$method?$data\")\"\n\n _debug response \"$response\"\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_cn.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_cn_info='Core-Networks.de\nSite: beta.api.Core-Networks.de/doc/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cn\nOptions:\n CN_User User\n CN_Password Password\nIssues: github.com/acmesh-official/acme.sh/issues/2142\nAuthor: 5ll, francis\n'\n\nCN_API=\"https://beta.api.core-networks.de\"\n\n######## Public functions #####################\n\ndns_cn_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _cn_login; then\n _err \"login failed\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _cn_get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug \"_sub_domain $_sub_domain\"\n _debug \"_domain $_domain\"\n\n _info \"Adding record\"\n curData=\"{\\\"name\\\":\\\"$_sub_domain\\\",\\\"ttl\\\":120,\\\"type\\\":\\\"TXT\\\",\\\"data\\\":\\\"$txtvalue\\\"}\"\n curResult=\"$(_post \"${curData}\" \"${CN_API}/dnszones/${_domain}/records/\")\"\n\n _debug \"curData $curData\"\n _debug \"curResult $curResult\"\n\n if _contains \"$curResult\" \"\"; then\n _info \"Added, OK\"\n\n if ! _cn_commit; then\n _err \"commiting changes failed\"\n return 1\n fi\n return 0\n\n else\n _err \"Add txt record error.\"\n _debug \"curData is $curData\"\n _debug \"curResult is $curResult\"\n _err \"error adding text record, response was $curResult\"\n return 1\n fi\n}\n\ndns_cn_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _cn_login; then\n _err \"login failed\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _cn_get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _info \"Deleting record\"\n curData=\"{\\\"name\\\":\\\"$_sub_domain\\\",\\\"data\\\":\\\"$txtvalue\\\"}\"\n curResult=\"$(_post \"${curData}\" \"${CN_API}/dnszones/${_domain}/records/delete\")\"\n _debug curData is \"$curData\"\n\n _info \"commiting changes\"\n if ! _cn_commit; then\n _err \"commiting changes failed\"\n return 1\n fi\n\n _info \"Deletet txt record\"\n return 0\n}\n\n################### Private functions below ##################################\n_cn_login() {\n CN_User=\"${CN_User:-$(_readaccountconf_mutable CN_User)}\"\n CN_Password=\"${CN_Password:-$(_readaccountconf_mutable CN_Password)}\"\n if [ -z \"$CN_User\" ] || [ -z \"$CN_Password\" ]; then\n CN_User=\"\"\n CN_Password=\"\"\n _err \"You must export variables: CN_User and CN_Password\"\n return 1\n fi\n\n #save the config variables to the account conf file.\n _saveaccountconf_mutable CN_User \"$CN_User\"\n _saveaccountconf_mutable CN_Password \"$CN_Password\"\n\n _info \"Getting an AUTH-Token\"\n curData=\"{\\\"login\\\":\\\"${CN_User}\\\",\\\"password\\\":\\\"${CN_Password}\\\"}\"\n curResult=\"$(_post \"${curData}\" \"${CN_API}/auth/token\")\"\n _debug \"Calling _CN_login: '${curData}' '${CN_API}/auth/token'\"\n\n if _contains \"${curResult}\" '\"token\":\"'; then\n authToken=$(echo \"${curResult}\" | cut -d \":\" -f2 | cut -d \",\" -f1 | sed 's/^.\\(.*\\).$/\\1/')\n export _H1=\"Authorization: Bearer $authToken\"\n _info \"Successfully acquired AUTH-Token\"\n _debug \"AUTH-Token: '${authToken}'\"\n _debug \"_H1 '${_H1}'\"\n else\n _err \"Couldn't acquire an AUTH-Token\"\n return 1\n fi\n}\n\n# Commit changes\n_cn_commit() {\n _info \"Commiting changes\"\n _post \"\" \"${CN_API}/dnszones/$h/records/commit\"\n}\n\n_cn_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n _debug _H1 \"${_H1}\"\n\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n _cn_zonelist=\"$(_get ${CN_API}/dnszones/)\"\n _debug _cn_zonelist \"${_cn_zonelist}\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"something went wrong while getting the zone list\"\n return 1\n fi\n\n if _contains \"$_cn_zonelist\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n else\n _debug \"Zonelist does not contain domain - iterating \"\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n\n done\n _err \"Zonelist does not contain domain - exiting\"\n return 1\n}\n"
},
{
"path": "dnsapi/dns_conoha.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_conoha_info='ConoHa.jp\nDomains: ConoHa.io\nSite: ConoHa.jp\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha\nOptions:\n CONOHA_Username Username\n CONOHA_Password Password\n CONOHA_TenantId TenantId\n CONOHA_IdentityServiceApi Identity Service API. E.g. \"https://identity.xxxx.conoha.io/v2.0\"\n'\n\nCONOHA_DNS_EP_PREFIX_REGEXP=\"https://dns-service\\.\"\n\n######## Public functions #####################\n\n#Usage: dns_conoha_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_conoha_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using conoha\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _debug \"Check uesrname and password\"\n CONOHA_Username=\"${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}\"\n CONOHA_Password=\"${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}\"\n CONOHA_TenantId=\"${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}\"\n CONOHA_IdentityServiceApi=\"${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}\"\n if [ -z \"$CONOHA_Username\" ] || [ -z \"$CONOHA_Password\" ] || [ -z \"$CONOHA_TenantId\" ] || [ -z \"$CONOHA_IdentityServiceApi\" ]; then\n CONOHA_Username=\"\"\n CONOHA_Password=\"\"\n CONOHA_TenantId=\"\"\n CONOHA_IdentityServiceApi=\"\"\n _err \"You didn't specify a conoha api username and password yet.\"\n _err \"Please create the user and try again.\"\n return 1\n fi\n\n _saveaccountconf_mutable CONOHA_Username \"$CONOHA_Username\"\n _saveaccountconf_mutable CONOHA_Password \"$CONOHA_Password\"\n _saveaccountconf_mutable CONOHA_TenantId \"$CONOHA_TenantId\"\n _saveaccountconf_mutable CONOHA_IdentityServiceApi \"$CONOHA_IdentityServiceApi\"\n\n if token=\"$(_conoha_get_accesstoken \"$CONOHA_IdentityServiceApi/tokens\" \"$CONOHA_Username\" \"$CONOHA_Password\" \"$CONOHA_TenantId\")\"; then\n accesstoken=\"$(printf \"%s\" \"$token\" | sed -n 1p)\"\n CONOHA_Api=\"$(printf \"%s\" \"$token\" | sed -n 2p)\"\n else\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\" \"$CONOHA_Api\" \"$accesstoken\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n body=\"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$fulldomain.\\\",\\\"data\\\":\\\"$txtvalue\\\",\\\"ttl\\\":60}\"\n if _conoha_rest POST \"$CONOHA_Api/v1/domains/$_domain_id/records\" \"$body\" \"$accesstoken\"; then\n if _contains \"$response\" '\"data\":\"'\"$txtvalue\"'\"'; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n\n _err \"Add txt record error.\"\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_conoha_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using conoha\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _debug \"Check uesrname and password\"\n CONOHA_Username=\"${CONOHA_Username:-$(_readaccountconf_mutable CONOHA_Username)}\"\n CONOHA_Password=\"${CONOHA_Password:-$(_readaccountconf_mutable CONOHA_Password)}\"\n CONOHA_TenantId=\"${CONOHA_TenantId:-$(_readaccountconf_mutable CONOHA_TenantId)}\"\n CONOHA_IdentityServiceApi=\"${CONOHA_IdentityServiceApi:-$(_readaccountconf_mutable CONOHA_IdentityServiceApi)}\"\n if [ -z \"$CONOHA_Username\" ] || [ -z \"$CONOHA_Password\" ] || [ -z \"$CONOHA_TenantId\" ] || [ -z \"$CONOHA_IdentityServiceApi\" ]; then\n CONOHA_Username=\"\"\n CONOHA_Password=\"\"\n CONOHA_TenantId=\"\"\n CONOHA_IdentityServiceApi=\"\"\n _err \"You didn't specify a conoha api username and password yet.\"\n _err \"Please create the user and try again.\"\n return 1\n fi\n\n _saveaccountconf_mutable CONOHA_Username \"$CONOHA_Username\"\n _saveaccountconf_mutable CONOHA_Password \"$CONOHA_Password\"\n _saveaccountconf_mutable CONOHA_TenantId \"$CONOHA_TenantId\"\n _saveaccountconf_mutable CONOHA_IdentityServiceApi \"$CONOHA_IdentityServiceApi\"\n\n if token=\"$(_conoha_get_accesstoken \"$CONOHA_IdentityServiceApi/tokens\" \"$CONOHA_Username\" \"$CONOHA_Password\" \"$CONOHA_TenantId\")\"; then\n accesstoken=\"$(printf \"%s\" \"$token\" | sed -n 1p)\"\n CONOHA_Api=\"$(printf \"%s\" \"$token\" | sed -n 2p)\"\n else\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\" \"$CONOHA_Api\" \"$accesstoken\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n if ! _conoha_rest GET \"$CONOHA_Api/v1/domains/$_domain_id/records\" \"\" \"$accesstoken\"; then\n _err \"Error\"\n return 1\n fi\n\n record_id=$(printf \"%s\" \"$response\" | _egrep_o '{[^}]*}' |\n grep '\"type\":\"TXT\"' | grep \"\\\"data\\\":\\\"$txtvalue\\\"\" | _egrep_o \"\\\"id\\\":\\\"[^\\\"]*\\\"\" |\n _head_n 1 | cut -d : -f 2 | tr -d \\\")\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n _debug record_id \"$record_id\"\n\n _info \"Removing the txt record\"\n if ! _conoha_rest DELETE \"$CONOHA_Api/v1/domains/$_domain_id/records/$record_id\" \"\" \"$accesstoken\"; then\n _err \"Delete record error.\"\n return 1\n fi\n\n return 0\n}\n\n#################### Private functions below ##################################\n\n_conoha_rest() {\n m=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n accesstoken=\"$4\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Content-Type: application/json\"\n if [ -n \"$accesstoken\" ]; then\n export _H3=\"X-Auth-Token: $accesstoken\"\n fi\n\n _debug \"$ep\"\n if [ \"$m\" != \"GET\" ]; then\n _secure_debug2 data \"$data\"\n response=\"$(_post \"$data\" \"$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$ep\")\"\n fi\n _ret=\"$?\"\n _secure_debug2 response \"$response\"\n if [ \"$_ret\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n\n response=\"$(printf \"%s\" \"$response\" | _normalizeJson)\"\n return 0\n}\n\n_conoha_get_accesstoken() {\n ep=\"$1\"\n username=\"$2\"\n password=\"$3\"\n tenantId=\"$4\"\n\n accesstoken=\"$(_readaccountconf_mutable conoha_accesstoken)\"\n expires=\"$(_readaccountconf_mutable conoha_tokenvalidto)\"\n CONOHA_Api=\"$(_readaccountconf_mutable conoha_dns_ep)\"\n\n # can we reuse the access token?\n if [ -n \"$accesstoken\" ] && [ -n \"$expires\" ] && [ -n \"$CONOHA_Api\" ]; then\n utc_date=\"$(_utc_date | sed \"s/ /T/\")\"\n if expr \"$utc_date\" \"<\" \"$expires\" >/dev/null; then\n # access token is still valid - reuse it\n _debug \"reusing access token\"\n printf \"%s\\n%s\\n\" \"$accesstoken\" \"$CONOHA_Api\"\n return 0\n else\n _debug \"access token expired\"\n fi\n fi\n _debug \"getting new access token\"\n\n body=\"$(printf '{\"auth\":{\"passwordCredentials\":{\"username\":\"%s\",\"password\":\"%s\"},\"tenantId\":\"%s\"}}' \"$username\" \"$password\" \"$tenantId\")\"\n if ! _conoha_rest POST \"$ep\" \"$body\" \"\"; then\n _err error \"$response\"\n return 1\n fi\n accesstoken=$(printf \"%s\" \"$response\" | _egrep_o \"\\\"id\\\":\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\")\n expires=$(printf \"%s\" \"$response\" | _egrep_o \"\\\"expires\\\":\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2-4 | tr -d \\\" | tr -d Z) #expect UTC\n if [ -z \"$accesstoken\" ] || [ -z \"$expires\" ]; then\n _err \"no acccess token received. Check your Conoha settings see $WIKI\"\n return 1\n fi\n _saveaccountconf_mutable conoha_accesstoken \"$accesstoken\"\n _saveaccountconf_mutable conoha_tokenvalidto \"$expires\"\n\n CONOHA_Api=$(printf \"%s\" \"$response\" | _egrep_o 'publicURL\":\"'\"$CONOHA_DNS_EP_PREFIX_REGEXP\"'[^\"]*\"' | _head_n 1 | cut -d : -f 2-3 | tr -d \\\")\n if [ -z \"$CONOHA_Api\" ]; then\n _err \"failed to get conoha dns endpoint url\"\n return 1\n fi\n _saveaccountconf_mutable conoha_dns_ep \"$CONOHA_Api\"\n\n printf \"%s\\n%s\\n\" \"$accesstoken\" \"$CONOHA_Api\"\n return 0\n}\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=\"$1\"\n ep=\"$2\"\n accesstoken=\"$3\"\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100).\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _conoha_rest GET \"$ep/v1/domains?name=$h\" \"\" \"$accesstoken\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _domain_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":\\\"[^\\\"]*\\\"\" | head -n 1 | cut -d : -f 2 | tr -d \\\")\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n"
},
{
"path": "dnsapi/dns_constellix.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_constellix_info='Constellix.com\nSite: Constellix.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_constellix\nOptions:\n CONSTELLIX_Key API Key\n CONSTELLIX_Secret API Secret\nIssues: github.com/acmesh-official/acme.sh/issues/2724\nAuthor: Wout Decre \n'\n\nCONSTELLIX_Api=\"https://api.dns.constellix.com/v1\"\n\n######## Public functions #####################\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_constellix_add() {\n fulldomain=$1\n txtvalue=$2\n\n CONSTELLIX_Key=\"${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}\"\n CONSTELLIX_Secret=\"${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}\"\n\n if [ -z \"$CONSTELLIX_Key\" ] || [ -z \"$CONSTELLIX_Secret\" ]; then\n _err \"You did not specify the Contellix API key and secret yet.\"\n return 1\n fi\n\n _saveaccountconf_mutable CONSTELLIX_Key \"$CONSTELLIX_Key\"\n _saveaccountconf_mutable CONSTELLIX_Secret \"$CONSTELLIX_Secret\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n # The TXT record might already exist when working with wildcard certificates. In that case, update the record by adding the new value.\n _debug \"Search TXT record\"\n if _constellix_rest GET \"domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}\"; then\n if printf -- \"%s\" \"$response\" | grep \"{\\\"errors\\\":\\[\\\"Requested record was not found\\\"\\]}\" >/dev/null; then\n _info \"Adding TXT record\"\n if _constellix_rest POST \"domains/${_domain_id}/records\" \"[{\\\"type\\\":\\\"txt\\\",\\\"add\\\":true,\\\"set\\\":{\\\"name\\\":\\\"${_sub_domain}\\\",\\\"ttl\\\":60,\\\"roundRobin\\\":[{\\\"value\\\":\\\"${txtvalue}\\\"}]}}]\"; then\n if printf -- \"%s\" \"$response\" | grep \"{\\\"success\\\":\\\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\\\"}\" >/dev/null; then\n _info \"Added\"\n return 0\n else\n _err \"Error adding TXT record\"\n fi\n fi\n else\n _record_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":[0-9]*\" | cut -d ':' -f 2)\n if _constellix_rest GET \"domains/${_domain_id}/records/TXT/${_record_id}\"; then\n _new_rr_values=$(printf \"%s\\n\" \"$response\" | _egrep_o '\"roundRobin\":\\[[^]]*\\]' | sed \"s/\\]$/,{\\\"value\\\":\\\"${txtvalue}\\\"}]/\")\n _debug _new_rr_values \"$_new_rr_values\"\n _info \"Updating TXT record\"\n if _constellix_rest PUT \"domains/${_domain_id}/records/TXT/${_record_id}\" \"{\\\"name\\\":\\\"${_sub_domain}\\\",\\\"ttl\\\":60,${_new_rr_values}}\"; then\n if printf -- \"%s\" \"$response\" | grep \"{\\\"success\\\":\\\"Record.*updated successfully\\\"}\" >/dev/null; then\n _info \"Updated\"\n return 0\n elif printf -- \"%s\" \"$response\" | grep \"{\\\"errors\\\":\\[\\\"Contents are identical\\\"\\]}\" >/dev/null; then\n _info \"Already exists, no need to update\"\n return 0\n else\n _err \"Error updating TXT record\"\n fi\n fi\n fi\n fi\n fi\n\n return 1\n}\n\n# Usage: fulldomain txtvalue\n# Used to remove the txt record after validation\ndns_constellix_rm() {\n fulldomain=$1\n txtvalue=$2\n\n CONSTELLIX_Key=\"${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}\"\n CONSTELLIX_Secret=\"${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}\"\n\n if [ -z \"$CONSTELLIX_Key\" ] || [ -z \"$CONSTELLIX_Secret\" ]; then\n _err \"You did not specify the Contellix API key and secret yet.\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n # The TXT record might have been removed already when working with some wildcard certificates.\n _debug \"Search TXT record\"\n if _constellix_rest GET \"domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}\"; then\n if printf -- \"%s\" \"$response\" | grep \"{\\\"errors\\\":\\[\\\"Requested record was not found\\\"\\]}\" >/dev/null; then\n _info \"Removed\"\n return 0\n else\n _info \"Removing TXT record\"\n if _constellix_rest POST \"domains/${_domain_id}/records\" \"[{\\\"type\\\":\\\"txt\\\",\\\"delete\\\":true,\\\"filter\\\":{\\\"field\\\":\\\"name\\\",\\\"op\\\":\\\"eq\\\",\\\"value\\\":\\\"${_sub_domain}\\\"}}]\"; then\n if printf -- \"%s\" \"$response\" | grep \"{\\\"success\\\":\\\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\\\"}\" >/dev/null; then\n _info \"Removed\"\n return 0\n else\n _err \"Error removing TXT record\"\n fi\n fi\n fi\n fi\n\n return 1\n}\n\n#################### Private functions below ##################################\n\n_get_root() {\n domain=$(echo \"$1\" | _lower_case)\n i=2\n p=1\n _debug \"Detecting root zone\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n return 1\n fi\n\n if ! _constellix_rest GET \"domains/search?exact=$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\"; then\n _domain_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":[0-9]*\" | cut -d ':' -f 2)\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d '.' -f 1-\"$p\")\n _domain=\"$h\"\n\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_constellix_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n # Prevent rate limit\n _sleep 2\n\n rdate=$(date +\"%s\")\"000\"\n hmac=$(printf \"%s\" \"$rdate\" | _hmac sha1 \"$(printf \"%s\" \"$CONSTELLIX_Secret\" | _hex_dump | tr -d ' ')\" | _base64)\n\n export _H1=\"x-cnsdns-apiKey: $CONSTELLIX_Key\"\n export _H2=\"x-cnsdns-requestDate: $rdate\"\n export _H3=\"x-cnsdns-hmac: $hmac\"\n export _H4=\"Accept: application/json\"\n export _H5=\"Content-Type: application/json\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$CONSTELLIX_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$CONSTELLIX_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Error $ep\"\n return 1\n fi\n\n _debug response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_cpanel.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_cpanel_info='cPanel Server API\n Manage DNS via cPanel Dashboard.\nSite: cPanel.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel\nOptions:\n cPanel_Username Username\n cPanel_Apitoken API Token\n cPanel_Hostname Server URL. E.g. \"https://hostname:port\"\nIssues: github.com/acmesh-official/acme.sh/issues/3732\nAuthor: Bjarne Saltbaek\n'\n\n######## Public functions #####################\n\n# Used to add txt record\ndns_cpanel_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Adding TXT record to cPanel based system\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _debug cPanel_Username \"$cPanel_Username\"\n _debug cPanel_Apitoken \"$cPanel_Apitoken\"\n _debug cPanel_Hostname \"$cPanel_Hostname\"\n\n if ! _cpanel_login; then\n _err \"cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"No matching root domain for $fulldomain found\"\n return 1\n fi\n # adding entry\n _info \"Adding the entry\"\n stripped_fulldomain=$(echo \"$fulldomain\" | sed \"s/.$_domain//\")\n _debug \"Adding $stripped_fulldomain to $_domain zone\"\n _myget \"json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1\"\n if _successful_update; then return 0; fi\n _err \"Couldn't create entry!\"\n return 1\n}\n\n# Usage: fulldomain txtvalue\n# Used to remove the txt record after validation\ndns_cpanel_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using cPanel based system\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if ! _cpanel_login; then\n _err \"cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file\"\n return 1\n fi\n\n if ! _get_root; then\n _err \"No matching root domain for $fulldomain found\"\n return 1\n fi\n\n _findentry \"$fulldomain\" \"$txtvalue\"\n if [ -z \"$_id\" ]; then\n _info \"Entry doesn't exist, nothing to delete\"\n return 0\n fi\n _debug \"Deleting record...\"\n _myget \"json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id\"\n # removing entry\n _debug \"_result is: $_result\"\n\n if _successful_update; then return 0; fi\n _err \"Couldn't delete entry!\"\n return 1\n}\n\n#################### Private functions below ##################################\n\n_checkcredentials() {\n cPanel_Username=\"${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}\"\n cPanel_Apitoken=\"${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}\"\n cPanel_Hostname=\"${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}\"\n\n if [ -z \"$cPanel_Username\" ] || [ -z \"$cPanel_Apitoken\" ] || [ -z \"$cPanel_Hostname\" ]; then\n cPanel_Username=\"\"\n cPanel_Apitoken=\"\"\n cPanel_Hostname=\"\"\n _err \"You haven't specified cPanel username, apitoken and hostname yet.\"\n _err \"Please add credentials and try again.\"\n return 1\n fi\n #save the credentials to the account conf file.\n _saveaccountconf_mutable cPanel_Username \"$cPanel_Username\"\n _saveaccountconf_mutable cPanel_Apitoken \"$cPanel_Apitoken\"\n _saveaccountconf_mutable cPanel_Hostname \"$cPanel_Hostname\"\n return 0\n}\n\n_cpanel_login() {\n if ! _checkcredentials; then return 1; fi\n\n if ! _myget \"json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo\"; then\n _err \"cPanel login failed for user $cPanel_Username.\"\n return 1\n fi\n return 0\n}\n\n_myget() {\n #Adds auth header to request\n export _H1=\"Authorization: cpanel $cPanel_Username:$cPanel_Apitoken\"\n _result=$(_get \"$cPanel_Hostname/$1\")\n}\n\n_get_root() {\n _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'\n _domains=$(echo \"$_result\" | _egrep_o '\"[a-z0-9\\.\\-]*\":\\[\"; cPanel first' | cut -d':' -f1 | sed 's/\"//g' | sed 's/{//g')\n _debug \"_result is: $_result\"\n _debug \"_domains is: $_domains\"\n if [ -z \"$_domains\" ]; then\n _err \"Primary domain list not found!\"\n return 1\n fi\n for _domain in $_domains; do\n _debug \"Checking if $fulldomain ends with $_domain\"\n if (_endswith \"$fulldomain\" \"$_domain\"); then\n _debug \"Root domain: $_domain\"\n return 0\n fi\n done\n return 1\n}\n\n_successful_update() {\n if (echo \"$_result\" | _egrep_o 'data\":\\[[^]]*]' | grep -q '\"newserial\":null'); then return 1; fi\n return 0\n}\n\n_findentry() {\n _debug \"In _findentry\"\n #returns id of dns entry, if it exists\n _myget \"json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain\"\n _id=$(echo \"$_result\" | sed -e \"s/},{/},\\n{/g\" | grep \"$fulldomain\" | grep \"$txtvalue\" | _egrep_o 'line\":[0-9]+' | cut -d ':' -f 2)\n _debug \"_result is: $_result\"\n _debug \"fulldomain. is $fulldomain.\"\n _debug \"txtvalue is $txtvalue\"\n _debug \"_id is: $_id\"\n if [ -n \"$_id\" ]; then\n _debug \"Entry found with _id=$_id\"\n return 0\n fi\n return 1\n}\n"
},
{
"path": "dnsapi/dns_curanet.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_curanet_info='Curanet.dk\nDomains: scannet.dk wannafind.dk dandomain.dk\nSite: Curanet.dk\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet\nOptions:\n CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns\n CURANET_AUTHSECRET Auth Secret\nIssues: github.com/acmesh-official/acme.sh/issues/3933\nAuthor: Peter L. Hansen \n'\n\nCURANET_REST_URL=\"https://api.curanet.dk/dns/v1/Domains\"\nCURANET_AUTH_URL=\"https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token\"\nCURANET_ACCESS_TOKEN=\"\"\n\n######## Public functions ####################\n\n#Usage: dns_curanet_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_curanet_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using curanet\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n CURANET_AUTHCLIENTID=\"${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}\"\n CURANET_AUTHSECRET=\"${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}\"\n if [ -z \"$CURANET_AUTHCLIENTID\" ] || [ -z \"$CURANET_AUTHSECRET\" ]; then\n CURANET_AUTHCLIENTID=\"\"\n CURANET_AUTHSECRET=\"\"\n _err \"You don't specify curanet api client and secret.\"\n _err \"Please create your auth info and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable CURANET_AUTHCLIENTID \"$CURANET_AUTHCLIENTID\"\n _saveaccountconf_mutable CURANET_AUTHSECRET \"$CURANET_AUTHSECRET\"\n\n if ! _get_token; then\n _err \"Unable to get token\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n export _H1=\"Content-Type: application/json-patch+json\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Authorization: Bearer $CURANET_ACCESS_TOKEN\"\n data=\"{\\\"name\\\": \\\"$fulldomain\\\",\\\"type\\\": \\\"TXT\\\",\\\"ttl\\\": 60,\\\"priority\\\": 0,\\\"data\\\": \\\"$txtvalue\\\"}\"\n response=\"$(_post \"$data\" \"$CURANET_REST_URL/${_domain}/Records\" \"\" \"\")\"\n\n if _contains \"$response\" \"$txtvalue\"; then\n _debug \"TXT record added OK\"\n else\n _err \"Unable to add TXT record\"\n return 1\n fi\n\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_curanet_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using curanet\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n CURANET_AUTHCLIENTID=\"${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}\"\n CURANET_AUTHSECRET=\"${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}\"\n\n if ! _get_token; then\n _err \"Unable to get token\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _debug \"Getting current record list to identify TXT to delete\"\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Authorization: Bearer $CURANET_ACCESS_TOKEN\"\n\n response=\"$(_get \"$CURANET_REST_URL/${_domain}/Records\" \"\" \"\")\"\n\n if ! _contains \"$response\" \"$txtvalue\"; then\n _err \"Unable to delete record (does not contain $txtvalue )\"\n return 1\n fi\n\n recordid=$(echo \"$response\" | _egrep_o \"{\\\"id\\\":[0-9]+,\\\"name\\\":\\\"$fulldomain\\\",\\\"type\\\":\\\"TXT\\\",\\\"ttl\\\":60,\\\"priority\\\":0,\\\"data\\\":\\\"..$txtvalue\" | _egrep_o \"id\\\":[0-9]+\" | cut -c 5-)\n\n if [ -z \"$recordid\" ]; then\n _err \"Unable to get recordid\"\n _debug \"regex {\\\"id\\\":[0-9]+,\\\"name\\\":\\\"$fulldomain\\\",\\\"type\\\":\\\"TXT\\\",\\\"ttl\\\":60,\\\"priority\\\":0,\\\"data\\\":\\\"..$txtvalue\"\n _debug \"response $response\"\n return 1\n fi\n\n _debug \"Deleting recordID $recordid\"\n response=\"$(_post \"\" \"$CURANET_REST_URL/${_domain}/Records/$recordid\" \"\" \"DELETE\")\"\n return 0\n}\n\n#################### Private functions below ##################################\n\n_get_token() {\n response=\"$(_post \"grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns\" \"$CURANET_AUTH_URL\" \"\" \"\")\"\n if ! _contains \"$response\" \"access_token\"; then\n _err \"Unable get access token\"\n return 1\n fi\n CURANET_ACCESS_TOKEN=$(echo \"$response\" | _egrep_o \"\\\"access_token\\\":\\\"[^\\\"]+\" | cut -c 17-)\n\n if [ -z \"$CURANET_ACCESS_TOKEN\" ]; then\n _err \"Unable to get token\"\n return 1\n fi\n\n return 0\n\n}\n\n#_acme-challenge.www.domain.com\n#returns\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Authorization: Bearer $CURANET_ACCESS_TOKEN\"\n response=\"$(_get \"$CURANET_REST_URL/$h/Records\" \"\" \"\")\"\n\n if [ ! \"$(echo \"$response\" | _egrep_o \"Entity not found|Bad Request\")\" ]; then\n _domain=$h\n return 0\n fi\n\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n"
},
{
"path": "dnsapi/dns_cyon.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_cyon_info='cyon.ch\nSite: cyon.ch\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cyon\nOptions:\n CY_Username Username\n CY_Password API Token\n CY_OTP_Secret OTP token. Only required if using 2FA\nIssues: github.com/noplanman/cyon-api/issues\nAuthor: Armando Lüscher \n'\n\ndns_cyon_add() {\n _cyon_load_credentials &&\n _cyon_load_parameters \"$@\" &&\n _cyon_print_header \"add\" &&\n _cyon_login &&\n _cyon_change_domain_env &&\n _cyon_add_txt &&\n _cyon_logout\n}\n\ndns_cyon_rm() {\n _cyon_load_credentials &&\n _cyon_load_parameters \"$@\" &&\n _cyon_print_header \"delete\" &&\n _cyon_login &&\n _cyon_change_domain_env &&\n _cyon_delete_txt &&\n _cyon_logout\n}\n\n#########################\n### PRIVATE FUNCTIONS ###\n#########################\n\n_cyon_load_credentials() {\n # Convert loaded password to/from base64 as needed.\n if [ \"${CY_Password_B64}\" ]; then\n CY_Password=\"$(printf \"%s\" \"${CY_Password_B64}\" | _dbase64)\"\n elif [ \"${CY_Password}\" ]; then\n CY_Password_B64=\"$(printf \"%s\" \"${CY_Password}\" | _base64)\"\n fi\n\n if [ -z \"${CY_Username}\" ] || [ -z \"${CY_Password}\" ]; then\n # Dummy entries to satisfy script checker.\n CY_Username=\"\"\n CY_Password=\"\"\n CY_OTP_Secret=\"\"\n\n _err \"\"\n _err \"You haven't set your cyon.ch login credentials yet.\"\n _err \"Please set the required cyon environment variables.\"\n _err \"\"\n return 1\n fi\n\n # Save the login credentials to the account.conf file.\n _debug \"Save credentials to account.conf\"\n _saveaccountconf CY_Username \"${CY_Username}\"\n _saveaccountconf CY_Password_B64 \"$CY_Password_B64\"\n if [ -n \"${CY_OTP_Secret}\" ]; then\n _saveaccountconf CY_OTP_Secret \"$CY_OTP_Secret\"\n else\n _clearaccountconf CY_OTP_Secret\n fi\n}\n\n_cyon_is_idn() {\n _idn_temp=\"$(printf \"%s\" \"${1}\" | tr -d \"0-9a-zA-Z.,-_\")\"\n _idn_temp2=\"$(printf \"%s\" \"${1}\" | grep -o \"xn--\")\"\n [ \"$_idn_temp\" ] || [ \"$_idn_temp2\" ]\n}\n\n_cyon_load_parameters() {\n # Read the required parameters to add the TXT entry.\n # shellcheck disable=SC2018,SC2019\n fulldomain=\"$(printf \"%s\" \"${1}\" | tr \"A-Z\" \"a-z\")\"\n fulldomain_idn=\"${fulldomain}\"\n\n # Special case for IDNs, as cyon needs a domain environment change,\n # which uses the \"pretty\" instead of the punycode version.\n if _cyon_is_idn \"${fulldomain}\"; then\n if ! _exists idn; then\n _err \"Please install idn to process IDN names.\"\n _err \"\"\n return 1\n fi\n\n fulldomain=\"$(idn -u \"${fulldomain}\")\"\n fulldomain_idn=\"$(idn -a \"${fulldomain}\")\"\n fi\n\n _debug fulldomain \"${fulldomain}\"\n _debug fulldomain_idn \"${fulldomain_idn}\"\n\n txtvalue=\"${2}\"\n _debug txtvalue \"${txtvalue}\"\n\n # This header is required for curl calls.\n _H1=\"X-Requested-With: XMLHttpRequest\"\n export _H1\n _H3=\"User-Agent: cyon-dns-acmesh/1.0\"\n export _H3\n}\n\n_cyon_print_header() {\n if [ \"${1}\" = \"add\" ]; then\n _info \"\"\n _info \"+---------------------------------------------+\"\n _info \"| Adding DNS TXT entry to your cyon.ch domain |\"\n _info \"+---------------------------------------------+\"\n _info \"\"\n _info \" * Full Domain: ${fulldomain}\"\n _info \" * TXT Value: ${txtvalue}\"\n _info \"\"\n elif [ \"${1}\" = \"delete\" ]; then\n _info \"\"\n _info \"+-------------------------------------------------+\"\n _info \"| Deleting DNS TXT entry from your cyon.ch domain |\"\n _info \"+-------------------------------------------------+\"\n _info \"\"\n _info \" * Full Domain: ${fulldomain}\"\n _info \"\"\n fi\n}\n\n_cyon_get_cookie_header() {\n # Extract all cookies from the response headers (case-insensitive)\n _cookies=\"$(grep -i \"^set-cookie:\" \"$HTTP_HEADER\" | sed 's/^[Ss]et-[Cc]ookie: //' | sed 's/;.*//' | tr '\\n' '; ' | sed 's/; $//')\"\n if [ -n \"$_cookies\" ]; then\n printf \"Cookie: %s\" \"$_cookies\"\n fi\n}\n\n_cyon_login() {\n _info \" - Logging in...\"\n\n username_encoded=\"$(printf \"%s\" \"${CY_Username}\" | _url_encode)\"\n password_encoded=\"$(printf \"%s\" \"${CY_Password}\" | _url_encode)\"\n\n login_url=\"https://my.cyon.ch/auth/index/dologin-async\"\n login_data=\"$(printf \"%s\" \"username=${username_encoded}&password=${password_encoded}&pathname=%2F\")\"\n\n login_response=\"$(_post \"$login_data\" \"$login_url\")\"\n _debug login_response \"${login_response}\"\n\n # Bail if login fails.\n if [ \"$(printf \"%s\" \"${login_response}\" | _cyon_get_response_success)\" != \"success\" ]; then\n _err \" $(printf \"%s\" \"${login_response}\" | _cyon_get_response_message)\"\n _err \"\"\n return 1\n fi\n\n _info \" success\"\n\n # NECESSARY!! Load the main page after login, to get the new cookie.\n _H2=\"$(_cyon_get_cookie_header)\"\n export _H2\n\n _get \"https://my.cyon.ch/\" >/dev/null\n\n # Update cookie after loading main page (only if new cookies are set)\n _new_cookies=\"$(_cyon_get_cookie_header)\"\n if [ -n \"$_new_cookies\" ]; then\n _H2=\"$_new_cookies\"\n export _H2\n fi\n\n # 2FA authentication with OTP?\n if [ -n \"${CY_OTP_Secret}\" ]; then\n _info \" - Authorising with OTP code...\"\n\n if ! _exists oathtool; then\n _err \"Please install oathtool to use 2 Factor Authentication.\"\n _err \"\"\n return 1\n fi\n\n # Get OTP code with the defined secret.\n otp_code=\"$(oathtool --base32 --totp \"${CY_OTP_Secret}\" 2>/dev/null)\"\n\n login_otp_url=\"https://my.cyon.ch/auth/multi-factor/domultifactorauth-async\"\n login_otp_data=\"totpcode=${otp_code}&pathname=%2F&rememberme=0\"\n\n login_otp_response=\"$(_post \"$login_otp_data\" \"$login_otp_url\")\"\n _debug login_otp_response \"${login_otp_response}\"\n\n # Bail if OTP authentication fails.\n if [ \"$(printf \"%s\" \"${login_otp_response}\" | _cyon_get_response_success)\" != \"success\" ]; then\n _err \" $(printf \"%s\" \"${login_otp_response}\" | _cyon_get_response_message)\"\n _err \"\"\n return 1\n fi\n\n _info \" success\"\n\n # Update cookie after 2FA (only if new cookies are set)\n _new_cookies=\"$(_cyon_get_cookie_header)\"\n if [ -n \"$_new_cookies\" ]; then\n _H2=\"$_new_cookies\"\n export _H2\n fi\n fi\n\n _info \"\"\n}\n\n_cyon_logout() {\n _info \" - Logging out...\"\n\n _get \"https://my.cyon.ch/auth/index/dologout\" >/dev/null\n\n _info \" success\"\n _info \"\"\n}\n\n_cyon_change_domain_env() {\n _info \" - Changing domain environment...\"\n\n # Get the \"example.com\" part of the full domain name.\n domain_env=\"$(printf \"%s\" \"${fulldomain}\" | sed -E -e 's/.*\\.(.*\\..*)$/\\1/')\"\n _debug \"Changing domain environment to ${domain_env}\"\n\n domain_page_response=\"$(_get \"https://my.cyon.ch/domain/\")\"\n _debug domain_page_response \"${domain_page_response}\"\n\n # Check if we got an error response (JSON) instead of HTML\n if printf \"%s\" \"${domain_page_response}\" | grep -q '\"iserror\":true'; then\n _err \" $(printf \"%s\" \"${domain_page_response}\" | _cyon_get_response_message)\"\n _err \"\"\n return 1\n fi\n\n gloo_item_key=\"$(printf \"%s\" \"${domain_page_response}\" | tr '\\n' ' ' | sed -E -e \"s/.*data-domain=\\\"${domain_env}\\\"[^<]*data-itemkey=\\\"([^\\\"]*).*/\\1/\")\"\n _debug gloo_item_key \"${gloo_item_key}\"\n\n domain_env_url=\"https://my.cyon.ch/user/environment/setdomain/d/${domain_env}/gik/${gloo_item_key}\"\n\n domain_env_response=\"$(_get \"${domain_env_url}\")\"\n _debug domain_env_response \"${domain_env_response}\"\n\n if ! _cyon_check_if_2fa_missed \"${domain_env_response}\"; then return 1; fi\n\n # Bail if domain environment change fails.\n if [ \"$(printf \"%s\" \"${domain_env_response}\" | _cyon_get_environment_change_status)\" != \"true\" ]; then\n _err \" $(printf \"%s\" \"${domain_env_response}\" | _cyon_get_response_message)\"\n _err \"\"\n return 1\n fi\n\n _info \" success\"\n _info \"\"\n}\n\n_cyon_add_txt() {\n _info \" - Adding DNS TXT entry...\"\n\n add_txt_url=\"https://my.cyon.ch/domain/dnseditor/add-record-async\"\n add_txt_data=\"name=${fulldomain_idn}.&ttl=900&type=TXT&dnscontent=${txtvalue}\"\n\n add_txt_response=\"$(_post \"$add_txt_data\" \"$add_txt_url\")\"\n _debug add_txt_response \"${add_txt_response}\"\n\n if ! _cyon_check_if_2fa_missed \"${add_txt_response}\"; then return 1; fi\n\n add_txt_message=\"$(printf \"%s\" \"${add_txt_response}\" | _cyon_get_response_message)\"\n add_txt_status=\"$(printf \"%s\" \"${add_txt_response}\" | _cyon_get_response_status)\"\n add_txt_validation=\"$(printf \"%s\" \"${add_txt_response}\" | _cyon_get_validation_status)\"\n\n # Bail if adding TXT entry fails.\n if [ \"${add_txt_status}\" != \"true\" ] || [ \"${add_txt_validation}\" != \"true\" ]; then\n _err \" ${add_txt_message}\"\n _err \"\"\n return 1\n fi\n\n _info \" success (TXT|${fulldomain_idn}.|${txtvalue})\"\n _info \"\"\n}\n\n_cyon_delete_txt() {\n _info \" - Deleting DNS TXT entry...\"\n\n list_txt_url=\"https://my.cyon.ch/domain/dnseditor/list-async\"\n\n list_txt_response=\"$(_get \"${list_txt_url}\" | sed -e 's/data-hash/\\\\ndata-hash/g')\"\n _debug list_txt_response \"${list_txt_response}\"\n\n if ! _cyon_check_if_2fa_missed \"${list_txt_response}\"; then return 1; fi\n\n # Find and delete all acme challenge entries for the $fulldomain.\n _dns_entries=\"$(printf \"%b\\n\" \"${list_txt_response}\" | sed -n 's/data-hash=\\\\\"\\([^\"]*\\)\\\\\" data-identifier=\\\\\"\\([^\"]*\\)\\\\\".*/\\1 \\2/p')\"\n\n printf \"%s\" \"${_dns_entries}\" | while read -r _hash _identifier; do\n dns_type=\"$(printf \"%s\" \"$_identifier\" | cut -d'|' -f1)\"\n dns_domain=\"$(printf \"%s\" \"$_identifier\" | cut -d'|' -f2)\"\n\n if [ \"${dns_type}\" != \"TXT\" ] || [ \"${dns_domain}\" != \"${fulldomain_idn}.\" ]; then\n continue\n fi\n\n hash_encoded=\"$(printf \"%s\" \"${_hash}\" | _url_encode)\"\n identifier_encoded=\"$(printf \"%s\" \"${_identifier}\" | _url_encode)\"\n\n delete_txt_url=\"https://my.cyon.ch/domain/dnseditor/delete-record-async\"\n delete_txt_data=\"$(printf \"%s\" \"hash=${hash_encoded}&identifier=${identifier_encoded}\")\"\n\n delete_txt_response=\"$(_post \"$delete_txt_data\" \"$delete_txt_url\")\"\n _debug delete_txt_response \"${delete_txt_response}\"\n\n if ! _cyon_check_if_2fa_missed \"${delete_txt_response}\"; then return 1; fi\n\n delete_txt_message=\"$(printf \"%s\" \"${delete_txt_response}\" | _cyon_get_response_message)\"\n delete_txt_status=\"$(printf \"%s\" \"${delete_txt_response}\" | _cyon_get_response_status)\"\n\n # Skip if deleting TXT entry fails.\n if [ \"${delete_txt_status}\" != \"true\" ]; then\n _err \" ${delete_txt_message} (${_identifier})\"\n else\n _info \" success (${_identifier})\"\n fi\n done\n\n _info \" done\"\n _info \"\"\n}\n\n_cyon_get_response_message() {\n _egrep_o '\"message\":\"[^\"]*\"' | cut -d : -f 2 | tr -d '\"'\n}\n\n_cyon_get_response_status() {\n _egrep_o '\"status\":[a-zA-Z0-9]*' | cut -d : -f 2\n}\n\n_cyon_get_validation_status() {\n _egrep_o '\"valid\":[a-zA-Z0-9]*' | cut -d : -f 2\n}\n\n_cyon_get_response_success() {\n _egrep_o '\"onSuccess\":\"[^\"]*\"' | cut -d : -f 2 | tr -d '\"'\n}\n\n_cyon_get_environment_change_status() {\n _egrep_o '\"authenticated\":[a-zA-Z0-9]*' | cut -d : -f 2\n}\n\n_cyon_check_if_2fa_missed() {\n # Did we miss the 2FA?\n if test \"${1#*multi_factor_form}\" != \"${1}\"; then\n _err \" Missed OTP authentication!\"\n _err \"\"\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_da.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_da_info='DirectAdmin Server API\nSite: DirectAdmin.com/api.php\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_da\nOptions:\n DA_Api API Server URL. E.g. \"https://remoteUser:remotePassword@da.domain.tld:8443\"\n DA_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept\nIssues: github.com/TigerP/acme.sh/issues\n'\n\n######## Public functions #####################\n\n# Usage: dns_myapi_add _acme-challenge.www.example.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_da_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n _debug \"Calling: dns_da_add() '${fulldomain}' '${txtvalue}'\"\n _DA_credentials && _DA_getDomainInfo && _DA_addTxt\n}\n\n# Usage: dns_da_rm _acme-challenge.www.example.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to remove the txt record after validation\ndns_da_rm() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n _debug \"Calling: dns_da_rm() '${fulldomain}' '${txtvalue}'\"\n _DA_credentials && _DA_getDomainInfo && _DA_rmTxt\n}\n\n#################### Private functions below ##################################\n# Usage: _DA_credentials\n# It will check if the needed settings are available\n_DA_credentials() {\n DA_Api=\"${DA_Api:-$(_readaccountconf_mutable DA_Api)}\"\n DA_Api_Insecure=\"${DA_Api_Insecure:-$(_readaccountconf_mutable DA_Api_Insecure)}\"\n if [ -z \"${DA_Api}\" ] || [ -z \"${DA_Api_Insecure}\" ]; then\n DA_Api=\"\"\n DA_Api_Insecure=\"\"\n _err \"You haven't specified the DirectAdmin Login data, URL and whether you want check the DirectAdmin SSL cert. Please try again.\"\n return 1\n else\n _saveaccountconf_mutable DA_Api \"${DA_Api}\"\n _saveaccountconf_mutable DA_Api_Insecure \"${DA_Api_Insecure}\"\n # Set whether curl should use secure or insecure mode\n export HTTPS_INSECURE=\"${DA_Api_Insecure}\"\n fi\n}\n\n# Usage: _get_root _acme-challenge.www.example.com\n# Split the full domain to a domain and subdomain\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=example.com\n_get_root() {\n domain=$1\n i=2\n p=1\n # Get a list of all the domains\n # response will contain \"list[]=example.com&list[]=example.org\"\n _da_api CMD_API_SHOW_DOMAINS \"\" \"${domain}\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n # not valid\n _debug \"The given domain $h is not valid\"\n return 1\n fi\n if _contains \"$response\" \"$h\" >/dev/null; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n _debug \"Stop on 100\"\n return 1\n}\n\n# Usage: _da_api CMD_API_* data example.com\n# Use the DirectAdmin API and check the result\n# returns\n# response=\"error=0&text=Result text&details=\"\n_da_api() {\n cmd=$1\n data=$2\n domain=$3\n _debug \"$domain; $data\"\n response=\"$(_post \"$data\" \"$DA_Api/$cmd\" \"\" \"POST\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $cmd\"\n return 1\n fi\n _debug response \"$response\"\n\n case \"${cmd}\" in\n CMD_API_DNS_CONTROL)\n # Parse the result in general\n # error=0&text=Records Deleted&details=\n # error=1&text=Cannot View Dns Record&details=No domain provided\n err_field=\"$(_getfield \"$response\" 1 '&')\"\n txt_field=\"$(_getfield \"$response\" 2 '&')\"\n details_field=\"$(_getfield \"$response\" 3 '&')\"\n error=\"$(_getfield \"$err_field\" 2 '=')\"\n text=\"$(_getfield \"$txt_field\" 2 '=')\"\n details=\"$(_getfield \"$details_field\" 2 '=')\"\n _debug \"error: ${error}, text: ${text}, details: ${details}\"\n if [ \"$error\" != \"0\" ]; then\n _err \"error $response\"\n return 1\n fi\n ;;\n CMD_API_SHOW_DOMAINS) ;;\n esac\n return 0\n}\n\n# Usage: _DA_getDomainInfo\n# Get the root zone if possible\n_DA_getDomainInfo() {\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n else\n _debug \"The root domain: $_domain\"\n _debug \"The sub domain: $_sub_domain\"\n fi\n return 0\n}\n\n# Usage: _DA_addTxt\n# Use the API to add a record\n_DA_addTxt() {\n curData=\"domain=${_domain}&action=add&type=TXT&name=${_sub_domain}&value=\\\"${txtvalue}\\\"\"\n _debug \"Calling _DA_addTxt: '${curData}' '${DA_Api}/CMD_API_DNS_CONTROL'\"\n _da_api CMD_API_DNS_CONTROL \"${curData}\" \"${_domain}\"\n _debug \"Result of _DA_addTxt: '$response'\"\n if _contains \"${response}\" 'error=0'; then\n _debug \"Add TXT succeeded\"\n return 0\n fi\n _debug \"Add TXT failed\"\n return 1\n}\n\n# Usage: _DA_rmTxt\n# Use the API to remove a record\n_DA_rmTxt() {\n curData=\"domain=${_domain}&action=select&txtrecs0=name=${_sub_domain}&value=\\\"${txtvalue}\\\"\"\n _debug \"Calling _DA_rmTxt: '${curData}' '${DA_Api}/CMD_API_DNS_CONTROL'\"\n if _da_api CMD_API_DNS_CONTROL \"${curData}\" \"${_domain}\"; then\n _debug \"Result of _DA_rmTxt: '$response'\"\n else\n _err \"Result of _DA_rmTxt: '$response'\"\n fi\n if _contains \"${response}\" 'error=0'; then\n _debug \"RM TXT succeeded\"\n return 0\n fi\n _debug \"RM TXT failed\"\n return 1\n}\n"
},
{
"path": "dnsapi/dns_ddnss.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ddnss_info='DDNSS.de\nSite: DDNSS.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss\nOptions:\n DDNSS_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/2230\nAuthor: @helbgd, @mod242\n'\n\nDDNSS_DNS_API=\"https://ddnss.de/upd.php\"\n\n######## Public functions #####################\n\n#Usage: dns_ddnss_add _acme-challenge.domain.ddnss.de \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_ddnss_add() {\n fulldomain=$1\n txtvalue=$2\n\n DDNSS_Token=\"${DDNSS_Token:-$(_readaccountconf_mutable DDNSS_Token)}\"\n if [ -z \"$DDNSS_Token\" ]; then\n _err \"You must export variable: DDNSS_Token\"\n _err \"The token for your DDNSS account is necessary.\"\n _err \"You can look it up in your DDNSS account.\"\n return 1\n fi\n\n # Now save the credentials.\n _saveaccountconf_mutable DDNSS_Token \"$DDNSS_Token\"\n\n # Unfortunately, DDNSS does not seems to support lookup domain through API\n # So I assume your credentials (which are your domain and token) are correct\n # If something goes wrong, we will get a KO response from DDNSS\n\n if ! _ddnss_get_domain; then\n return 1\n fi\n\n # Now add the TXT record to DDNSS DNS\n _info \"Trying to add TXT record\"\n if _ddnss_rest GET \"key=$DDNSS_Token&host=$_ddnss_domain&txtm=1&txt=$txtvalue\"; then\n if [ \"$response\" = \"Updated 1 hostname.\" ]; then\n _info \"TXT record has been successfully added to your DDNSS domain.\"\n _info \"Note that all subdomains under this domain uses the same TXT record.\"\n return 0\n else\n _err \"Errors happened during adding the TXT record, response=$response\"\n return 1\n fi\n else\n _err \"Errors happened during adding the TXT record.\"\n return 1\n fi\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_ddnss_rm() {\n fulldomain=$1\n txtvalue=$2\n\n DDNSS_Token=\"${DDNSS_Token:-$(_readaccountconf_mutable DDNSS_Token)}\"\n if [ -z \"$DDNSS_Token\" ]; then\n _err \"You must export variable: DDNSS_Token\"\n _err \"The token for your DDNSS account is necessary.\"\n _err \"You can look it up in your DDNSS account.\"\n return 1\n fi\n\n if ! _ddnss_get_domain; then\n return 1\n fi\n\n # Now remove the TXT record from DDNS DNS\n _info \"Trying to remove TXT record\"\n if _ddnss_rest GET \"key=$DDNSS_Token&host=$_ddnss_domain&txtm=2\"; then\n if [ \"$response\" = \"Updated 1 hostname.\" ]; then\n _info \"TXT record has been successfully removed from your DDNSS domain.\"\n return 0\n else\n _err \"Errors happened during removing the TXT record, response=$response\"\n return 1\n fi\n else\n _err \"Errors happened during removing the TXT record.\"\n return 1\n fi\n}\n\n#################### Private functions below ##################################\n\n#fulldomain=_acme-challenge.domain.ddnss.de\n#returns\n# _ddnss_domain=domain\n_ddnss_get_domain() {\n\n # We'll extract the domain/username from full domain\n _ddnss_domain=\"$(echo \"$fulldomain\" | _lower_case | _egrep_o '[.][^.][^.]*[.](ddnss|dyn-ip24|dyndns|dyn|dyndns1|home-webserver|myhome-server|dynip)\\..*' | cut -d . -f 2-)\"\n\n if [ -z \"$_ddnss_domain\" ]; then\n _err \"Error extracting the domain.\"\n return 1\n fi\n\n return 0\n}\n\n#Usage: method URI\n_ddnss_rest() {\n method=$1\n param=\"$2\"\n _debug param \"$param\"\n url=\"$DDNSS_DNS_API?$param\"\n _debug url \"$url\"\n\n # DDNSS uses GET to update domain info\n if [ \"$method\" = \"GET\" ]; then\n response=\"$(_get \"$url\" | sed 's/<[a-zA-Z\\/][^>]*>//g' | tr -s \"\\n\" | _tail_n 1)\"\n else\n _err \"Unsupported method\"\n return 1\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_desec.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_desec_info='deSEC.io\nSite: desec.readthedocs.io/en/latest/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_desec\nOptions:\n DDNSS_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/2180\nAuthor: Zheng Qian\n'\n\nREST_API=\"https://desec.io/api/v1/domains\"\n\n######## Public functions #####################\n\n#Usage: dns_desec_add _acme-challenge.foobar.dedyn.io \"d41d8cd98f00b204e9800998ecf8427e\"\ndns_desec_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using desec.io api\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n DEDYN_TOKEN=\"${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}\"\n\n if [ -z \"$DEDYN_TOKEN\" ]; then\n DEDYN_TOKEN=\"\"\n _err \"You did not specify DEDYN_TOKEN yet.\"\n _err \"Please create your key and try again.\"\n _err \"e.g.\"\n _err \"export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e\"\n return 1\n fi\n #save the api token to the account conf file.\n _saveaccountconf_mutable DEDYN_TOKEN \"$DEDYN_TOKEN\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\" \"$REST_API/\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # Get existing TXT record\n _debug \"Getting txt records\"\n txtvalues=\"\\\"\\\\\\\"$txtvalue\\\\\\\"\\\"\"\n _desec_rest GET \"$REST_API/$_domain/rrsets/$_sub_domain/TXT/\"\n\n if [ \"$_code\" = \"200\" ]; then\n oldtxtvalues=\"$(echo \"$response\" | _egrep_o \"\\\"records\\\":\\\\[\\\"\\\\S*\\\"\\\\]\" | cut -d : -f 2 | tr -d \"[]\\\\\\\\\\\"\" | sed \"s/,/ /g\")\"\n _debug \"existing TXT found\"\n _debug oldtxtvalues \"$oldtxtvalues\"\n if [ -n \"$oldtxtvalues\" ]; then\n for oldtxtvalue in $oldtxtvalues; do\n txtvalues=\"$txtvalues, \\\"\\\\\\\"$oldtxtvalue\\\\\\\"\\\"\"\n done\n fi\n fi\n _debug txtvalues \"$txtvalues\"\n _info \"Adding record\"\n body=\"[{\\\"subname\\\":\\\"$_sub_domain\\\", \\\"type\\\":\\\"TXT\\\", \\\"records\\\":[$txtvalues], \\\"ttl\\\":3600}]\"\n\n if _desec_rest PUT \"$REST_API/$_domain/rrsets/\" \"$body\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n\n _err \"Add txt record error.\"\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_desec_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using desec.io api\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n DEDYN_TOKEN=\"${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}\"\n\n if [ -z \"$DEDYN_TOKEN\" ]; then\n DEDYN_TOKEN=\"\"\n _err \"You did not specify DEDYN_TOKEN yet.\"\n _err \"Please create your key and try again.\"\n _err \"e.g.\"\n _err \"export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\" \"$REST_API/\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # Get existing TXT record\n _debug \"Getting txt records\"\n txtvalues=\"\"\n _desec_rest GET \"$REST_API/$_domain/rrsets/$_sub_domain/TXT/\"\n\n if [ \"$_code\" = \"200\" ]; then\n oldtxtvalues=\"$(echo \"$response\" | _egrep_o \"\\\"records\\\":\\\\[\\\"\\\\S*\\\"\\\\]\" | cut -d : -f 2 | tr -d \"[]\\\\\\\\\\\"\" | sed \"s/,/ /g\")\"\n _debug \"existing TXT found\"\n _debug oldtxtvalues \"$oldtxtvalues\"\n if [ -n \"$oldtxtvalues\" ]; then\n for oldtxtvalue in $oldtxtvalues; do\n if [ \"$txtvalue\" != \"$oldtxtvalue\" ]; then\n txtvalues=\"$txtvalues, \\\"\\\\\\\"$oldtxtvalue\\\\\\\"\\\"\"\n fi\n done\n fi\n fi\n txtvalues=\"$(echo \"$txtvalues\" | cut -c3-)\"\n _debug txtvalues \"$txtvalues\"\n\n _info \"Deleting record\"\n body=\"[{\\\"subname\\\":\\\"$_sub_domain\\\", \\\"type\\\":\\\"TXT\\\", \\\"records\\\":[$txtvalues], \\\"ttl\\\":3600}]\"\n _desec_rest PUT \"$REST_API/$_domain/rrsets/\" \"$body\"\n if [ \"$_code\" = \"200\" ]; then\n _info \"Deleted, OK\"\n return 0\n fi\n\n _err \"Delete txt record error.\"\n return 1\n}\n\n#################### Private functions below ##################################\n\n_desec_rest() {\n m=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n\n export _H1=\"Authorization: Token $DEDYN_TOKEN\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Content-Type: application/json\"\n\n if [ \"$m\" != \"GET\" ]; then\n _secure_debug2 data \"$data\"\n response=\"$(_post \"$data\" \"$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$ep\")\"\n fi\n _ret=\"$?\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n _secure_debug2 response \"$response\"\n if [ \"$_ret\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n\n response=\"$(printf \"%s\" \"$response\" | _normalizeJson)\"\n return 0\n}\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=\"$1\"\n ep=\"$2\"\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _desec_rest GET \"$ep\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n"
},
{
"path": "dnsapi/dns_df.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_df_info='DynDnsFree.de\nDomains: dynup.de\nSite: DynDnsFree.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_df\nOptions:\n DF_user Username\n DF_password Password\nIssues: github.com/acmesh-official/acme.sh/issues/2897\nAuthor: Thilo Gass \n'\n\ndyndnsfree_api=\"https://dynup.de/acme.php\"\n\ndns_df_add() {\n fulldomain=$1\n txt_value=$2\n _info \"Using DNS-01 dyndnsfree.de hook\"\n\n DF_user=\"${DF_user:-$(_readaccountconf_mutable DF_user)}\"\n DF_password=\"${DF_password:-$(_readaccountconf_mutable DF_password)}\"\n if [ -z \"$DF_user\" ] || [ -z \"$DF_password\" ]; then\n DF_user=\"\"\n DF_password=\"\"\n _err \"No auth details provided. Please set user credentials using the \\$DF_user and \\$DF_password environment variables.\"\n return 1\n fi\n #save the api user and password to the account conf file.\n _debug \"Save user and password\"\n _saveaccountconf_mutable DF_user \"$DF_user\"\n _saveaccountconf_mutable DF_password \"$DF_password\"\n\n domain=\"$(printf \"%s\" \"$fulldomain\" | cut -d\".\" -f2-)\"\n\n get=\"$dyndnsfree_api?username=$DF_user&password=$DF_password&hostname=$domain&add_hostname=$fulldomain&txt=$txt_value\"\n\n if ! erg=\"$(_get \"$get\")\"; then\n _err \"error Adding $fulldomain TXT: $txt_value\"\n return 1\n fi\n\n if _contains \"$erg\" \"success\"; then\n _info \"Success, TXT Added, OK\"\n else\n _err \"error Adding $fulldomain TXT: $txt_value erg: $erg\"\n return 1\n fi\n\n _debug \"ok Auto $fulldomain TXT: $txt_value erg: $erg\"\n return 0\n}\n\ndns_df_rm() {\n\n fulldomain=$1\n txtvalue=$2\n _info \"TXT enrty in $fulldomain is deleted automatically\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n}\n"
},
{
"path": "dnsapi/dns_dgon.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dgon_info='DigitalOcean.com\nSite: DigitalOcean.com/help/api/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dgon\nOptions:\n DO_API_KEY API Key\nAuthor: \n'\n\n##################### Public functions #####################\n\n## Create the text record for validation.\n## Usage: fulldomain txtvalue\n## EG: \"_acme-challenge.www.other.domain.com\" \"XKrxpRBosdq0HG9i01zxXp5CPBs\"\ndns_dgon_add() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=$2\n\n DO_API_KEY=\"${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}\"\n # Check if API Key Exists\n if [ -z \"$DO_API_KEY\" ]; then\n DO_API_KEY=\"\"\n _err \"You did not specify DigitalOcean API key.\"\n _err \"Please export DO_API_KEY and try again.\"\n return 1\n fi\n\n _info \"Using digitalocean dns validation - add record\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ## save the env vars (key and domain split location) for later automated use\n _saveaccountconf_mutable DO_API_KEY \"$DO_API_KEY\"\n\n ## split the domain for DO API\n if ! _get_base_domain \"$fulldomain\"; then\n _err \"domain not found in your account for addition\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n ## Set the header with our post type and key auth key\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: Bearer $DO_API_KEY\"\n PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records'\n PBODY='{\"type\":\"TXT\",\"name\":\"'$_sub_domain'\",\"data\":\"'$txtvalue'\",\"ttl\":120}'\n\n _debug PURL \"$PURL\"\n _debug PBODY \"$PBODY\"\n\n ## the create request - post\n ## args: BODY, URL, [need64, httpmethod]\n response=\"$(_post \"$PBODY\" \"$PURL\")\"\n\n ## check response\n if [ \"$?\" != \"0\" ]; then\n _err \"error in response: $response\"\n return 1\n fi\n _debug2 response \"$response\"\n\n ## finished correctly\n return 0\n}\n\n## Remove the txt record after validation.\n## Usage: fulldomain txtvalue\n## EG: \"_acme-challenge.www.other.domain.com\" \"XKrxpRBosdq0HG9i01zxXp5CPBs\"\ndns_dgon_rm() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=$2\n\n DO_API_KEY=\"${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}\"\n # Check if API Key Exists\n if [ -z \"$DO_API_KEY\" ]; then\n DO_API_KEY=\"\"\n _err \"You did not specify DigitalOcean API key.\"\n _err \"Please export DO_API_KEY and try again.\"\n return 1\n fi\n\n _info \"Using digitalocean dns validation - remove record\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ## split the domain for DO API\n if ! _get_base_domain \"$fulldomain\"; then\n _err \"domain not found in your account for removal\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n ## Set the header with our post type and key auth key\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: Bearer $DO_API_KEY\"\n ## get URL for the list of domains\n ## may get: \"links\":{\"pages\":{\"last\":\".../v2/domains/DOM/records?page=2\",\"next\":\".../v2/domains/DOM/records?page=2\"}}\n GURL=\"https://api.digitalocean.com/v2/domains/$_domain/records\"\n\n ## Get all the matching records\n while true; do\n ## 1) get the URL\n ## the create request - get\n ## args: URL, [onlyheader, timeout]\n domain_list=\"$(_get \"$GURL\")\"\n\n ## check response\n if [ \"$?\" != \"0\" ]; then\n _err \"error in domain_list response: $domain_list\"\n return 1\n fi\n _debug2 domain_list \"$domain_list\"\n\n ## 2) find records\n ## check for what we are looking for: \"type\":\"A\",\"name\":\"$_sub_domain\"\n record=\"$(echo \"$domain_list\" | _egrep_o \"\\\"id\\\"\\s*\\:\\s*\\\"*[0-9]+\\\"*[^}]*\\\"name\\\"\\s*\\:\\s*\\\"$_sub_domain\\\"[^}]*\\\"data\\\"\\s*\\:\\s*\\\"$txtvalue\\\"\")\"\n\n if [ -n \"$record\" ]; then\n\n ## we found records\n rec_ids=\"$(echo \"$record\" | _egrep_o \"id\\\"\\s*\\:\\s*\\\"*[0-9]+\" | _egrep_o \"[0-9]+\")\"\n _debug rec_ids \"$rec_ids\"\n if [ -n \"$rec_ids\" ]; then\n echo \"$rec_ids\" | while IFS= read -r rec_id; do\n ## delete the record\n ## delete URL for removing the one we dont want\n DURL=\"https://api.digitalocean.com/v2/domains/$_domain/records/$rec_id\"\n\n ## the create request - delete\n ## args: BODY, URL, [need64, httpmethod]\n response=\"$(_post \"\" \"$DURL\" \"\" \"DELETE\")\"\n\n ## check response (sort of)\n if [ \"$?\" != \"0\" ]; then\n _err \"error in remove response: $response\"\n return 1\n fi\n _debug2 response \"$response\"\n\n done\n fi\n fi\n\n ## 3) find the next page\n nextpage=\"$(echo \"$domain_list\" | _egrep_o \"\\\"links\\\".*\" | _egrep_o \"\\\"next\\\".*\" | _egrep_o \"http.*page\\=[0-9]+\")\"\n if [ -z \"$nextpage\" ]; then\n break\n fi\n _debug2 nextpage \"$nextpage\"\n GURL=\"$nextpage\"\n\n done\n\n ## finished correctly\n return 0\n}\n\n##################### Private functions below #####################\n\n## Split the domain provided into the \"bade domain\" and the \"start prefix\".\n## This function searches for the longest subdomain in your account\n## for the full domain given and splits it into the base domain (zone)\n## and the prefix/record to be added/removed\n## USAGE: fulldomain\n## EG: \"_acme-challenge.two.three.four.domain.com\"\n## returns\n## _sub_domain=\"_acme-challenge.two\"\n## _domain=\"three.four.domain.com\" *IF* zone \"three.four.domain.com\" exists\n## if only \"domain.com\" exists it will return\n## _sub_domain=\"_acme-challenge.two.three.four\"\n## _domain=\"domain.com\"\n_get_base_domain() {\n # args\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n _debug fulldomain \"$fulldomain\"\n\n # domain max legal length = 253\n MAX_DOM=255\n\n ## get a list of domains for the account to check thru\n ## Set the headers\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: Bearer $DO_API_KEY\"\n _debug DO_API_KEY \"$DO_API_KEY\"\n ## get URL for the list of domains\n ## may get: \"links\":{\"pages\":{\"last\":\".../v2/domains/DOM/records?page=2\",\"next\":\".../v2/domains/DOM/records?page=2\"}}\n DOMURL=\"https://api.digitalocean.com/v2/domains\"\n found=\"\"\n\n ## while we dont have a matching domain we keep going\n while [ -z \"$found\" ]; do\n ## get the domain list (current page)\n domain_list=\"$(_get \"$DOMURL\")\"\n\n ## check response\n if [ \"$?\" != \"0\" ]; then\n _err \"error in domain_list response: $domain_list\"\n return 1\n fi\n _debug2 domain_list \"$domain_list\"\n\n i=1\n while [ \"$i\" -gt 0 ]; do\n ## get next longest domain\n _domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f \"$i\"-\"$MAX_DOM\")\n ## check we got something back from our cut (or are we at the end)\n if [ -z \"$_domain\" ]; then\n break\n fi\n ## we got part of a domain back - grep it out\n found=\"$(echo \"$domain_list\" | _egrep_o \"\\\"name\\\"\\s*\\:\\s*\\\"$_domain\\\"\")\"\n ## check if it exists\n if [ -n \"$found\" ]; then\n ## exists - exit loop returning the parts\n sub_point=$(_math \"$i\" - 1)\n _sub_domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 1-\"$sub_point\")\n _debug _domain \"$_domain\"\n _debug _sub_domain \"$_sub_domain\"\n return 0\n fi\n ## increment cut point $i\n i=$(_math \"$i\" + 1)\n done\n\n if [ -z \"$found\" ]; then\n ## find the next page if we dont have a match\n nextpage=\"$(echo \"$domain_list\" | _egrep_o \"\\\"links\\\".*\" | _egrep_o \"\\\"next\\\".*\" | _egrep_o \"http.*page\\=[0-9]+\")\"\n if [ -z \"$nextpage\" ]; then\n _err \"no record and no nextpage in digital ocean DNS removal\"\n return 1\n fi\n _debug2 nextpage \"$nextpage\"\n DOMURL=\"$nextpage\"\n fi\n\n done\n\n ## we went through the entire domain zone list and dint find one that matched\n ## doesnt look like we can add in the record\n _err \"domain not found in DigitalOcean account, but we should never get here\"\n return 1\n}\n"
},
{
"path": "dnsapi/dns_dnsexit.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dnsexit_info='DNSExit.com\nSite: DNSExit.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit\nOptions:\n DNSEXIT_API_KEY API Key\n DNSEXIT_AUTH_USER Username\n DNSEXIT_AUTH_PASS Password\nIssues: github.com/acmesh-official/acme.sh/issues/4719\nAuthor: Samuel Jimenez\n'\n\nDNSEXIT_API_URL=\"https://api.dnsexit.com/dns/\"\nDNSEXIT_HOSTS_URL=\"https://update.dnsexit.com/ipupdate/hosts.jsp\"\n\n######## Public functions #####################\n#Usage: dns_dnsexit_add _acme-challenge.*.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dnsexit_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using DNSExit.com\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _debug 'Load account auth'\n if ! get_account_info; then\n return 1\n fi\n\n _debug 'First detect the root zone'\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if ! _dnsexit_rest \"{\\\"domain\\\":\\\"$_domain\\\",\\\"add\\\":{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":0,\\\"overwrite\\\":false}}\"; then\n _err \"$response\"\n return 1\n fi\n\n _debug2 _response \"$response\"\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_dnsexit_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using DNSExit.com\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _debug 'Load account auth'\n if ! get_account_info; then\n return 1\n fi\n\n _debug 'First detect the root zone'\n if ! _get_root \"$fulldomain\"; then\n _err \"$response\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if ! _dnsexit_rest \"{\\\"domain\\\":\\\"$_domain\\\",\\\"delete\\\":{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\"}}\"; then\n _err \"$response\"\n return 1\n fi\n\n _debug2 _response \"$response\"\n return 0\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=1\n while true; do\n _domain=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$_domain\"\n if [ -z \"$_domain\" ]; then\n return 1\n fi\n\n _debug login \"$DNSEXIT_AUTH_USER\"\n _debug password \"$DNSEXIT_AUTH_PASS\"\n _debug domain \"$_domain\"\n\n _dnsexit_http \"login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain\"\n\n if _contains \"$response\" \"0=$_domain\"; then\n _sub_domain=\"$(echo \"$fulldomain\" | sed \"s/\\\\.$_domain\\$//\")\"\n return 0\n else\n _debug \"Go to next level of $_domain\"\n fi\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n_dnsexit_rest() {\n m=POST\n ep=\"\"\n data=\"$1\"\n _debug _dnsexit_rest \"$ep\"\n _debug data \"$data\"\n\n api_key_trimmed=$(echo \"$DNSEXIT_API_KEY\" | tr -d '\"')\n\n export _H1=\"apikey: $api_key_trimmed\"\n export _H2='Content-Type: application/json'\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$DNSEXIT_API_URL/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$DNSEXIT_API_URL/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Error $ep\"\n return 1\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n\n_dnsexit_http() {\n m=GET\n param=\"$1\"\n _debug param \"$param\"\n _debug get \"$DNSEXIT_HOSTS_URL?$param\"\n\n response=\"$(_get \"$DNSEXIT_HOSTS_URL?$param\")\"\n\n _debug response \"$response\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Error $param\"\n return 1\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n\nget_account_info() {\n\n DNSEXIT_API_KEY=\"${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}\"\n if test -z \"$DNSEXIT_API_KEY\"; then\n DNSEXIT_API_KEY=''\n _err 'DNSEXIT_API_KEY was not exported'\n return 1\n fi\n\n _saveaccountconf_mutable DNSEXIT_API_KEY \"$DNSEXIT_API_KEY\"\n\n DNSEXIT_AUTH_USER=\"${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}\"\n if test -z \"$DNSEXIT_AUTH_USER\"; then\n DNSEXIT_AUTH_USER=\"\"\n _err 'DNSEXIT_AUTH_USER was not exported'\n return 1\n fi\n\n _saveaccountconf_mutable DNSEXIT_AUTH_USER \"$DNSEXIT_AUTH_USER\"\n\n DNSEXIT_AUTH_PASS=\"${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}\"\n if test -z \"$DNSEXIT_AUTH_PASS\"; then\n DNSEXIT_AUTH_PASS=\"\"\n _err 'DNSEXIT_AUTH_PASS was not exported'\n return 1\n fi\n\n _saveaccountconf_mutable DNSEXIT_AUTH_PASS \"$DNSEXIT_AUTH_PASS\"\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dnshome.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dnshome_info='dnsHome.de\nSite: dnsHome.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome\nOptions:\n DNSHOME_Subdomain Subdomain\n DNSHOME_SubdomainPassword Subdomain Password\nIssues: github.com/acmesh-official/acme.sh/issues/3819\nAuthor: @dnsHome-de\n'\n\n# Usage: add subdomain.ddnsdomain.tld \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_dnshome_add() {\n txtvalue=$2\n\n DNSHOME_Subdomain=\"${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}\"\n DNSHOME_SubdomainPassword=\"${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}\"\n\n if [ -z \"$DNSHOME_Subdomain\" ] || [ -z \"$DNSHOME_SubdomainPassword\" ]; then\n DNSHOME_Subdomain=\"\"\n DNSHOME_SubdomainPassword=\"\"\n _err \"Please specify/export your dnsHome.de Subdomain and Password\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _savedomainconf DNSHOME_Subdomain \"$DNSHOME_Subdomain\"\n _savedomainconf DNSHOME_SubdomainPassword \"$DNSHOME_SubdomainPassword\"\n\n DNSHOME_Api=\"https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php\"\n\n _DNSHOME_rest POST \"acme=add&txt=$txtvalue\"\n if ! echo \"$response\" | grep 'successfully' >/dev/null; then\n _err \"Error\"\n _err \"$response\"\n return 1\n fi\n\n return 0\n}\n\n# Usage: txtvalue\n# Used to remove the txt record after validation\ndns_dnshome_rm() {\n txtvalue=$2\n\n DNSHOME_Subdomain=\"${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}\"\n DNSHOME_SubdomainPassword=\"${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}\"\n\n DNSHOME_Api=\"https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php\"\n\n if [ -z \"$DNSHOME_Subdomain\" ] || [ -z \"$DNSHOME_SubdomainPassword\" ]; then\n DNSHOME_Subdomain=\"\"\n DNSHOME_SubdomainPassword=\"\"\n _err \"Please specify/export your dnsHome.de Subdomain and Password\"\n return 1\n fi\n\n _DNSHOME_rest POST \"acme=rm&txt=$txtvalue\"\n if ! echo \"$response\" | grep 'successfully' >/dev/null; then\n _err \"Error\"\n _err \"$response\"\n return 1\n fi\n\n return 0\n}\n\n#################### Private functions below ##################################\n_DNSHOME_rest() {\n method=$1\n data=\"$2\"\n _debug \"$data\"\n\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$DNSHOME_Api\" \"\" \"$method\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $data\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dnsimple.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dnsimple_info='DNSimple.com\nSite: DNSimple.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dnsimple\nOptions:\n DNSimple_OAUTH_TOKEN OAuth Token\nIssues: github.com/pho3nixf1re/acme.sh/issues\n'\n\nDNSimple_API=\"https://api.dnsimple.com/v2\"\n\n######## Public functions #####################\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dnsimple_add() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$DNSimple_OAUTH_TOKEN\" ]; then\n DNSimple_OAUTH_TOKEN=\"\"\n _err \"You have not set the dnsimple oauth token yet.\"\n _err \"Please visit https://dnsimple.com/user to generate it.\"\n return 1\n fi\n\n # save the oauth token for later\n _saveaccountconf DNSimple_OAUTH_TOKEN \"$DNSimple_OAUTH_TOKEN\"\n\n if ! _get_account_id; then\n _err \"failed to retrive account id\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _get_records \"$_account_id\" \"$_domain\" \"$_sub_domain\"\n\n _info \"Adding record\"\n if _dnsimple_rest POST \"$_account_id/zones/$_domain/records\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":120}\"; then\n if printf -- \"%s\" \"$response\" | grep \"\\\"name\\\":\\\"$_sub_domain\\\"\" >/dev/null; then\n _info \"Added\"\n return 0\n else\n _err \"Unexpected response while adding text record.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n}\n\n# fulldomain\ndns_dnsimple_rm() {\n fulldomain=$1\n\n if ! _get_account_id; then\n _err \"failed to retrive account id\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _get_records \"$_account_id\" \"$_domain\" \"$_sub_domain\"\n\n _extract_record_id \"$_records\" \"$_sub_domain\"\n if [ \"$_record_id\" ]; then\n echo \"$_record_id\" | while read -r item; do\n if _dnsimple_rest DELETE \"$_account_id/zones/$_domain/records/$item\"; then\n _info \"removed record\" \"$item\"\n return 0\n else\n _err \"failed to remove record\" \"$item\"\n return 1\n fi\n done\n fi\n}\n\n#################### Private functions bellow ##################################\n# _acme-challenge.www.domain.com\n# returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n previous=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n # not valid\n return 1\n fi\n\n if ! _dnsimple_rest GET \"$_account_id/zones/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" 'not found'; then\n _debug \"$h not found\"\n else\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$previous\")\n _domain=\"$h\"\n\n _debug _domain \"$_domain\"\n _debug _sub_domain \"$_sub_domain\"\n\n return 0\n fi\n\n previous=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n# returns _account_id\n_get_account_id() {\n _debug \"retrive account id\"\n if ! _dnsimple_rest GET \"whoami\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"account\\\":null\"; then\n _err \"no account associated with this token\"\n return 1\n fi\n\n if _contains \"$response\" \"timeout\"; then\n _err \"timeout retrieving account id\"\n return 1\n fi\n\n _account_id=$(printf \"%s\" \"$response\" | _egrep_o \"\\\"id\\\":[^,]*,\\\"email\\\":\" | cut -d: -f2 | cut -d, -f1)\n _debug _account_id \"$_account_id\"\n\n return 0\n}\n\n# returns\n# _records\n# _records_count\n_get_records() {\n account_id=$1\n domain=$2\n sub_domain=$3\n\n _debug \"fetching txt records\"\n _dnsimple_rest GET \"$account_id/zones/$domain/records?per_page=5000&sort=id:desc\"\n\n if ! _contains \"$response\" \"\\\"id\\\":\"; then\n _err \"failed to retrieve records\"\n return 1\n fi\n\n _records_count=$(printf \"%s\" \"$response\" | _egrep_o \"\\\"name\\\":\\\"$sub_domain\\\"\" | wc -l | _egrep_o \"[0-9]+\")\n _records=$response\n _debug _records_count \"$_records_count\"\n}\n\n# returns _record_id\n_extract_record_id() {\n _record_id=$(printf \"%s\" \"$_records\" | _egrep_o \"\\\"id\\\":[^,]*,\\\"zone_id\\\":\\\"[^,]*\\\",\\\"parent_id\\\":null,\\\"name\\\":\\\"$_sub_domain\\\"\" | cut -d: -f2 | cut -d, -f1)\n _debug \"_record_id\" \"$_record_id\"\n}\n\n# returns response\n_dnsimple_rest() {\n method=$1\n path=\"$2\"\n data=\"$3\"\n request_url=\"$DNSimple_API/$path\"\n _debug \"$path\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Authorization: Bearer $DNSimple_OAUTH_TOKEN\"\n\n if [ \"$data\" ] || [ \"$method\" = \"DELETE\" ]; then\n _H1=\"Content-Type: application/json\"\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$request_url\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$request_url\" \"\" \"\" \"$method\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $request_url\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dnsservices.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dnsservices_info='DNS.Services\nSite: DNS.Services\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices\nOptions:\n DnsServices_Username Username\n DnsServices_Password Password\nIssues: github.com/acmesh-official/acme.sh/issues/4152\nAuthor: Bjarke Bruun \n'\n\nDNSServices_API=https://dns.services/api\n\n######## Public functions #####################\n\n#Usage: dns_dnsservices_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dnsservices_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Using dns.services to create ACME DNS challenge\"\n _debug2 add_fulldomain \"$fulldomain\"\n _debug2 add_txtvalue \"$txtvalue\"\n\n # Read username/password from environment or .acme.sh/accounts.conf\n DnsServices_Username=\"${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}\"\n DnsServices_Password=\"${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}\"\n if [ -z \"$DnsServices_Username\" ] || [ -z \"$DnsServices_Password\" ]; then\n DnsServices_Username=\"\"\n DnsServices_Password=\"\"\n _err \"You didn't specify dns.services api username and password yet.\"\n _err \"Set environment variables DnsServices_Username and DnsServices_Password\"\n return 1\n fi\n\n # Setup GET/POST/DELETE headers\n _setup_headers\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable DnsServices_Username \"$DnsServices_Username\"\n _saveaccountconf_mutable DnsServices_Password \"$DnsServices_Password\"\n\n if ! _contains \"$DnsServices_Username\" \"@\"; then\n _err \"It seems that the username variable DnsServices_Username has not been set/left blank\"\n _err \"or is not a valid email. Please correct and try again.\"\n return 1\n fi\n\n if ! _get_root \"${fulldomain}\"; then\n _err \"Invalid domain ${fulldomain}\"\n return 1\n fi\n\n if ! createRecord \"$fulldomain\" \"${txtvalue}\"; then\n _err \"Error creating TXT record in domain $fulldomain in $rootZoneName\"\n return 1\n fi\n\n _debug2 challenge-created \"Created $fulldomain\"\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Description: Remove the txt record after validation.\ndns_dnsservices_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Using dns.services to remove DNS record $fulldomain TXT $txtvalue\"\n _debug rm_fulldomain \"$fulldomain\"\n _debug rm_txtvalue \"$txtvalue\"\n\n # Read username/password from environment or .acme.sh/accounts.conf\n DnsServices_Username=\"${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}\"\n DnsServices_Password=\"${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}\"\n if [ -z \"$DnsServices_Username\" ] || [ -z \"$DnsServices_Password\" ]; then\n DnsServices_Username=\"\"\n DnsServices_Password=\"\"\n _err \"You didn't specify dns.services api username and password yet.\"\n _err \"Set environment variables DnsServices_Username and DnsServices_Password\"\n return 1\n fi\n\n # Setup GET/POST/DELETE headers\n _setup_headers\n\n if ! _get_root \"${fulldomain}\"; then\n _err \"Invalid domain ${fulldomain}\"\n return 1\n fi\n\n _debug2 rm_rootDomainInfo \"found root domain $rootZoneName for $fulldomain\"\n\n if ! deleteRecord \"${fulldomain}\" \"${txtvalue}\"; then\n _err \"Error removing record: $fulldomain TXT ${txtvalue}\"\n return 1\n fi\n\n return 0\n}\n\n#################### Private functions below ##################################\n\n_setup_headers() {\n # Set up API Headers for _get() and _post()\n # The _add or _rm must have been called before to work\n\n if [ -z \"$DnsServices_Username\" ] || [ -z \"$DnsServices_Password\" ]; then\n _err \"Could not setup BASIC authentication headers, they are missing\"\n return 1\n fi\n\n DnsServiceCredentials=\"$(printf \"%s\" \"$DnsServices_Username:$DnsServices_Password\" | _base64)\"\n export _H1=\"Authorization: Basic $DnsServiceCredentials\"\n export _H2=\"Content-Type: application/json\"\n\n # Just return if headers are set\n return 0\n}\n\n_get_root() {\n domain=\"$1\"\n _debug2 _get_root \"Get the root domain of ${domain} for DNS API\"\n\n # Setup _get() and _post() headers\n #_setup_headers\n\n result=$(_H1=\"$_H1\" _H2=\"$_H2\" _get \"$DNSServices_API/dns\")\n result2=\"$(printf \"%s\\n\" \"$result\" | tr '[' '\\n' | grep '\"name\"')\"\n result3=\"$(printf \"%s\\n\" \"$result2\" | tr '}' '\\n' | grep '\"name\"' | sed \"s,^\\,,,g\" | sed \"s,$,},g\")\"\n useResult=\"\"\n _debug2 _get_root \"Got the following root domain(s) $result\"\n _debug2 _get_root \"- JSON: $result\"\n\n if [ \"$(printf \"%s\\n\" \"$result\" | tr '}' '\\n' | grep -c '\"name\"')\" -gt \"1\" ]; then\n checkMultiZones=\"true\"\n _debug2 _get_root \"- multiple zones found\"\n else\n checkMultiZones=\"false\"\n _debug2 _get_root \"- single zone found\"\n fi\n\n # Find/isolate the root zone to work with in createRecord() and deleteRecord()\n rootZone=\"\"\n if [ \"$checkMultiZones\" = \"true\" ]; then\n #rootZone=$(for x in $(printf \"%s\" \"${result3}\" | tr ',' '\\n' | sed -n 's/.*\"name\":\"\\(.*\\)\",.*/\\1/p'); do if [ \"$(echo \"$domain\" | grep \"$x\")\" != \"\" ]; then echo \"$x\"; fi; done)\n rootZone=$(for x in $(printf \"%s\\n\" \"${result3}\" | tr ',' '\\n' | grep name | cut -d'\"' -f4); do if [ \"$(echo \"$domain\" | grep \"$x\")\" != \"\" ]; then echo \"$x\"; fi; done)\n if [ \"$rootZone\" != \"\" ]; then\n _debug2 _rootZone \"- root zone for $domain is $rootZone\"\n else\n _err \"Could not find root zone for $domain, is it correctly typed?\"\n return 1\n fi\n else\n rootZone=$(echo \"$result\" | tr '}' '\\n' | _egrep_o '\"name\":\"[^\"]*' | cut -d'\"' -f4)\n _debug2 _get_root \"- only found 1 domain in API: $rootZone\"\n fi\n\n if [ -z \"$rootZone\" ]; then\n _err \"Could not find root domain for $domain - is it correctly typed?\"\n return 1\n fi\n\n # Make sure we use the correct API zone data\n useResult=\"$(printf \"%s\\n\" \"${result3}\" tr ',' '\\n' | grep \"$rootZone\")\"\n _debug2 _useResult \"useResult=$useResult\"\n\n # Setup variables used by other functions to communicate with DNS.Services API\n #zoneInfo=$(printf \"%s\\n\" \"$useResult\" | sed -E 's,.*(zones)(.*),\\1\\2,g' | sed -E 's,^(.*\"name\":\")([^\"]*)\"(.*)$,\\2,g')\n zoneInfo=$(printf \"%s\\n\" \"$useResult\" | tr ',' '\\n' | grep '\"name\"' | cut -d'\"' -f4)\n rootZoneName=\"$rootZone\"\n subDomainName=\"$(printf \"%s\\n\" \"$domain\" | sed \"s,\\.$rootZone,,g\")\"\n subDomainNameClean=\"$(printf \"%s\\n\" \"$domain\" | sed \"s,_acme-challenge.,,g\")\"\n rootZoneDomainID=$(printf \"%s\\n\" \"$useResult\" | tr ',' '\\n' | grep domain_id | cut -d'\"' -f4)\n rootZoneServiceID=$(printf \"%s\\n\" \"$useResult\" | tr ',' '\\n' | grep service_id | cut -d'\"' -f4)\n\n _debug2 _zoneInfo \"Zone info from API : $zoneInfo\"\n _debug2 _get_root \"Root zone name : $rootZoneName\"\n _debug2 _get_root \"Root zone domain ID : $rootZoneDomainID\"\n _debug2 _get_root \"Root zone service ID: $rootZoneServiceID\"\n _debug2 _get_root \"Sub domain : $subDomainName\"\n\n _debug _get_root \"Found valid root domain $rootZone for $subDomainNameClean\"\n return 0\n}\n\ncreateRecord() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n # Get root domain information - needed for DNS.Services API communication\n if [ -z \"$rootZoneName\" ] || [ -z \"$rootZoneDomainID\" ] || [ -z \"$rootZoneServiceID\" ]; then\n _get_root \"$fulldomain\"\n fi\n if [ -z \"$rootZoneName\" ] || [ -z \"$rootZoneDomainID\" ] || [ -z \"$rootZoneServiceID\" ]; then\n _err \"Something happend - could not get the API zone information\"\n return 1\n fi\n\n _debug2 createRecord \"CNAME TXT value is: $txtvalue\"\n\n # Prepare data to send to API\n data=\"{\\\"name\\\":\\\"${fulldomain}\\\",\\\"type\\\":\\\"TXT\\\",\\\"content\\\":\\\"${txtvalue}\\\", \\\"ttl\\\":\\\"10\\\"}\"\n\n _debug2 createRecord \"data to API: $data\"\n result=$(_post \"$data\" \"$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records\" \"\" \"POST\")\n _debug2 createRecord \"result from API: $result\"\n\n if [ \"$(echo \"$result\" | _egrep_o \"\\\"success\\\":true\")\" = \"\" ]; then\n _err \"Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName\"\n _err \"$result\"\n return 1\n fi\n\n _info \"Record \\\"$fulldomain TXT $txtvalue\\\" has been created\"\n return 0\n}\n\ndeleteRecord() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _log deleteRecord \"Deleting $fulldomain TXT $txtvalue record\"\n\n if [ -z \"$rootZoneName\" ] || [ -z \"$rootZoneDomainID\" ] || [ -z \"$rootZoneServiceID\" ]; then\n _get_root \"$fulldomain\"\n fi\n\n result=\"$(_H1=\"$_H1\" _H2=\"$_H2\" _get \"$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID\")\"\n #recordInfo=\"$(echo \"$result\" | sed -e 's/:{/:{\\n/g' -e 's/},/\\n},\\n/g' | grep \"${txtvalue}\")\"\n #recordID=\"$(echo \"$recordInfo\" | sed -e 's/:{/:{\\n/g' -e 's/},/\\n},\\n/g' | grep \"${txtvalue}\" | sed -E 's,.*(zones)(.*),\\1\\2,g' | sed -E 's,^(.*\"id\":\")([^\"]*)\"(.*)$,\\2,g')\"\n recordID=\"$(printf \"%s\\n\" \"$result\" | tr '}' '\\n' | grep -- \"$txtvalue\" | tr ',' '\\n' | grep '\"id\"' | cut -d'\"' -f4)\"\n _debug2 _recordID \"recordID used for deletion of record: $recordID\"\n\n if [ -z \"$recordID\" ]; then\n _info \"Record $fulldomain TXT $txtvalue not found or already deleted\"\n return 0\n else\n _debug2 deleteRecord \"Found recordID=$recordID\"\n fi\n\n _debug2 deleteRecord \"DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID\"\n _log \"curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID\"\n result=\"$(_H1=\"$_H1\" _H2=\"$_H2\" _post \"\" \"$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID\" \"\" \"DELETE\")\"\n _debug2 deleteRecord \"API Delete result \\\"$result\\\"\"\n _log \"curl API Delete result \\\"$result\\\"\"\n\n # Return OK regardless\n return 0\n}\n"
},
{
"path": "dnsapi/dns_doapi.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_doapi_info='Domain-Offensive do.de\n Official LetsEncrypt API for do.de / Domain-Offensive.\n This API is also available to private customers/individuals.\nSite: do.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_doapi\nOptions:\n DO_LETOKEN LetsEncrypt Token\nIssues: github.com/acmesh-official/acme.sh/issues/2057\n'\n\nDO_API=\"https://my.do.de/api/letsencrypt\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_doapi_add() {\n fulldomain=$1\n txtvalue=$2\n\n DO_LETOKEN=\"${DO_LETOKEN:-$(_readaccountconf_mutable DO_LETOKEN)}\"\n if [ -z \"$DO_LETOKEN\" ]; then\n DO_LETOKEN=\"\"\n _err \"You didn't configure a do.de API token yet.\"\n _err \"Please set DO_LETOKEN and try again.\"\n return 1\n fi\n _saveaccountconf_mutable DO_LETOKEN \"$DO_LETOKEN\"\n\n _info \"Adding TXT record to ${fulldomain}\"\n response=\"$(_get \"$DO_API?token=$DO_LETOKEN&domain=${fulldomain}&value=${txtvalue}\")\"\n if _contains \"${response}\" 'success'; then\n return 0\n fi\n _err \"Could not create resource record, check logs\"\n _err \"${response}\"\n return 1\n}\n\ndns_doapi_rm() {\n fulldomain=$1\n\n DO_LETOKEN=\"${DO_LETOKEN:-$(_readaccountconf_mutable DO_LETOKEN)}\"\n if [ -z \"$DO_LETOKEN\" ]; then\n DO_LETOKEN=\"\"\n _err \"You didn't configure a do.de API token yet.\"\n _err \"Please set DO_LETOKEN and try again.\"\n return 1\n fi\n _saveaccountconf_mutable DO_LETOKEN \"$DO_LETOKEN\"\n\n _info \"Deleting resource record $fulldomain\"\n response=\"$(_get \"$DO_API?token=$DO_LETOKEN&domain=${fulldomain}&action=delete\")\"\n if _contains \"${response}\" 'success'; then\n return 0\n fi\n _err \"Could not delete resource record, check logs\"\n _err \"${response}\"\n return 1\n}\n"
},
{
"path": "dnsapi/dns_domeneshop.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_domeneshop_info='DomeneShop.no\nSite: DomeneShop.no\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_domeneshop\nOptions:\n DOMENESHOP_Token Token\n DOMENESHOP_Secret Secret\nIssues: github.com/acmesh-official/acme.sh/issues/2457\n'\n\nDOMENESHOP_Api_Endpoint=\"https://api.domeneshop.no/v0\"\n\n##################### Public functions #####################\n\n# Usage: dns_domeneshop_add \n# Example: dns_domeneshop_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_domeneshop_add() {\n fulldomain=$1\n txtvalue=$2\n\n # Get token and secret\n DOMENESHOP_Token=\"${DOMENESHOP_Token:-$(_readaccountconf_mutable DOMENESHOP_Token)}\"\n DOMENESHOP_Secret=\"${DOMENESHOP_Secret:-$(_readaccountconf_mutable DOMENESHOP_Secret)}\"\n\n if [ -z \"$DOMENESHOP_Token\" ] || [ -z \"$DOMENESHOP_Secret\" ]; then\n DOMENESHOP_Token=\"\"\n DOMENESHOP_Secret=\"\"\n _err \"You need to spesify a Domeneshop/Domainnameshop API Token and Secret.\"\n return 1\n fi\n\n # Save the api token and secret.\n _saveaccountconf_mutable DOMENESHOP_Token \"$DOMENESHOP_Token\"\n _saveaccountconf_mutable DOMENESHOP_Secret \"$DOMENESHOP_Secret\"\n\n # Get the domain name id\n if ! _get_domainid \"$fulldomain\"; then\n _err \"Did not find domainname\"\n return 1\n fi\n\n # Create record\n _domeneshop_rest POST \"domains/$_domainid/dns\" \"{\\\"type\\\":\\\"TXT\\\",\\\"host\\\":\\\"$_sub_domain\\\",\\\"data\\\":\\\"$txtvalue\\\",\\\"ttl\\\":120}\"\n}\n\n# Usage: dns_domeneshop_rm \n# Example: dns_domeneshop_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_domeneshop_rm() {\n fulldomain=$1\n txtvalue=$2\n\n # Get token and secret\n DOMENESHOP_Token=\"${DOMENESHOP_Token:-$(_readaccountconf_mutable DOMENESHOP_Token)}\"\n DOMENESHOP_Secret=\"${DOMENESHOP_Secret:-$(_readaccountconf_mutable DOMENESHOP_Secret)}\"\n\n if [ -z \"$DOMENESHOP_Token\" ] || [ -z \"$DOMENESHOP_Secret\" ]; then\n DOMENESHOP_Token=\"\"\n DOMENESHOP_Secret=\"\"\n _err \"You need to spesify a Domeneshop/Domainnameshop API Token and Secret.\"\n return 1\n fi\n\n # Get the domain name id\n if ! _get_domainid \"$fulldomain\"; then\n _err \"Did not find domainname\"\n return 1\n fi\n\n # Find record\n if ! _get_recordid \"$_domainid\" \"$_sub_domain\" \"$txtvalue\"; then\n _err \"Did not find dns record\"\n return 1\n fi\n\n # Remove record\n _domeneshop_rest DELETE \"domains/$_domainid/dns/$_recordid\"\n}\n\n##################### Private functions #####################\n\n_get_domainid() {\n domain=$1\n\n # Get domains\n _domeneshop_rest GET \"domains\"\n\n if ! _contains \"$response\" \"\\\"id\\\":\"; then\n _err \"failed to get domain names\"\n return 1\n fi\n\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug \"h\" \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"\\\"$h\\\"\" >/dev/null; then\n # We have found the domain name.\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n _domainid=$(printf \"%s\" \"$response\" | _egrep_o \"[^{]*\\\"domain\\\":\\\"$_domain\\\"[^}]*\" | _egrep_o \"\\\"id\\\":[0-9]+\" | cut -d : -f 2)\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_get_recordid() {\n domainid=$1\n subdomain=$2\n txtvalue=$3\n\n # Get all dns records for the domainname\n _domeneshop_rest GET \"domains/$domainid/dns\"\n\n if ! _contains \"$response\" \"\\\"id\\\":\"; then\n _debug \"No records in dns\"\n return 1\n fi\n\n if ! _contains \"$response\" \"\\\"host\\\":\\\"$subdomain\\\"\"; then\n _debug \"Record does not exist\"\n return 1\n fi\n\n # Get the id of the record in question\n _recordid=$(printf \"%s\" \"$response\" | _egrep_o \"[^{]*\\\"host\\\":\\\"$subdomain\\\"[^}]*\" | _egrep_o \"[^{]*\\\"data\\\":\\\"$txtvalue\\\"[^}]*\" | _egrep_o \"\\\"id\\\":[0-9]+\" | cut -d : -f 2)\n if [ -z \"$_recordid\" ]; then\n return 1\n fi\n return 0\n}\n\n_domeneshop_rest() {\n method=$1\n endpoint=$2\n data=$3\n\n credentials=$(printf \"%b\" \"$DOMENESHOP_Token:$DOMENESHOP_Secret\" | _base64)\n\n export _H1=\"Authorization: Basic $credentials\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$method\" != \"GET\" ]; then\n response=\"$(_post \"$data\" \"$DOMENESHOP_Api_Endpoint/$endpoint\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$DOMENESHOP_Api_Endpoint/$endpoint\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $endpoint\"\n return 1\n fi\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dp.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dp_info='DNSPod.cn\nSite: DNSPod.cn\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dp\nOptions:\n DP_Id Id\n DP_Key Key\n'\n\nREST_API=\"https://dnsapi.cn\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dp_add() {\n fulldomain=$1\n txtvalue=$2\n\n DP_Id=\"${DP_Id:-$(_readaccountconf_mutable DP_Id)}\"\n DP_Key=\"${DP_Key:-$(_readaccountconf_mutable DP_Key)}\"\n if [ -z \"$DP_Id\" ] || [ -z \"$DP_Key\" ]; then\n DP_Id=\"\"\n DP_Key=\"\"\n _err \"You don't specify dnspod api key and key id yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable DP_Id \"$DP_Id\"\n _saveaccountconf_mutable DP_Key \"$DP_Key\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n add_record \"$_domain\" \"$_sub_domain\" \"$txtvalue\"\n\n}\n\n#fulldomain txtvalue\ndns_dp_rm() {\n fulldomain=$1\n txtvalue=$2\n\n DP_Id=\"${DP_Id:-$(_readaccountconf_mutable DP_Id)}\"\n DP_Key=\"${DP_Key:-$(_readaccountconf_mutable DP_Key)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n if ! _rest POST \"Record.List\" \"login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain\"; then\n _err \"Record.Lis error.\"\n return 1\n fi\n\n if _contains \"$response\" 'No records'; then\n _info \"Don't need to remove.\"\n return 0\n fi\n\n record_id=$(echo \"$response\" | tr \"{\" \"\\n\" | grep -- \"$txtvalue\" | grep '^\"id\"' | cut -d : -f 2 | cut -d '\"' -f 2)\n _debug record_id \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id.\"\n return 1\n fi\n\n if ! _rest POST \"Record.Remove\" \"login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&record_id=$record_id\"; then\n _err \"Record.Remove error.\"\n return 1\n fi\n\n _contains \"$response\" \"successful\"\n\n}\n\n#add the txt record.\n#usage: root sub txtvalue\nadd_record() {\n root=$1\n sub=$2\n txtvalue=$3\n fulldomain=\"$sub.$root\"\n\n _info \"Adding record\"\n\n if ! _rest POST \"Record.Create\" \"login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4\"; then\n return 1\n fi\n\n _contains \"$response\" \"successful\" || _contains \"$response\" \"Domain record already exists\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _rest POST \"Domain.Info\" \"login_token=$DP_Id,$DP_Key&format=json&lang=en&domain=$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"successful\"; then\n _domain_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\")\n _debug _domain_id \"$_domain_id\"\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _debug _sub_domain \"$_sub_domain\"\n _domain=\"$h\"\n _debug _domain \"$_domain\"\n return 0\n fi\n return 1\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n#Usage: method URI data\n_rest() {\n m=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n url=\"$REST_API/$ep\"\n\n _debug url \"$url\"\n\n if [ \"$m\" = \"GET\" ]; then\n response=\"$(_get \"$url\" | tr -d '\\r')\"\n else\n _debug2 data \"$data\"\n response=\"$(_post \"$data\" \"$url\" | tr -d '\\r')\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dpi.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dpi_info='DNSPod.com\nSite: DNSPod.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dpi\nOptions:\n DPI_Id Id\n DPI_Key Key\n'\n\nREST_API=\"https://api.dnspod.com\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dpi_add() {\n fulldomain=$1\n txtvalue=$2\n\n DPI_Id=\"${DPI_Id:-$(_readaccountconf_mutable DPI_Id)}\"\n DPI_Key=\"${DPI_Key:-$(_readaccountconf_mutable DPI_Key)}\"\n if [ -z \"$DPI_Id\" ] || [ -z \"$DPI_Key\" ]; then\n DPI_Id=\"\"\n DPI_Key=\"\"\n _err \"You don't specify dnspod api key and key id yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable DPI_Id \"$DPI_Id\"\n _saveaccountconf_mutable DPI_Key \"$DPI_Key\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n add_record \"$_domain\" \"$_sub_domain\" \"$txtvalue\"\n\n}\n\n#fulldomain txtvalue\ndns_dpi_rm() {\n fulldomain=$1\n txtvalue=$2\n\n DPI_Id=\"${DPI_Id:-$(_readaccountconf_mutable DPI_Id)}\"\n DPI_Key=\"${DPI_Key:-$(_readaccountconf_mutable DPI_Key)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n if ! _rest POST \"Record.List\" \"login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain\"; then\n _err \"Record.Lis error.\"\n return 1\n fi\n\n if _contains \"$response\" 'No records'; then\n _info \"Don't need to remove.\"\n return 0\n fi\n\n record_id=$(echo \"$response\" | tr \"{\" \"\\n\" | grep -- \"$txtvalue\" | grep '^\"id\"' | cut -d : -f 2 | cut -d '\"' -f 2)\n _debug record_id \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id.\"\n return 1\n fi\n\n if ! _rest POST \"Record.Remove\" \"login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&record_id=$record_id\"; then\n _err \"Record.Remove error.\"\n return 1\n fi\n\n _contains \"$response\" \"Operation successful\"\n\n}\n\n#add the txt record.\n#usage: root sub txtvalue\nadd_record() {\n root=$1\n sub=$2\n txtvalue=$3\n fulldomain=\"$sub.$root\"\n\n _info \"Adding record\"\n\n if ! _rest POST \"Record.Create\" \"login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=default\"; then\n return 1\n fi\n\n _contains \"$response\" \"Operation successful\" || _contains \"$response\" \"Domain record already exists\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _rest POST \"Domain.Info\" \"login_token=$DPI_Id,$DPI_Key&format=json&domain=$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"Operation successful\"; then\n _domain_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\")\n _debug _domain_id \"$_domain_id\"\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _debug _sub_domain \"$_sub_domain\"\n _domain=\"$h\"\n _debug _domain \"$_domain\"\n return 0\n fi\n return 1\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n#Usage: method URI data\n_rest() {\n m=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n url=\"$REST_API/$ep\"\n\n _debug url \"$url\"\n\n if [ \"$m\" = \"GET\" ]; then\n response=\"$(_get \"$url\" | tr -d '\\r')\"\n else\n _debug2 data \"$data\"\n response=\"$(_post \"$data\" \"$url\" | tr -d '\\r')\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dreamhost.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dreamhost_info='DreamHost.com\nSite: DreamHost.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dreamhost\nOptions:\n DH_API_KEY API Key\nIssues: github.com/RhinoLance/acme.sh\nAuthor: RhinoLance\n'\n\nDH_API_ENDPOINT=\"https://api.dreamhost.com/\"\nquerystring=\"\"\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dreamhost_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! validate \"$fulldomain\" \"$txtvalue\"; then\n return 1\n fi\n\n querystring=\"key=$DH_API_KEY&cmd=dns-add_record&record=$fulldomain&type=TXT&value=$txtvalue\"\n if ! submit \"$querystring\"; then\n return 1\n fi\n\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_dreamhost_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! validate \"$fulldomain\" \"$txtvalue\"; then\n return 1\n fi\n\n querystring=\"key=$DH_API_KEY&cmd=dns-remove_record&record=$fulldomain&type=TXT&value=$txtvalue\"\n if ! submit \"$querystring\"; then\n return 1\n fi\n\n return 0\n}\n\n#################### Private functions below ##################################\n\n#send the command to the api endpoint.\nsubmit() {\n querystring=$1\n\n url=\"$DH_API_ENDPOINT?$querystring\"\n\n _debug url \"$url\"\n\n if ! response=\"$(_get \"$url\")\"; then\n _err \"Error <$1>\"\n return 1\n fi\n\n if [ -z \"$2\" ]; then\n message=\"$(echo \"$response\" | _egrep_o \"\\\"Message\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\")\"\n if [ -n \"$message\" ]; then\n _err \"$message\"\n return 1\n fi\n fi\n\n _debug response \"$response\"\n\n return 0\n}\n\n#check that we have a valid API Key\nvalidate() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using dreamhost\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n #retrieve the API key from the environment variable if it exists, otherwise look for a saved key.\n DH_API_KEY=\"${DH_API_KEY:-$(_readaccountconf_mutable DH_API_KEY)}\"\n\n if [ -z \"$DH_API_KEY\" ]; then\n DH_API_KEY=\"\"\n _err \"You didn't specify the DreamHost api key yet (export DH_API_KEY=\\\"\\\")\"\n _err \"Please login to your control panel, create a key and try again.\"\n return 1\n fi\n\n #save the api key to the account conf file.\n _saveaccountconf_mutable DH_API_KEY \"$DH_API_KEY\"\n}\n"
},
{
"path": "dnsapi/dns_duckdns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_duckdns_info='DuckDNS.org\nSite: www.DuckDNS.org\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns\nOptions:\n DuckDNS_Token API Token\nAuthor: @RaidenII\n'\n\nDuckDNS_API=\"https://www.duckdns.org/update\"\n\n######## Public functions ######################\n\n#Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_duckdns_add() {\n fulldomain=$1\n txtvalue=$2\n\n DuckDNS_Token=\"${DuckDNS_Token:-$(_readaccountconf_mutable DuckDNS_Token)}\"\n if [ -z \"$DuckDNS_Token\" ]; then\n _err \"You must export variable: DuckDNS_Token\"\n _err \"The token for your DuckDNS account is necessary.\"\n _err \"You can look it up in your DuckDNS account.\"\n return 1\n fi\n\n # Now save the credentials.\n _saveaccountconf_mutable DuckDNS_Token \"$DuckDNS_Token\"\n\n # Unfortunately, DuckDNS does not seems to support lookup domain through API\n # So I assume your credentials (which are your domain and token) are correct\n # If something goes wrong, we will get a KO response from DuckDNS\n\n if ! _duckdns_get_domain; then\n return 1\n fi\n\n # Now add the TXT record to DuckDNS\n _info \"Trying to add TXT record\"\n if _duckdns_rest GET \"domains=$_duckdns_domain&token=$DuckDNS_Token&txt=$txtvalue\"; then\n if [ \"$response\" = \"OK\" ]; then\n _info \"TXT record has been successfully added to your DuckDNS domain.\"\n _info \"Note that all subdomains under this domain uses the same TXT record.\"\n return 0\n else\n _err \"Errors happened during adding the TXT record, response=$response\"\n return 1\n fi\n else\n _err \"Errors happened during adding the TXT record.\"\n return 1\n fi\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_duckdns_rm() {\n fulldomain=$1\n txtvalue=$2\n\n DuckDNS_Token=\"${DuckDNS_Token:-$(_readaccountconf_mutable DuckDNS_Token)}\"\n if [ -z \"$DuckDNS_Token\" ]; then\n _err \"You must export variable: DuckDNS_Token\"\n _err \"The token for your DuckDNS account is necessary.\"\n _err \"You can look it up in your DuckDNS account.\"\n return 1\n fi\n\n if ! _duckdns_get_domain; then\n return 1\n fi\n\n # Now remove the TXT record from DuckDNS\n _info \"Trying to remove TXT record\"\n if _duckdns_rest GET \"domains=$_duckdns_domain&token=$DuckDNS_Token&txt=&clear=true\"; then\n if [ \"$response\" = \"OK\" ]; then\n _info \"TXT record has been successfully removed from your DuckDNS domain.\"\n return 0\n else\n _err \"Errors happened during removing the TXT record, response=$response\"\n return 1\n fi\n else\n _err \"Errors happened during removing the TXT record.\"\n return 1\n fi\n}\n\n#################### Private functions below ##################################\n\n# fulldomain may be 'domain.duckdns.org' (if using --domain-alias) or '_acme-challenge.domain.duckdns.org'\n# either way, return 'domain'. (duckdns does not allow further subdomains and restricts domains to [a-z0-9-].)\n_duckdns_get_domain() {\n\n # We'll extract the domain/username from full domain\n _duckdns_domain=\"$(printf \"%s\" \"$fulldomain\" | _lower_case | _egrep_o '^(_acme-challenge\\.)?([a-z0-9-]+\\.)+duckdns\\.org' | sed -n 's/^\\([^.]\\{1,\\}\\.\\)*\\([a-z0-9-]\\{1,\\}\\)\\.duckdns\\.org$/\\2/p;')\"\n\n if [ -z \"$_duckdns_domain\" ]; then\n _err \"Error extracting the domain.\"\n return 1\n fi\n\n return 0\n}\n\n#Usage: method URI\n_duckdns_rest() {\n method=$1\n param=\"$2\"\n _debug param \"$param\"\n url=\"$DuckDNS_API?$param\"\n if [ -n \"$DEBUG\" ] && [ \"$DEBUG\" -gt 0 ]; then\n url=\"$url&verbose=true\"\n fi\n _debug url \"$url\"\n\n # DuckDNS uses GET to update domain info\n if [ \"$method\" = \"GET\" ]; then\n response=\"$(_get \"$url\")\"\n _debug2 response \"$response\"\n if [ -n \"$DEBUG\" ] && [ \"$DEBUG\" -gt 0 ] && _contains \"$response\" \"UPDATED\" && _contains \"$response\" \"OK\"; then\n response=\"OK\"\n fi\n else\n _err \"Unsupported method\"\n return 1\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_durabledns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_durabledns_info='DurableDNS.com\nSite: DurableDNS.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_durabledns\nOptions:\n DD_API_User API User\n DD_API_Key API Key\nIssues: github.com/acmesh-official/acme.sh/issues/2281\n'\n\n_DD_BASE=\"https://durabledns.com/services/dns\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_durabledns_add() {\n fulldomain=$1\n txtvalue=$2\n\n DD_API_User=\"${DD_API_User:-$(_readaccountconf_mutable DD_API_User)}\"\n DD_API_Key=\"${DD_API_Key:-$(_readaccountconf_mutable DD_API_Key)}\"\n if [ -z \"$DD_API_User\" ] || [ -z \"$DD_API_Key\" ]; then\n DD_API_User=\"\"\n DD_API_Key=\"\"\n _err \"You didn't specify a durabledns api user or key yet.\"\n _err \"You can get yours from here https://durabledns.com/dashboard/index.php\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable DD_API_User \"$DD_API_User\"\n _saveaccountconf_mutable DD_API_Key \"$DD_API_Key\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _dd_soap createRecord string zonename \"$_domain.\" string name \"$_sub_domain\" string type \"TXT\" string data \"$txtvalue\" int aux 0 int ttl 10 string ddns_enabled N\n _contains \"$response\" \"createRecordResponse\"\n}\n\ndns_durabledns_rm() {\n fulldomain=$1\n txtvalue=$2\n\n DD_API_User=\"${DD_API_User:-$(_readaccountconf_mutable DD_API_User)}\"\n DD_API_Key=\"${DD_API_Key:-$(_readaccountconf_mutable DD_API_Key)}\"\n if [ -z \"$DD_API_User\" ] || [ -z \"$DD_API_Key\" ]; then\n DD_API_User=\"\"\n DD_API_Key=\"\"\n _err \"You didn't specify a durabledns api user or key yet.\"\n _err \"You can get yours from here https://durabledns.com/dashboard/index.php\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Find record id\"\n if ! _dd_soap listRecords string zonename \"$_domain.\"; then\n _err \"can not listRecords\"\n return 1\n fi\n\n subtxt=\"$(echo \"$txtvalue\" | cut -c 1-30)\"\n record=\"$(echo \"$response\" | sed 's//#- /g' | tr '#' '\\n' | grep \">$subtxt\")\"\n _debug record \"$record\"\n if [ -z \"$record\" ]; then\n _err \"can not find record for txtvalue\" \"$txtvalue\"\n _err \"$response\"\n return 1\n fi\n\n recordid=\"$(echo \"$record\" | _egrep_o '[0-9]*' | cut -d '>' -f 2 | cut -d '<' -f 1)\"\n _debug recordid \"$recordid\"\n if [ -z \"$recordid\" ]; then\n _err \"can not find record id\"\n return 1\n fi\n\n if ! _dd_soap deleteRecord string zonename \"$_domain.\" int id \"$recordid\"; then\n _err \"delete error\"\n return 1\n fi\n\n _contains \"$response\" \"Success\"\n}\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n if ! _dd_soap \"listZones\"; then\n return 1\n fi\n\n i=1\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \">$h.\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n\n}\n\n#method\n_dd_soap() {\n _method=\"$1\"\n shift\n _urn=\"${_method}wsdl\"\n # put the parameters to xml\n body=\"\n $DD_API_User\n $DD_API_Key\n \"\n while [ \"$1\" ]; do\n _t=\"$1\"\n shift\n _k=\"$1\"\n shift\n _v=\"$1\"\n shift\n body=\"$body<$_k xsi:type=\\\"xsd:$_t\\\">$_v\"\n done\n body=\"$body\"\n _debug2 \"SOAP request ${body}\"\n\n # build SOAP XML\n _xml='\n\n '\"$body\"'\n'\n\n _debug2 _xml \"$_xml\"\n # set SOAP headers\n _action=\"SOAPAction: \\\"urn:$_urn#$_method\\\"\"\n _debug2 \"_action\" \"$_action\"\n export _H1=\"$_action\"\n export _H2=\"Content-Type: text/xml; charset=utf-8\"\n\n _url=\"$_DD_BASE/$_method.php\"\n _debug \"_url\" \"$_url\"\n if ! response=\"$(_post \"${_xml}\" \"${_url}\")\"; then\n _err \"Error <$1>\"\n return 1\n fi\n _debug2 \"response\" \"$response\"\n response=\"$(echo \"$response\" | tr -d \"\\r\\n\" | _egrep_o \":${_method}Response .*:${_method}Response><\")\"\n _debug2 \"response\" \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dyn.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dyn_info='Dyn.com\nDomains: dynect.net\nSite: Dyn.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dyn\nOptions:\n DYN_Customer Customer\n DYN_Username API Username\n DYN_Password Secret\nAuthor: Gerd Naschenweng <@magicdude4eva>\n'\n\n# Dyn Managed DNS API\n# https://help.dyn.com/dns-api-knowledge-base/\n#\n# It is recommended to add a \"Dyn Managed DNS\" user specific for API access.\n# The \"Zones & Records Permissions\" required by this script are:\n# --\n# RecordAdd\n# RecordUpdate\n# RecordDelete\n# RecordGet\n# ZoneGet\n# ZoneAddNode\n# ZoneRemoveNode\n# ZonePublish\n# --\n\nDYN_API=\"https://api.dynect.net/REST\"\n\n#REST_API\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"Challenge-code\"\ndns_dyn_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n DYN_Customer=\"${DYN_Customer:-$(_readaccountconf_mutable DYN_Customer)}\"\n DYN_Username=\"${DYN_Username:-$(_readaccountconf_mutable DYN_Username)}\"\n DYN_Password=\"${DYN_Password:-$(_readaccountconf_mutable DYN_Password)}\"\n if [ -z \"$DYN_Customer\" ] || [ -z \"$DYN_Username\" ] || [ -z \"$DYN_Password\" ]; then\n DYN_Customer=\"\"\n DYN_Username=\"\"\n DYN_Password=\"\"\n _err \"You must export variables: DYN_Customer, DYN_Username and DYN_Password\"\n return 1\n fi\n\n #save the config variables to the account conf file.\n _saveaccountconf_mutable DYN_Customer \"$DYN_Customer\"\n _saveaccountconf_mutable DYN_Username \"$DYN_Username\"\n _saveaccountconf_mutable DYN_Password \"$DYN_Password\"\n\n if ! _dyn_get_authtoken; then\n return 1\n fi\n\n if [ -z \"$_dyn_authtoken\" ]; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_get_zone; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_add_record; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_publish_zone; then\n _dyn_end_session\n return 1\n fi\n\n _dyn_end_session\n\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_dyn_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n DYN_Customer=\"${DYN_Customer:-$(_readaccountconf_mutable DYN_Customer)}\"\n DYN_Username=\"${DYN_Username:-$(_readaccountconf_mutable DYN_Username)}\"\n DYN_Password=\"${DYN_Password:-$(_readaccountconf_mutable DYN_Password)}\"\n if [ -z \"$DYN_Customer\" ] || [ -z \"$DYN_Username\" ] || [ -z \"$DYN_Password\" ]; then\n DYN_Customer=\"\"\n DYN_Username=\"\"\n DYN_Password=\"\"\n _err \"You must export variables: DYN_Customer, DYN_Username and DYN_Password\"\n return 1\n fi\n\n if ! _dyn_get_authtoken; then\n return 1\n fi\n\n if [ -z \"$_dyn_authtoken\" ]; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_get_zone; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_get_record_id; then\n _dyn_end_session\n return 1\n fi\n\n if [ -z \"$_dyn_record_id\" ]; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_rm_record; then\n _dyn_end_session\n return 1\n fi\n\n if ! _dyn_publish_zone; then\n _dyn_end_session\n return 1\n fi\n\n _dyn_end_session\n\n return 0\n}\n\n#################### Private functions below ##################################\n\n#get Auth-Token\n_dyn_get_authtoken() {\n\n _info \"Start Dyn API Session\"\n\n data=\"{\\\"customer_name\\\":\\\"$DYN_Customer\\\", \\\"user_name\\\":\\\"$DYN_Username\\\", \\\"password\\\":\\\"$DYN_Password\\\"}\"\n dyn_url=\"$DYN_API/Session/\"\n method=\"POST\"\n\n _debug data \"$data\"\n _debug dyn_url \"$dyn_url\"\n\n export _H1=\"Content-Type: application/json\"\n\n response=\"$(_post \"$data\" \"$dyn_url\" \"\" \"$method\")\"\n sessionstatus=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"status\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"status\" *: *\"##')\"\n\n _debug response \"$response\"\n _debug sessionstatus \"$sessionstatus\"\n\n if [ \"$sessionstatus\" = \"success\" ]; then\n _dyn_authtoken=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"token\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"token\" *: *\"##')\"\n _info \"Token received\"\n _debug _dyn_authtoken \"$_dyn_authtoken\"\n return 0\n fi\n\n _dyn_authtoken=\"\"\n _err \"get token failed\"\n return 1\n}\n\n#fulldomain=_acme-challenge.www.domain.com\n#returns\n# _dyn_zone=domain.com\n_dyn_get_zone() {\n i=2\n while true; do\n domain=\"$(printf \"%s\" \"$fulldomain\" | cut -d . -f \"$i-100\")\"\n if [ -z \"$domain\" ]; then\n break\n fi\n\n dyn_url=\"$DYN_API/Zone/$domain/\"\n\n export _H1=\"Auth-Token: $_dyn_authtoken\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_get \"$dyn_url\" \"\" \"\")\"\n sessionstatus=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"status\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"status\" *: *\"##')\"\n\n _debug dyn_url \"$dyn_url\"\n _debug response \"$response\"\n _debug sessionstatus \"$sessionstatus\"\n\n if [ \"$sessionstatus\" = \"success\" ]; then\n _dyn_zone=\"$domain\"\n return 0\n fi\n i=$(_math \"$i\" + 1)\n done\n\n _dyn_zone=\"\"\n _err \"get zone failed\"\n return 1\n}\n\n#add TXT record\n_dyn_add_record() {\n\n _info \"Adding TXT record\"\n\n data=\"{\\\"rdata\\\":{\\\"txtdata\\\":\\\"$txtvalue\\\"},\\\"ttl\\\":\\\"300\\\"}\"\n dyn_url=\"$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/\"\n method=\"POST\"\n\n export _H1=\"Auth-Token: $_dyn_authtoken\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_post \"$data\" \"$dyn_url\" \"\" \"$method\")\"\n sessionstatus=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"status\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"status\" *: *\"##')\"\n\n _debug response \"$response\"\n _debug sessionstatus \"$sessionstatus\"\n\n if [ \"$sessionstatus\" = \"success\" ]; then\n _info \"TXT Record successfully added\"\n return 0\n fi\n\n _err \"add TXT record failed\"\n return 1\n}\n\n#publish the zone\n_dyn_publish_zone() {\n\n _info \"Publishing zone\"\n\n data=\"{\\\"publish\\\":\\\"true\\\"}\"\n dyn_url=\"$DYN_API/Zone/$_dyn_zone/\"\n method=\"PUT\"\n\n export _H1=\"Auth-Token: $_dyn_authtoken\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_post \"$data\" \"$dyn_url\" \"\" \"$method\")\"\n sessionstatus=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"status\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"status\" *: *\"##')\"\n\n _debug response \"$response\"\n _debug sessionstatus \"$sessionstatus\"\n\n if [ \"$sessionstatus\" = \"success\" ]; then\n _info \"Zone published\"\n return 0\n fi\n\n _err \"publish zone failed\"\n return 1\n}\n\n#get record_id of TXT record so we can delete the record\n_dyn_get_record_id() {\n\n _info \"Getting record_id of TXT record\"\n\n dyn_url=\"$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/\"\n\n export _H1=\"Auth-Token: $_dyn_authtoken\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_get \"$dyn_url\" \"\" \"\")\"\n sessionstatus=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"status\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"status\" *: *\"##')\"\n\n _debug response \"$response\"\n _debug sessionstatus \"$sessionstatus\"\n\n if [ \"$sessionstatus\" = \"success\" ]; then\n _dyn_record_id=\"$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"data\\\" *: *\\[\\\"/REST/TXTRecord/$_dyn_zone/$fulldomain/[^\\\"]*\" | _head_n 1 | sed \"s#^\\\"data\\\" *: *\\[\\\"/REST/TXTRecord/$_dyn_zone/$fulldomain/##\")\"\n _debug _dyn_record_id \"$_dyn_record_id\"\n return 0\n fi\n\n _dyn_record_id=\"\"\n _err \"getting record_id failed\"\n return 1\n}\n\n#delete TXT record\n_dyn_rm_record() {\n\n _info \"Deleting TXT record\"\n\n dyn_url=\"$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/$_dyn_record_id/\"\n method=\"DELETE\"\n\n _debug dyn_url \"$dyn_url\"\n\n export _H1=\"Auth-Token: $_dyn_authtoken\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_post \"\" \"$dyn_url\" \"\" \"$method\")\"\n sessionstatus=\"$(printf \"%s\\n\" \"$response\" | _egrep_o '\"status\" *: *\"[^\"]*' | _head_n 1 | sed 's#^\"status\" *: *\"##')\"\n\n _debug response \"$response\"\n _debug sessionstatus \"$sessionstatus\"\n\n if [ \"$sessionstatus\" = \"success\" ]; then\n _info \"TXT record successfully deleted\"\n return 0\n fi\n\n _err \"delete TXT record failed\"\n return 1\n}\n\n#logout\n_dyn_end_session() {\n\n _info \"End Dyn API Session\"\n\n dyn_url=\"$DYN_API/Session/\"\n method=\"DELETE\"\n\n _debug dyn_url \"$dyn_url\"\n\n export _H1=\"Auth-Token: $_dyn_authtoken\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_post \"\" \"$dyn_url\" \"\" \"$method\")\"\n\n _debug response \"$response\"\n\n _dyn_authtoken=\"\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dynu.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dynu_info='Dynu.com\nSite: Dynu.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dynu\nOptions:\n Dynu_ClientId Client ID\n Dynu_Secret Secret\nIssues: github.com/shar0119/acme.sh\nAuthor: Dynu Systems Inc\n'\n\n#Token\nDynu_Token=\"\"\n#\n#Endpoint\nDynu_EndPoint=\"https://api.dynu.com/v2\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dynu_add() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$Dynu_ClientId\" ] || [ -z \"$Dynu_Secret\" ]; then\n Dynu_ClientId=\"\"\n Dynu_Secret=\"\"\n _err \"Dynu client id and secret is not specified.\"\n _err \"Please create you API client id and secret and try again.\"\n return 1\n fi\n\n #save the client id and secret to the account conf file.\n _saveaccountconf Dynu_ClientId \"$Dynu_ClientId\"\n _saveaccountconf Dynu_Secret \"$Dynu_Secret\"\n\n if [ -z \"$Dynu_Token\" ]; then\n _info \"Getting Dynu token.\"\n if ! _dynu_authentication; then\n _err \"Can not get token.\"\n fi\n fi\n\n _debug \"Detect root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain.\"\n return 1\n fi\n\n _debug _node \"$_node\"\n _debug _domain_name \"$_domain_name\"\n\n _info \"Creating TXT record.\"\n if ! _dynu_rest POST \"dns/$dnsId/record\" \"{\\\"domainId\\\":\\\"$dnsId\\\",\\\"nodeName\\\":\\\"$_node\\\",\\\"recordType\\\":\\\"TXT\\\",\\\"textData\\\":\\\"$txtvalue\\\",\\\"state\\\":true,\\\"ttl\\\":90}\"; then\n return 1\n fi\n\n if ! _contains \"$response\" \"200\"; then\n _err \"Could not add TXT record.\"\n return 1\n fi\n\n return 0\n}\n\n#Usage: rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dynu_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$Dynu_ClientId\" ] || [ -z \"$Dynu_Secret\" ]; then\n Dynu_ClientId=\"\"\n Dynu_Secret=\"\"\n _err \"Dynu client id and secret is not specified.\"\n _err \"Please create you API client id and secret and try again.\"\n return 1\n fi\n\n #save the client id and secret to the account conf file.\n _saveaccountconf Dynu_ClientId \"$Dynu_ClientId\"\n _saveaccountconf Dynu_Secret \"$Dynu_Secret\"\n\n if [ -z \"$Dynu_Token\" ]; then\n _info \"Getting Dynu token.\"\n if ! _dynu_authentication; then\n _err \"Can not get token.\"\n fi\n fi\n\n _debug \"Detect root zone.\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain.\"\n return 1\n fi\n\n _debug _node \"$_node\"\n _debug _domain_name \"$_domain_name\"\n\n _info \"Checking for TXT record.\"\n if ! _get_recordid \"$fulldomain\" \"$txtvalue\"; then\n _err \"Could not get TXT record id.\"\n return 1\n fi\n\n if [ \"$_dns_record_id\" = \"\" ]; then\n _err \"TXT record not found.\"\n return 1\n fi\n\n _info \"Removing TXT record.\"\n if ! _delete_txt_record \"$_dns_record_id\"; then\n _err \"Could not remove TXT record $_dns_record_id.\"\n fi\n\n return 0\n}\n\n######## Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _node=_acme-challenge.www\n# _domain_name=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _dynu_rest GET \"dns/getroot/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"domainName\\\":\\\"$h\\\"\" >/dev/null; then\n dnsId=$(printf \"%s\" \"$response\" | tr -d \"{}\" | cut -d , -f 2 | cut -d : -f 2)\n _domain_name=$h\n _node=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n\n}\n\n_get_recordid() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _dynu_rest GET \"dns/$dnsId/record\"; then\n return 1\n fi\n\n if ! _contains \"$response\" \"$txtvalue\"; then\n _dns_record_id=0\n return 0\n fi\n\n _dns_record_id=$(printf \"%s\" \"$response\" | sed -e 's/[^{]*\\({[^}]*}\\)[^{]*/\\1\\n/g' | grep \"\\\"textData\\\":\\\"$txtvalue\\\"\" | sed -e 's/.*\"id\":\\([^,]*\\).*/\\1/')\n return 0\n}\n\n_delete_txt_record() {\n _dns_record_id=$1\n\n if ! _dynu_rest DELETE \"dns/$dnsId/record/$_dns_record_id\"; then\n return 1\n fi\n\n if ! _contains \"$response\" \"200\"; then\n return 1\n fi\n\n return 0\n}\n\n_dynu_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Authorization: Bearer $Dynu_Token\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$data\" ] || [ \"$m\" = \"DELETE\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$Dynu_EndPoint/$ep\" \"\" \"$m\")\"\n else\n _info \"Getting $Dynu_EndPoint/$ep\"\n response=\"$(_get \"$Dynu_EndPoint/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n\n_dynu_authentication() {\n realm=\"$(printf \"%s\" \"$Dynu_ClientId:$Dynu_Secret\" | _base64)\"\n\n export _H1=\"Authorization: Basic $realm\"\n export _H2=\"Content-Type: application/json\"\n\n response=\"$(_get \"$Dynu_EndPoint/oauth2/token\")\"\n if [ \"$?\" != \"0\" ]; then\n _err \"Authentication failed.\"\n return 1\n fi\n if _contains \"$response\" \"Authentication Exception\"; then\n _err \"Authentication failed.\"\n return 1\n fi\n if _contains \"$response\" \"access_token\"; then\n Dynu_Token=$(printf \"%s\" \"$response\" | tr -d \"{}\" | cut -d , -f 1 | cut -d : -f 2 | cut -d '\"' -f 2)\n fi\n if _contains \"$Dynu_Token\" \"null\"; then\n Dynu_Token=\"\"\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_dynv6.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_dynv6_info='DynV6.com\nSite: DynV6.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dynv6\nOptions:\n DYNV6_TOKEN REST API token. Get from https://DynV6.com/keys\nOptionsAlt:\n KEY Path to SSH private key file. E.g. \"/root/.ssh/dynv6\"\nIssues: github.com/acmesh-official/acme.sh/issues/2702\nAuthor: @StefanAbl\n'\n\ndynv6_api=\"https://dynv6.com/api/v2\"\n######## Public functions #####################\n# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide\n#Usage: dns_dynv6_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_dynv6_add() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=\"$2\"\n _info \"Using dynv6 api\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _get_authentication\n if [ \"$dynv6_token\" ]; then\n _dns_dynv6_add_http\n return $?\n else\n _info \"using key file $dynv6_keyfile\"\n _your_hosts=\"$(ssh -i \"$dynv6_keyfile\" api@dynv6.com hosts)\"\n if ! _get_domain \"$fulldomain\" \"$_your_hosts\"; then\n _err \"Host not found on your account\"\n return 1\n fi\n _debug \"found host on your account\"\n returnval=\"$(ssh -i \"$dynv6_keyfile\" api@dynv6.com hosts \\\"\"$_host\"\\\" records set \\\"\"$_record\"\\\" txt data \\\"\"$txtvalue\"\\\")\"\n _debug \"Dynv6 returned this after record was added: $returnval\"\n if _contains \"$returnval\" \"created\"; then\n return 0\n elif _contains \"$returnval\" \"updated\"; then\n return 0\n else\n _err \"Something went wrong! it does not seem like the record was added successfully\"\n return 1\n fi\n fi\n\n}\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_dynv6_rm() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=\"$2\"\n _info \"Using dynv6 API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _get_authentication\n if [ \"$dynv6_token\" ]; then\n _dns_dynv6_rm_http\n return $?\n else\n _info \"using key file $dynv6_keyfile\"\n _your_hosts=\"$(ssh -i \"$dynv6_keyfile\" api@dynv6.com hosts)\"\n if ! _get_domain \"$fulldomain\" \"$_your_hosts\"; then\n _err \"Host not found on your account\"\n return 1\n fi\n _debug \"found host on your account\"\n _info \"$(ssh -i \"$dynv6_keyfile\" api@dynv6.com hosts \"\\\"$_host\\\"\" records del \"\\\"$_record\\\"\" txt)\"\n return 0\n fi\n}\n#################### Private functions below ##################################\n#Usage: No Input required\n#returns\n#dynv6_keyfile the path to the new key file that has been generated\n_generate_new_key() {\n dynv6_keyfile=\"$(eval echo ~\"$USER\")/.ssh/dynv6\"\n _info \"Path to key file used: $dynv6_keyfile\"\n if [ ! -f \"$dynv6_keyfile\" ] && [ ! -f \"$dynv6_keyfile.pub\" ]; then\n _debug \"generating key in $dynv6_keyfile and $dynv6_keyfile.pub\"\n ssh-keygen -f \"$dynv6_keyfile\" -t ssh-ed25519 -N ''\n else\n _err \"There is already a file in $dynv6_keyfile or $dynv6_keyfile.pub\"\n return 1\n fi\n}\n\n#Usage: _acme-challenge.www.example.dynv6.net \"$_your_hosts\"\n#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts\n#returns\n#_host= example.dynv6.net\n#_record=_acme-challenge.www\n#aborts if not a valid domain\n_get_domain() {\n #_your_hosts=\"$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)\"\n _full_domain=\"$1\"\n _your_hosts=\"$2\"\n\n _your_hosts=\"$(echo \"$_your_hosts\" | awk '/\\./ {print $1}')\"\n for l in $_your_hosts; do\n #echo \"host: $l\"\n if test \"${_full_domain#*\"$l\"}\" != \"$_full_domain\"; then\n _record=${_full_domain%.\"$l\"}\n _host=$l\n _debug \"The host is $_host and the record $_record\"\n return 0\n fi\n done\n _err \"Either there is no such host on your dynv6 account, or it cannot be accessed with this key\"\n return 1\n}\n\n# Usage: No input required\n#returns\n#dynv6_keyfile path to the key that will be used\n_get_authentication() {\n dynv6_token=\"${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}\"\n if [ \"$dynv6_token\" ]; then\n _debug \"Found HTTP Token. Going to use the HTTP API and not the SSH API\"\n if [ \"$DYNV6_TOKEN\" ]; then\n _saveaccountconf_mutable dynv6_token \"$dynv6_token\"\n fi\n else\n _debug \"no HTTP token found. Looking for an SSH key\"\n dynv6_keyfile=\"${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}\"\n _debug \"Your key is $dynv6_keyfile\"\n if [ -z \"$dynv6_keyfile\" ]; then\n if [ -z \"$KEY\" ]; then\n _err \"You did not specify a key to use with dynv6\"\n _info \"Creating new dynv6 API key to add to dynv6.com\"\n _generate_new_key\n _info \"Please add this key to dynv6.com $(cat \"$dynv6_keyfile.pub\")\"\n _info \"Hit Enter to continue\"\n read -r _\n #save the credentials to the account conf file.\n else\n dynv6_keyfile=\"$KEY\"\n fi\n _saveaccountconf_mutable dynv6_keyfile \"$dynv6_keyfile\"\n fi\n fi\n}\n\n_dns_dynv6_add_http() {\n _debug \"Got HTTP token form _get_authentication method. Going to use the HTTP API\"\n if ! _get_zone_id \"$fulldomain\"; then\n _err \"Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone\"\n return 1\n fi\n _get_zone_name \"$_zone_id\"\n record=${fulldomain%%.\"$_zone_name\"}\n _set_record TXT \"$record\" \"$txtvalue\"\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Successfully added record\"\n return 0\n else\n _err \"Something went wrong while adding the record\"\n return 1\n fi\n}\n\n_dns_dynv6_rm_http() {\n _debug \"Got HTTP token form _get_authentication method. Going to use the HTTP API\"\n if ! _get_zone_id \"$fulldomain\"; then\n _err \"Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone\"\n return 1\n fi\n _get_zone_name \"$_zone_id\"\n record=${fulldomain%%.\"$_zone_name\"}\n _get_record_id \"$_zone_id\" \"$record\" \"$txtvalue\"\n _del_record \"$_zone_id\" \"$_record_id\"\n if [ -z \"$response\" ]; then\n _info \"Successfully deleted record\"\n return 0\n else\n _err \"Something went wrong while deleting the record\"\n return 1\n fi\n}\n\n#Usage: _get_zone_id $record\n#get the zoneid for a specifc record or zone\n#where $record is the record to get the id for\n#returns _zone_id the id of the zone\n_get_zone_id() {\n record=\"$1\"\n _debug \"getting zone id for $record\"\n _dynv6_rest GET zones\n\n zones=\"$(echo \"$response\" | tr '}' '\\n' | tr ',' '\\n' | grep name | sed 's/\\[//g' | tr -d '{' | tr -d '\"')\"\n\n selected=\"\"\n for z in $zones; do\n z=\"${z#name:}\"\n _debug zone: \"$z\"\n if _contains \"$record\" \"$z\"; then\n _debug \"$z found in $record\"\n selected=\"$z\"\n fi\n done\n if [ -z \"$selected\" ]; then\n _err \"no zone found\"\n return 1\n fi\n\n zone_id=\"$(echo \"$response\" | tr '}' '\\n' | grep \"$selected\" | tr ',' '\\n' | grep '\"id\":' | tr -d '\"')\"\n _zone_id=\"${zone_id#id:}\"\n _debug \"zone id: $_zone_id\"\n}\n\n_get_zone_name() {\n _zone_id=\"$1\"\n _dynv6_rest GET zones/\"$_zone_id\"\n _zone_name=\"$(echo \"$response\" | tr ',' '\\n' | tr -d '{' | grep name | tr -d '\"')\"\n _zone_name=\"${_zone_name#name:}\"\n}\n\n#usage _get_record_id $zone_id $record\n# where zone_id is the value returned by _get_zone_id\n# and record is in the form _acme.www for an fqdn of _acme.www.example.com\n# returns _record_id\n_get_record_id() {\n _zone_id=\"$1\"\n record=\"$2\"\n value=\"$3\"\n _dynv6_rest GET \"zones/$_zone_id/records\"\n if ! _get_record_id_from_response \"$response\"; then\n _err \"no such record $record found in zone $_zone_id\"\n return 1\n fi\n}\n\n_get_record_id_from_response() {\n response=\"$1\"\n _record_id=\"$(echo \"$response\" | tr '}' '\\n' | grep \"\\\"name\\\":\\\"$record\\\"\" | grep \"\\\"data\\\":\\\"$value\\\"\" | tr ',' '\\n' | grep '\"id\":' | tr -d '\"' | tr -d 'id:' | tr -d '{')\"\n if [ -z \"$_record_id\" ]; then\n _err \"no such record: $record found in zone $_zone_id\"\n return 1\n fi\n _debug \"record id: $_record_id\"\n return 0\n}\n#usage: _set_record TXT _acme_challenge.www longvalue 12345678\n#zone id is optional can also be set as vairable bevor calling this method\n_set_record() {\n type=\"$1\"\n record=\"$2\"\n value=\"$3\"\n if [ \"$4\" ]; then\n _zone_id=\"$4\"\n fi\n data=\"{\\\"name\\\": \\\"$record\\\", \\\"data\\\": \\\"$value\\\", \\\"type\\\": \\\"$type\\\"}\"\n #data='{ \"name\": \"acme.test.thorn.dynv6.net\", \"type\": \"A\", \"data\": \"192.168.0.1\"}'\n echo \"$data\"\n #\"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$fulldomain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":120}\"\n _dynv6_rest POST \"zones/$_zone_id/records\" \"$data\"\n}\n_del_record() {\n _zone_id=$1\n _record_id=$2\n _dynv6_rest DELETE zones/\"$_zone_id\"/records/\"$_record_id\"\n}\n\n_dynv6_rest() {\n m=$1 #method GET,POST,DELETE or PUT\n ep=\"$2\" #the endpoint\n data=\"$3\"\n _debug \"$ep\"\n\n token_trimmed=$(echo \"$dynv6_token\" | tr -d '\"')\n\n export _H1=\"Authorization: Bearer $token_trimmed\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$dynv6_api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$dynv6_api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_easydns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_easydns_info='easyDNS.net\nSite: easyDNS.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_easydns\nOptions:\n EASYDNS_Token API Token\n EASYDNS_Key API Key\nIssues: github.com/acmesh-official/acme.sh/issues/2647\nAuthor: @Neilpang, wurzelpanzer \n'\n\n# API Documentation: https://sandbox.rest.easydns.net:3001/\n\n#################### Public functions #################\n\n#EASYDNS_Key=\"xxxxxxxxxxxxxxxxxxxxxxxx\"\n#EASYDNS_Token=\"xxxxxxxxxxxxxxxxxxxxxxxx\"\nEASYDNS_Api=\"https://rest.easydns.net\"\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_easydns_add() {\n fulldomain=$1\n txtvalue=$2\n\n EASYDNS_Token=\"${EASYDNS_Token:-$(_readaccountconf_mutable EASYDNS_Token)}\"\n EASYDNS_Key=\"${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}\"\n\n if [ -z \"$EASYDNS_Token\" ] || [ -z \"$EASYDNS_Key\" ]; then\n _err \"You didn't specify an easydns.net token or api key. Signup at https://cp.easydns.com/manage/security/api/signup.php\"\n return 1\n else\n _saveaccountconf_mutable EASYDNS_Token \"$EASYDNS_Token\"\n _saveaccountconf_mutable EASYDNS_Key \"$EASYDNS_Key\"\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _EASYDNS_rest GET \"zones/records/all/${_domain}/search/${_sub_domain}\"\n\n if ! printf \"%s\" \"$response\" | grep \\\"status\\\":200 >/dev/null; then\n _err \"Error\"\n return 1\n fi\n\n _info \"Adding record\"\n if _EASYDNS_rest PUT \"zones/records/add/$_domain/TXT\" \"{\\\"host\\\":\\\"$_sub_domain\\\",\\\"rdata\\\":\\\"$txtvalue\\\"}\"; then\n if _contains \"$response\" \"\\\"status\\\":201\"; then\n _info \"Added, OK\"\n return 0\n elif _contains \"$response\" \"Record already exists\"; then\n _info \"Already exists, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n\n}\n\ndns_easydns_rm() {\n fulldomain=$1\n txtvalue=$2\n\n EASYDNS_Token=\"${EASYDNS_Token:-$(_readaccountconf_mutable EASYDNS_Token)}\"\n EASYDNS_Key=\"${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _EASYDNS_rest GET \"zones/records/all/${_domain}/search/${_sub_domain}\"\n\n if ! printf \"%s\" \"$response\" | grep \\\"status\\\":200 >/dev/null; then\n _err \"Error\"\n return 1\n fi\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"count\\\":[^,]*\" | cut -d : -f 2)\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n record_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \\\" | head -n 1)\n _debug \"record_id\" \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if ! _EASYDNS_rest DELETE \"zones/records/$_domain/$record_id\"; then\n _err \"Delete record error.\"\n return 1\n fi\n _contains \"$response\" \"\\\"status\\\":200\"\n fi\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=1\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _EASYDNS_rest GET \"zones/records/all/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"status\\\":200\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_EASYDNS_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n basicauth=$(printf \"%s\" \"$EASYDNS_Token\":\"$EASYDNS_Key\" | _base64)\n\n export _H1=\"accept: application/json\"\n if [ \"$basicauth\" ]; then\n export _H2=\"Authorization: Basic $basicauth\"\n fi\n\n if [ \"$m\" != \"GET\" ]; then\n export _H3=\"Content-Type: application/json\"\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$EASYDNS_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$EASYDNS_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_edgecenter.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_edgecenter_info='EdgeCenter.ru\nSite: EdgeCenter.ru\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgecenter\nOptions:\n EDGECENTER_API_KEY API Key\nIssues: github.com/acmesh-official/acme.sh/issues/6313\nAuthor: Konstantin Ruchev \n'\n\nEDGECENTER_API=\"https://api.edgecenter.ru\"\nDOMAIN_TYPE=\nDOMAIN_MASTER=\n\n######## Public functions #####################\n\n#Usage: dns_edgecenter_add _acme-challenge.www.domain.com \"TXT_RECORD_VALUE\"\ndns_edgecenter_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Using EdgeCenter DNS API\"\n\n if ! _dns_edgecenter_init_check; then\n return 1\n fi\n\n _debug \"Detecting root zone for $fulldomain\"\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n\n subdomain=\"${fulldomain%.\"$_zone\"}\"\n subdomain=${subdomain%.}\n\n _debug \"Zone: $_zone\"\n _debug \"Subdomain: $subdomain\"\n _debug \"TXT value: $txtvalue\"\n\n payload='{\"resource_records\": [ { \"content\": [\"'\"$txtvalue\"'\"] } ], \"ttl\": 60 }'\n _dns_edgecenter_http_api_call \"post\" \"dns/v2/zones/$_zone/$subdomain.$_zone/txt\" \"$payload\"\n\n if _contains \"$response\" '\"error\":\"rrset is already exists\"'; then\n _debug \"RRSet exists, merging values\"\n _dns_edgecenter_http_api_call \"get\" \"dns/v2/zones/$_zone/$subdomain.$_zone/txt\"\n current=\"$response\"\n newlist=\"\"\n for v in $(echo \"$current\" | sed -n 's/.*\"content\":\\[\"\\([^\"]*\\)\"\\].*/\\1/p'); do\n newlist=\"$newlist {\\\"content\\\":[\\\"$v\\\"]},\"\n done\n newlist=\"$newlist{\\\"content\\\":[\\\"$txtvalue\\\"]}\"\n putdata=\"{\\\"resource_records\\\":[${newlist}]}\n\"\n _dns_edgecenter_http_api_call \"put\" \"dns/v2/zones/$_zone/$subdomain.$_zone/txt\" \"$putdata\"\n _info \"Updated existing RRSet with new TXT value.\"\n return 0\n fi\n\n if _contains \"$response\" '\"exception\":'; then\n _err \"Record cannot be added.\"\n return 1\n fi\n\n _info \"TXT record added successfully.\"\n return 0\n}\n\n#Usage: dns_edgecenter_rm _acme-challenge.www.domain.com \"TXT_RECORD_VALUE\"\ndns_edgecenter_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Removing TXT record for $fulldomain\"\n\n if ! _dns_edgecenter_init_check; then\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n\n subdomain=\"${fulldomain%.\"$_zone\"}\"\n subdomain=${subdomain%.}\n\n _dns_edgecenter_http_api_call \"delete\" \"dns/v2/zones/$_zone/$subdomain.$_zone/txt\"\n\n if [ -z \"$response\" ]; then\n _info \"TXT record deleted successfully.\"\n else\n _info \"TXT record may not have been deleted: $response\"\n fi\n return 0\n}\n\n#################### Private functions below ##################################\n\n_dns_edgecenter_init_check() {\n EDGECENTER_API_KEY=\"${EDGECENTER_API_KEY:-$(_readaccountconf_mutable EDGECENTER_API_KEY)}\"\n if [ -z \"$EDGECENTER_API_KEY\" ]; then\n _err \"EDGECENTER_API_KEY was not exported.\"\n return 1\n fi\n\n _saveaccountconf_mutable EDGECENTER_API_KEY \"$EDGECENTER_API_KEY\"\n export _H1=\"Authorization: APIKey $EDGECENTER_API_KEY\"\n\n _dns_edgecenter_http_api_call \"get\" \"dns/v2/clients/me/features\"\n if ! _contains \"$response\" '\"id\":'; then\n _err \"Invalid API key.\"\n return 1\n fi\n return 0\n}\n\n_get_root() {\n domain=\"$1\"\n i=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-)\n if [ -z \"$h\" ]; then\n return 1\n fi\n _dns_edgecenter_http_api_call \"get\" \"dns/v2/zones/$h\"\n if ! _contains \"$response\" 'zone is not found'; then\n _zone=\"$h\"\n return 0\n fi\n i=$((i + 1))\n done\n return 1\n}\n\n_dns_edgecenter_http_api_call() {\n mtd=\"$1\"\n endpoint=\"$2\"\n data=\"$3\"\n\n export _H1=\"Authorization: APIKey $EDGECENTER_API_KEY\"\n\n case \"$mtd\" in\n get)\n response=\"$(_get \"$EDGECENTER_API/$endpoint\")\"\n ;;\n post)\n response=\"$(_post \"$data\" \"$EDGECENTER_API/$endpoint\")\"\n ;;\n delete)\n response=\"$(_post \"\" \"$EDGECENTER_API/$endpoint\" \"\" \"DELETE\")\"\n ;;\n put)\n response=\"$(_post \"$data\" \"$EDGECENTER_API/$endpoint\" \"\" \"PUT\")\"\n ;;\n *)\n _err \"Unknown HTTP method $mtd\"\n return 1\n ;;\n esac\n\n _debug \"HTTP $mtd response: $response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_edgedns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_edgedns_info='Akamai.com Edge DNS\nSite: techdocs.Akamai.com/edge-dns/reference/edge-dns-api\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgedns\nOptions: Specify individual credentials\n AKAMAI_HOST Host\n AKAMAI_ACCESS_TOKEN Access token\n AKAMAI_CLIENT_TOKEN Client token\n AKAMAI_CLIENT_SECRET Client secret\nIssues: github.com/acmesh-official/acme.sh/issues/3157\n'\n\n# Akamai Edge DNS v2 API\n# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to\n# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization\n\n# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support\n\n# *** TBD. NOT IMPLEMENTED YET ***\n# Specify Edgegrid credentials file and section.\n# AKAMAI_EDGERC Edge RC. Full file path\n# AKAMAI_EDGERC_SECTION Edge RC Section. E.g. \"default\"\n\nACME_EDGEDNS_VERSION=\"0.1.0\"\n\n######## Public functions #####################\n\n# Usage: dns_edgedns_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\n#\ndns_edgedns_add() {\n fulldomain=$1\n txtvalue=$2\n _debug \"ENTERING DNS_EDGEDNS_ADD\"\n _debug2 \"fulldomain\" \"$fulldomain\"\n _debug2 \"txtvalue\" \"$txtvalue\"\n\n if ! _EDGEDNS_credentials; then\n _err \"$@\"\n return 1\n fi\n if ! _EDGEDNS_getZoneInfo \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _debug2 \"Add: zone\" \"$zone\"\n acmeRecordURI=$(printf \"%s/%s/names/%s/types/TXT\" \"$edge_endpoint\" \"$zone\" \"$fulldomain\")\n _debug3 \"Add URL\" \"$acmeRecordURI\"\n # Get existing TXT record\n _edge_result=$(_edgedns_rest GET \"$acmeRecordURI\")\n _api_status=\"$?\"\n _debug3 \"_edge_result\" \"$_edge_result\"\n if [ \"$_api_status\" -ne 0 ]; then\n if [ \"$curResult\" = \"FATAL\" ]; then\n _err \"$(printf \"Fatal error: acme API function call : %s\" \"$retVal\")\"\n fi\n if [ \"$_edge_result\" != \"404\" ]; then\n _err \"$(printf \"Failure accessing Akamai Edge DNS API Server. Error: %s\" \"$_edge_result\")\"\n return 1\n fi\n fi\n rdata=\"\\\"${txtvalue}\\\"\"\n record_op=\"POST\"\n if [ \"$_api_status\" -eq 0 ]; then\n # record already exists. Get existing record data and update\n record_op=\"PUT\"\n rdlist=\"${_edge_result#*\\\"rdata\\\":[}\"\n rdlist=\"${rdlist%%]*}\"\n rdlist=$(echo \"$rdlist\" | tr -d '\"' | tr -d \"\\\\\\\\\")\n _debug3 \"existing TXT found\"\n _debug3 \"record data\" \"$rdlist\"\n # value already there?\n if _contains \"$rdlist\" \"$txtvalue\"; then\n return 0\n fi\n _txt_val=\"\"\n while [ \"$_txt_val\" != \"$rdlist\" ] && [ \"${rdlist}\" ]; do\n _txt_val=\"${rdlist%%,*}\"\n rdlist=\"${rdlist#*,}\"\n rdata=\"${rdata},\\\"${_txt_val}\\\"\"\n done\n fi\n # Add the txtvalue TXT Record\n body=\"{\\\"name\\\":\\\"$fulldomain\\\",\\\"type\\\":\\\"TXT\\\",\\\"ttl\\\":600, \\\"rdata\\\":\"[${rdata}]\"}\"\n _debug3 \"Add body '${body}'\"\n _edge_result=$(_edgedns_rest \"$record_op\" \"$acmeRecordURI\" \"$body\")\n _api_status=\"$?\"\n if [ \"$_api_status\" -eq 0 ]; then\n _log \"$(printf \"Text value %s added to recordset %s\" \"$txtvalue\" \"$fulldomain\")\"\n return 0\n else\n _err \"$(printf \"error adding TXT record for validation. Error: %s\" \"$_edge_result\")\"\n return 1\n fi\n}\n\n# Usage: dns_edgedns_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to delete txt record\n#\ndns_edgedns_rm() {\n fulldomain=$1\n txtvalue=$2\n _debug \"ENTERING DNS_EDGEDNS_RM\"\n _debug2 \"fulldomain\" \"$fulldomain\"\n _debug2 \"txtvalue\" \"$txtvalue\"\n\n if ! _EDGEDNS_credentials; then\n _err \"$@\"\n return 1\n fi\n if ! _EDGEDNS_getZoneInfo \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n _debug2 \"RM: zone\" \"${zone}\"\n acmeRecordURI=$(printf \"%s/%s/names/%s/types/TXT\" \"${edge_endpoint}\" \"$zone\" \"$fulldomain\")\n _debug3 \"RM URL\" \"$acmeRecordURI\"\n # Get existing TXT record\n _edge_result=$(_edgedns_rest GET \"$acmeRecordURI\")\n _api_status=\"$?\"\n if [ \"$_api_status\" -ne 0 ]; then\n if [ \"$curResult\" = \"FATAL\" ]; then\n _err \"$(printf \"Fatal error: acme API function call : %s\" \"$retVal\")\"\n fi\n if [ \"$_edge_result\" != \"404\" ]; then\n _err \"$(printf \"Failure accessing Akamai Edge DNS API Server. Error: %s\" \"$_edge_result\")\"\n return 1\n fi\n fi\n _debug3 \"_edge_result\" \"$_edge_result\"\n record_op=\"DELETE\"\n body=\"\"\n if [ \"$_api_status\" -eq 0 ]; then\n # record already exists. Get existing record data and update\n rdlist=\"${_edge_result#*\\\"rdata\\\":[}\"\n rdlist=\"${rdlist%%]*}\"\n rdlist=$(echo \"$rdlist\" | tr -d '\"' | tr -d \"\\\\\\\\\")\n _debug3 \"rdlist\" \"$rdlist\"\n if [ -n \"$rdlist\" ]; then\n record_op=\"PUT\"\n comma=\"\"\n rdata=\"\"\n _txt_val=\"\"\n while [ \"$_txt_val\" != \"$rdlist\" ] && [ \"$rdlist\" ]; do\n _txt_val=\"${rdlist%%,*}\"\n rdlist=\"${rdlist#*,}\"\n _debug3 \"_txt_val\" \"$_txt_val\"\n _debug3 \"txtvalue\" \"$txtvalue\"\n if ! _contains \"$_txt_val\" \"$txtvalue\"; then\n rdata=\"${rdata}${comma}\\\"${_txt_val}\\\"\"\n comma=\",\"\n fi\n done\n if [ -z \"$rdata\" ]; then\n record_op=\"DELETE\"\n else\n # Recreate the txtvalue TXT Record\n body=\"{\\\"name\\\":\\\"$fulldomain\\\",\\\"type\\\":\\\"TXT\\\",\\\"ttl\\\":600, \\\"rdata\\\":\"[${rdata}]\"}\"\n _debug3 \"body\" \"$body\"\n fi\n fi\n fi\n _edge_result=$(_edgedns_rest \"$record_op\" \"$acmeRecordURI\" \"$body\")\n _api_status=\"$?\"\n if [ \"$_api_status\" -eq 0 ]; then\n _log \"$(printf \"Text value %s removed from recordset %s\" \"$txtvalue\" \"$fulldomain\")\"\n return 0\n else\n _err \"$(printf \"error removing TXT record for validation. Error: %s\" \"$_edge_result\")\"\n return 1\n fi\n}\n\n#################### Private functions below ##################################\n\n_EDGEDNS_credentials() {\n _debug \"GettingEdge DNS credentials\"\n _log \"$(printf \"ACME DNSAPI Edge DNS version %s\" ${ACME_EDGEDNS_VERSION})\"\n args_missing=0\n AKAMAI_ACCESS_TOKEN=\"${AKAMAI_ACCESS_TOKEN:-$(_readaccountconf_mutable AKAMAI_ACCESS_TOKEN)}\"\n if [ -z \"$AKAMAI_ACCESS_TOKEN\" ]; then\n AKAMAI_ACCESS_TOKEN=\"\"\n AKAMAI_CLIENT_TOKEN=\"\"\n AKAMAI_HOST=\"\"\n AKAMAI_CLIENT_SECRET=\"\"\n _err \"AKAMAI_ACCESS_TOKEN is missing\"\n args_missing=1\n fi\n AKAMAI_CLIENT_TOKEN=\"${AKAMAI_CLIENT_TOKEN:-$(_readaccountconf_mutable AKAMAI_CLIENT_TOKEN)}\"\n if [ -z \"$AKAMAI_CLIENT_TOKEN\" ]; then\n AKAMAI_ACCESS_TOKEN=\"\"\n AKAMAI_CLIENT_TOKEN=\"\"\n AKAMAI_HOST=\"\"\n AKAMAI_CLIENT_SECRET=\"\"\n _err \"AKAMAI_CLIENT_TOKEN is missing\"\n args_missing=1\n fi\n AKAMAI_HOST=\"${AKAMAI_HOST:-$(_readaccountconf_mutable AKAMAI_HOST)}\"\n if [ -z \"$AKAMAI_HOST\" ]; then\n AKAMAI_ACCESS_TOKEN=\"\"\n AKAMAI_CLIENT_TOKEN=\"\"\n AKAMAI_HOST=\"\"\n AKAMAI_CLIENT_SECRET=\"\"\n _err \"AKAMAI_HOST is missing\"\n args_missing=1\n fi\n AKAMAI_CLIENT_SECRET=\"${AKAMAI_CLIENT_SECRET:-$(_readaccountconf_mutable AKAMAI_CLIENT_SECRET)}\"\n if [ -z \"$AKAMAI_CLIENT_SECRET\" ]; then\n AKAMAI_ACCESS_TOKEN=\"\"\n AKAMAI_CLIENT_TOKEN=\"\"\n AKAMAI_HOST=\"\"\n AKAMAI_CLIENT_SECRET=\"\"\n _err \"AKAMAI_CLIENT_SECRET is missing\"\n args_missing=1\n fi\n\n if [ \"$args_missing\" = 1 ]; then\n _err \"You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again.\"\n return 1\n else\n _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN \"$AKAMAI_ACCESS_TOKEN\"\n _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN \"$AKAMAI_CLIENT_TOKEN\"\n _saveaccountconf_mutable AKAMAI_HOST \"$AKAMAI_HOST\"\n _saveaccountconf_mutable AKAMAI_CLIENT_SECRET \"$AKAMAI_CLIENT_SECRET\"\n # Set whether curl should use secure or insecure mode\n fi\n export HTTPS_INSECURE=0 # All Edgegrid API calls are secure\n edge_endpoint=$(printf \"https://%s/config-dns/v2/zones\" \"$AKAMAI_HOST\")\n _debug3 \"Edge API Endpoint:\" \"$edge_endpoint\"\n\n}\n\n_EDGEDNS_getZoneInfo() {\n _debug \"Getting Zoneinfo\"\n zoneEnd=false\n curZone=$1\n while [ -n \"$zoneEnd\" ]; do\n # we can strip the first part of the fulldomain, since its just the _acme-challenge string\n curZone=\"${curZone#*.}\"\n # suffix . needed for zone -> domain.tld.\n # create zone get url\n get_zone_url=$(printf \"%s/%s\" \"$edge_endpoint\" \"$curZone\")\n _debug3 \"Zone Get: \" \"${get_zone_url}\"\n curResult=$(_edgedns_rest GET \"$get_zone_url\")\n retVal=$?\n if [ \"$retVal\" -ne 0 ]; then\n if [ \"$curResult\" = \"FATAL\" ]; then\n _err \"$(printf \"Fatal error: acme API function call : %s\" \"$retVal\")\"\n fi\n if [ \"$curResult\" != \"404\" ]; then\n _err \"$(printf \"Managed zone validation failed. Error response: %s\" \"$retVal\")\"\n return 1\n fi\n fi\n if _contains \"$curResult\" \"\\\"zone\\\":\"; then\n _debug2 \"Zone data\" \"${curResult}\"\n zone=$(echo \"${curResult}\" | _egrep_o \"\\\"zone\\\"\\\\s*:\\\\s*\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \"\\\"\")\n _debug3 \"Zone\" \"${zone}\"\n zoneEnd=\"\"\n return 0\n fi\n\n if [ \"${curZone#*.}\" != \"$curZone\" ]; then\n _debug3 \"$(printf \"%s still contains a '.' - so we can check next higher level\" \"$curZone\")\"\n else\n zoneEnd=true\n _err \"Couldn't retrieve zone data.\"\n return 1\n fi\n done\n _err \"Failed to retrieve zone data.\"\n return 2\n}\n\n_edgedns_headers=\"\"\n\n_edgedns_rest() {\n _debug \"Handling API Request\"\n m=$1\n # Assume endpoint is complete path, including query args if applicable\n ep=$2\n body_data=$3\n _edgedns_content_type=\"\"\n _request_url_path=\"$ep\"\n _request_body=\"$body_data\"\n _request_method=\"$m\"\n _edgedns_headers=\"\"\n tab=\"\"\n _edgedns_headers=\"${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}\"\n tab=\"\\t\"\n # Set in acme.sh _post/_get\n #_edgedns_headers=\"${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}\"\n _edgedns_headers=\"${_edgedns_headers}${tab}Accept: application/json,*/*\"\n if [ \"$m\" != \"GET\" ] && [ \"$m\" != \"DELETE\" ]; then\n _edgedns_content_type=\"application/json\"\n _debug3 \"_request_body\" \"$_request_body\"\n _body_len=$(echo \"$_request_body\" | tr -d \"\\n\\r\" | awk '{print length}')\n _edgedns_headers=\"${_edgedns_headers}${tab}Content-Length: ${_body_len}\"\n fi\n _edgedns_make_auth_header\n _edgedns_headers=\"${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}\"\n _secure_debug2 \"Made Auth Header\" \"$_signed_auth_header\"\n hdr_indx=1\n work_header=\"${_edgedns_headers}${tab}\"\n _debug3 \"work_header\" \"$work_header\"\n while [ \"$work_header\" ]; do\n entry=\"${work_header%%\\\\t*}\"\n work_header=\"${work_header#*\\\\t}\"\n export \"$(printf \"_H%s=%s\" \"$hdr_indx\" \"$entry\")\"\n _debug2 \"Request Header \" \"$entry\"\n hdr_indx=$((hdr_indx + 1))\n done\n\n # clear headers from previous request to avoid getting wrong http code on timeouts\n : >\"$HTTP_HEADER\"\n _debug2 \"$ep\"\n if [ \"$m\" != \"GET\" ]; then\n _debug3 \"Method data\" \"$data\"\n # body url [needbase64] [POST|PUT|DELETE] [ContentType]\n response=$(_post \"$_request_body\" \"$ep\" false \"$m\" \"$_edgedns_content_type\")\n else\n response=$(_get \"$ep\")\n fi\n _ret=\"$?\"\n if [ \"$_ret\" -ne 0 ]; then\n _err \"$(printf \"acme.sh API function call failed. Error: %s\" \"$_ret\")\"\n echo \"FATAL\"\n return \"$_ret\"\n fi\n _debug2 \"response\" \"${response}\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug2 \"http response code\" \"$_code\"\n if [ \"$_code\" = \"200\" ] || [ \"$_code\" = \"201\" ]; then\n # All good\n response=\"$(echo \"${response}\" | _normalizeJson)\"\n echo \"$response\"\n return 0\n fi\n\n if [ \"$_code\" = \"204\" ]; then\n # Success, no body\n echo \"$_code\"\n return 0\n fi\n\n if [ \"$_code\" = \"400\" ]; then\n _err \"Bad request presented\"\n _log \"$(printf \"Headers: %s\" \"$_edgedns_headers\")\"\n _log \"$(printf \"Method: %s\" \"$_request_method\")\"\n _log \"$(printf \"URL: %s\" \"$ep\")\"\n _log \"$(printf \"Data: %s\" \"$data\")\"\n fi\n\n if [ \"$_code\" = \"403\" ]; then\n _err \"access denied make sure your Edgegrid cedentials are correct.\"\n fi\n\n echo \"$_code\"\n return 1\n}\n\n_edgedns_eg_timestamp() {\n _debug \"Generating signature Timestamp\"\n _debug3 \"Retriving ntp time\"\n _timeheaders=\"$(_get \"https://www.ntp.org\" \"onlyheader\")\"\n _debug3 \"_timeheaders\" \"$_timeheaders\"\n _ntpdate=\"$(echo \"$_timeheaders\" | grep -i \"Date:\" | _head_n 1 | cut -d ':' -f 2- | tr -d \"\\r\\n\")\"\n _debug3 \"_ntpdate\" \"$_ntpdate\"\n _ntpdate=\"$(echo \"${_ntpdate}\" | sed -e 's/^[[:space:]]*//')\"\n _debug3 \"_NTPDATE\" \"$_ntpdate\"\n _ntptime=\"$(echo \"${_ntpdate}\" | _head_n 1 | cut -d \" \" -f 5 | tr -d \"\\r\\n\")\"\n _debug3 \"_ntptime\" \"$_ntptime\"\n _eg_timestamp=$(date -u \"+%Y%m%dT\")\n _eg_timestamp=\"$(printf \"%s%s+0000\" \"$_eg_timestamp\" \"$_ntptime\")\"\n _debug \"_eg_timestamp\" \"$_eg_timestamp\"\n}\n\n_edgedns_new_nonce() {\n _debug \"Generating Nonce\"\n _nonce=$(echo \"EDGEDNS$(_time)\" | _digest sha1 hex | cut -c 1-32)\n _debug3 \"_nonce\" \"$_nonce\"\n}\n\n_edgedns_make_auth_header() {\n _debug \"Constructing Auth Header\"\n _edgedns_new_nonce\n _edgedns_eg_timestamp\n # \"Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'\"\n _auth_header=\"$(printf \"EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;\" \"$AKAMAI_CLIENT_TOKEN\" \"$AKAMAI_ACCESS_TOKEN\" \"$_eg_timestamp\" \"$_nonce\")\"\n _secure_debug2 \"Unsigned Auth Header: \" \"$_auth_header\"\n\n _edgedns_sign_request\n _signed_auth_header=\"$(printf \"%ssignature=%s\" \"$_auth_header\" \"$_signed_req\")\"\n _secure_debug2 \"Signed Auth Header: \" \"${_signed_auth_header}\"\n}\n\n_edgedns_sign_request() {\n _debug2 \"Signing http request\"\n _edgedns_make_data_to_sign \"$_auth_header\"\n _secure_debug2 \"Returned signed data\" \"$_mdata\"\n _edgedns_make_signing_key \"$_eg_timestamp\"\n _edgedns_base64_hmac_sha256 \"$_mdata\" \"$_signing_key\"\n _signed_req=\"$_hmac_out\"\n _secure_debug2 \"Signed Request\" \"$_signed_req\"\n}\n\n_edgedns_make_signing_key() {\n _debug2 \"Creating sigining key\"\n ts=$1\n _edgedns_base64_hmac_sha256 \"$ts\" \"$AKAMAI_CLIENT_SECRET\"\n _signing_key=\"$_hmac_out\"\n _secure_debug2 \"Signing Key\" \"$_signing_key\"\n\n}\n\n_edgedns_make_data_to_sign() {\n _debug2 \"Processing data to sign\"\n hdr=$1\n _secure_debug2 \"hdr\" \"$hdr\"\n _edgedns_make_content_hash\n path=\"$(echo \"$_request_url_path\" | tr -d \"\\n\\r\" | sed 's/https\\?:\\/\\///')\"\n path=${path#*\"$AKAMAI_HOST\"}\n _debug \"hier path\" \"$path\"\n # dont expose headers to sign so use MT string\n _mdata=\"$(printf \"%s\\thttps\\t%s\\t%s\\t%s\\t%s\\t%s\" \"$_request_method\" \"$AKAMAI_HOST\" \"$path\" \"\" \"$_hash\" \"$hdr\")\"\n _secure_debug2 \"Data to Sign\" \"$_mdata\"\n}\n\n_edgedns_make_content_hash() {\n _debug2 \"Generating content hash\"\n _hash=\"\"\n _debug2 \"Request method\" \"${_request_method}\"\n if [ \"$_request_method\" != \"POST\" ] || [ -z \"$_request_body\" ]; then\n return 0\n fi\n _debug2 \"Req body\" \"$_request_body\"\n _edgedns_base64_sha256 \"$_request_body\"\n _hash=\"$_sha256_out\"\n _debug2 \"Content hash\" \"$_hash\"\n}\n\n_edgedns_base64_hmac_sha256() {\n _debug2 \"Generating hmac\"\n data=$1\n key=$2\n encoded_data=\"$(echo \"$data\" | iconv -t utf-8)\"\n encoded_key=\"$(echo \"$key\" | iconv -t utf-8)\"\n _secure_debug2 \"encoded data\" \"$encoded_data\"\n _secure_debug2 \"encoded key\" \"$encoded_key\"\n\n encoded_key_hex=$(printf \"%s\" \"$encoded_key\" | _hex_dump | tr -d ' ')\n data_sig=\"$(echo \"$encoded_data\" | tr -d \"\\n\\r\" | _hmac sha256 \"$encoded_key_hex\" | _base64)\"\n\n _secure_debug2 \"data_sig:\" \"$data_sig\"\n _hmac_out=\"$(echo \"$data_sig\" | tr -d \"\\n\\r\" | iconv -f utf-8)\"\n _secure_debug2 \"hmac\" \"$_hmac_out\"\n}\n\n_edgedns_base64_sha256() {\n _debug2 \"Creating sha256 digest\"\n trg=$1\n _secure_debug2 \"digest data\" \"$trg\"\n digest=\"$(echo \"$trg\" | tr -d \"\\n\\r\" | _digest \"sha256\")\"\n _sha256_out=\"$(echo \"$digest\" | tr -d \"\\n\\r\" | iconv -f utf-8)\"\n _secure_debug2 \"digest decode\" \"$_sha256_out\"\n}\n\n#_edgedns_parse_edgerc() {\n# filepath=$1\n# section=$2\n#}\n"
},
{
"path": "dnsapi/dns_efficientip.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_efficientip_info='efficientip.com\nSite: https://efficientip.com/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_efficientip\nOptions:\n EfficientIP_Creds HTTP Basic Authentication credentials. E.g. \"username:password\"\n EfficientIP_Server EfficientIP SOLIDserver Management IP address or FQDN.\n EfficientIP_DNS_Name Name of the DNS smart or server hosting the zone. Optional.\n EfficientIP_View Name of the DNS view hosting the zone. Optional.\nOptionsAlt:\n EfficientIP_Token_Key Alternative API token key, prefered over basic authentication.\n EfficientIP_Token_Secret Alternative API token secret, required when using a token key.\n EfficientIP_Server EfficientIP SOLIDserver Management IP address or FQDN.\n EfficientIP_DNS_Name Name of the DNS smart or server hosting the zone. Optional.\n EfficientIP_View Name of the DNS view hosting the zone. Optional.\nIssues: github.com/acmesh-official/acme.sh/issues/6325\nAuthor: EfficientIP-Labs \n'\n\ndns_efficientip_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using EfficientIP API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if { [ -z \"${EfficientIP_Creds}\" ] && { [ -z \"${EfficientIP_Token_Key}\" ] || [ -z \"${EfficientIP_Token_Secret}\" ]; }; } || [ -z \"${EfficientIP_Server}\" ]; then\n EfficientIP_Creds=\"\"\n EfficientIP_Token_Key=\"\"\n EfficientIP_Token_Secret=\"\"\n EfficientIP_Server=\"\"\n _err \"You didn't specify any EfficientIP credentials or token or server (EfficientIP_Creds; EfficientIP_Token_Key; EfficientIP_Token_Secret; EfficientIP_Server).\"\n _err \"Please set them via EXPORT EfficientIP_Creds=username:password or EXPORT EfficientIP_server=ip/hostname\"\n _err \"or if you want to use Token instead EXPORT EfficientIP_Token_Key=yourkey\"\n _err \"and EXPORT EfficientIP_Token_Secret=yoursecret\"\n _err \"then try again.\"\n return 1\n fi\n\n if [ -z \"${EfficientIP_DNS_Name}\" ]; then\n EfficientIP_DNS_Name=\"\"\n fi\n\n EfficientIP_DNSNameEncoded=$(printf \"%b\" \"${EfficientIP_DNS_Name}\" | _url_encode)\n\n if [ -z \"${EfficientIP_View}\" ]; then\n EfficientIP_View=\"\"\n fi\n\n EfficientIP_ViewEncoded=$(printf \"%b\" \"${EfficientIP_View}\" | _url_encode)\n\n _saveaccountconf EfficientIP_Creds \"${EfficientIP_Creds}\"\n _saveaccountconf EfficientIP_Token_Key \"${EfficientIP_Token_Key}\"\n _saveaccountconf EfficientIP_Token_Secret \"${EfficientIP_Token_Secret}\"\n _saveaccountconf EfficientIP_Server \"${EfficientIP_Server}\"\n _saveaccountconf EfficientIP_DNS_Name \"${EfficientIP_DNS_Name}\"\n _saveaccountconf EfficientIP_View \"${EfficientIP_View}\"\n\n export _H1=\"Accept-Language:en-US\"\n baseurlnObject=\"https://${EfficientIP_Server}/rest/dns_rr_add?rr_type=TXT&rr_ttl=300&rr_name=${fulldomain}&rr_value1=${txtvalue}\"\n\n if [ \"${EfficientIP_DNSNameEncoded}\" != \"\" ]; then\n baseurlnObject=\"${baseurlnObject}&dns_name=${EfficientIP_DNSNameEncoded}\"\n fi\n\n if [ \"${EfficientIP_ViewEncoded}\" != \"\" ]; then\n baseurlnObject=\"${baseurlnObject}&dnsview_name=${EfficientIP_ViewEncoded}\"\n fi\n\n if [ -z \"${EfficientIP_Token_Secret}\" ] || [ -z \"${EfficientIP_Token_Key}\" ]; then\n EfficientIP_CredsEncoded=$(printf \"%b\" \"${EfficientIP_Creds}\" | _base64)\n export _H2=\"Authorization: Basic ${EfficientIP_CredsEncoded}\"\n else\n TS=$(date +%s)\n Sig=$(printf \"%b\\n$TS\\nPOST\\n$baseurlnObject\" \"${EfficientIP_Token_Secret}\" | _digest sha3-256 hex)\n EfficientIP_CredsEncoded=$(printf \"%b:%b\" \"${EfficientIP_Token_Key}\" \"$Sig\")\n export _H2=\"Authorization: SDS ${EfficientIP_CredsEncoded}\"\n export _H3=\"X-SDS-TS: ${TS}\"\n fi\n\n result=\"$(_post \"\" \"${baseurlnObject}\" \"\" \"POST\")\"\n\n if [ \"$(echo \"${result}\" | _egrep_o \"ret_oid\")\" ]; then\n _info \"DNS record successfully created\"\n return 0\n else\n _err \"Error creating DNS record\"\n _err \"${result}\"\n return 1\n fi\n}\n\ndns_efficientip_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using EfficientIP API\"\n _debug fulldomain \"${fulldomain}\"\n _debug txtvalue \"${txtvalue}\"\n\n EfficientIP_ViewEncoded=$(printf \"%b\" \"${EfficientIP_View}\" | _url_encode)\n EfficientIP_DNSNameEncoded=$(printf \"%b\" \"${EfficientIP_DNS_Name}\" | _url_encode)\n EfficientIP_CredsEncoded=$(printf \"%b\" \"${EfficientIP_Creds}\" | _base64)\n\n export _H1=\"Accept-Language:en-US\"\n\n baseurlnObject=\"https://${EfficientIP_Server}/rest/dns_rr_delete?rr_type=TXT&rr_name=$fulldomain&rr_value1=$txtvalue\"\n if [ \"${EfficientIP_DNSNameEncoded}\" != \"\" ]; then\n baseurlnObject=\"${baseurlnObject}&dns_name=${EfficientIP_DNSNameEncoded}\"\n fi\n\n if [ \"${EfficientIP_ViewEncoded}\" != \"\" ]; then\n baseurlnObject=\"${baseurlnObject}&dnsview_name=${EfficientIP_ViewEncoded}\"\n fi\n\n if [ -z \"$EfficientIP_Token_Secret\" ] || [ -z \"$EfficientIP_Token_Key\" ]; then\n EfficientIP_CredsEncoded=$(printf \"%b\" \"${EfficientIP_Creds}\" | _base64)\n export _H2=\"Authorization: Basic $EfficientIP_CredsEncoded\"\n else\n TS=$(date +%s)\n Sig=$(printf \"%b\\n$TS\\nDELETE\\n${baseurlnObject}\" \"${EfficientIP_Token_Secret}\" | _digest sha3-256 hex)\n EfficientIP_CredsEncoded=$(printf \"%b:%b\" \"${EfficientIP_Token_Key}\" \"$Sig\")\n export _H2=\"Authorization: SDS ${EfficientIP_CredsEncoded}\"\n export _H3=\"X-SDS-TS: $TS\"\n fi\n\n result=\"$(_post \"\" \"${baseurlnObject}\" \"\" \"DELETE\")\"\n\n if [ \"$(echo \"${result}\" | _egrep_o \"ret_oid\")\" ]; then\n _info \"DNS Record successfully deleted\"\n return 0\n else\n _err \"Error deleting DNS record\"\n _err \"${result}\"\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_euserv.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_euserv_info='EUserv.com\nDomains: EUserv.eu\nSite: EUserv.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_euserv\nOptions:\n EUSERV_Username Username\n EUSERV_Password Password\nAuthor: Michael Brueckner\n'\n\nEUSERV_Api=\"https://api.euserv.net\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_euserv_add() {\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=$2\n\n EUSERV_Username=\"${EUSERV_Username:-$(_readaccountconf_mutable EUSERV_Username)}\"\n EUSERV_Password=\"${EUSERV_Password:-$(_readaccountconf_mutable EUSERV_Password)}\"\n if [ -z \"$EUSERV_Username\" ] || [ -z \"$EUSERV_Password\" ]; then\n EUSERV_Username=\"\"\n EUSERV_Password=\"\"\n _err \"You don't specify euserv user and password yet.\"\n _err \"Please create your key and try again.\"\n return 1\n fi\n\n #save the user and email to the account conf file.\n _saveaccountconf_mutable EUSERV_Username \"$EUSERV_Username\"\n _saveaccountconf_mutable EUSERV_Password \"$EUSERV_Password\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug \"_sub_domain\" \"$_sub_domain\"\n _debug \"_domain\" \"$_domain\"\n _info \"Adding record\"\n if ! _euserv_add_record \"$_domain\" \"$_sub_domain\" \"$txtvalue\"; then\n return 1\n fi\n\n}\n\n#fulldomain txtvalue\ndns_euserv_rm() {\n\n fulldomain=\"$(echo \"$1\" | _lower_case)\"\n txtvalue=$2\n\n EUSERV_Username=\"${EUSERV_Username:-$(_readaccountconf_mutable EUSERV_Username)}\"\n EUSERV_Password=\"${EUSERV_Password:-$(_readaccountconf_mutable EUSERV_Password)}\"\n if [ -z \"$EUSERV_Username\" ] || [ -z \"$EUSERV_Password\" ]; then\n EUSERV_Username=\"\"\n EUSERV_Password=\"\"\n _err \"You don't specify euserv user and password yet.\"\n _err \"Please create your key and try again.\"\n return 1\n fi\n\n #save the user and email to the account conf file.\n _saveaccountconf_mutable EUSERV_Username \"$EUSERV_Username\"\n _saveaccountconf_mutable EUSERV_Password \"$EUSERV_Password\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug \"_sub_domain\" \"$_sub_domain\"\n _debug \"_domain\" \"$_domain\"\n\n _debug \"Getting txt records\"\n\n xml_content=$(printf '\n \n domain.dns_get_active_records\n \n \n \n \n \n login\n \n %s\n \n \n \n password\n \n %s\n \n \n \n domain_id\n \n %s\n \n \n \n \n \n \n ' \"$EUSERV_Username\" \"$EUSERV_Password\" \"$_euserv_domain_id\")\n\n export _H1=\"Content-Type: text/xml\"\n response=\"$(_post \"$xml_content\" \"$EUSERV_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"status100\"; then\n _err \"Error could not get txt records\"\n _debug \"xml_content\" \"$xml_content\"\n _debug \"response\" \"$response\"\n return 1\n fi\n\n if ! echo \"$response\" | grep '>dns_record_content<.*>'\"$txtvalue\"'<' >/dev/null; then\n _info \"Do not need to delete record\"\n else\n # find XML block where txtvalue is in. The record_id is allways prior this line!\n _endLine=$(echo \"$response\" | grep -n '>dns_record_content<.*>'\"$txtvalue\"'<' | cut -d ':' -f 1)\n # record_id is the last Tag with a number before the row _endLine, identified by \n _record_id=$(echo \"$response\" | sed -n '1,'\"$_endLine\"'p' | grep '
' | _tail_n 1 | sed 's/.*\\([0-9]*\\)<\\/name>.*/\\1/')\n _info \"Deleting record\"\n _euserv_delete_record \"$_record_id\"\n fi\n\n}\n\n#################### Private functions below ##################################\n\n_get_root() {\n domain=$1\n _debug \"get root\"\n\n # Just to read the domain_orders once\n\n domain=$1\n i=2\n p=1\n\n if ! _euserv_get_domain_orders; then\n return 1\n fi\n\n # Get saved response with domain_orders\n response=\"$_euserv_domain_orders\"\n\n while true; do\n h=$(echo \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"$h\"; then\n _sub_domain=$(echo \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n if ! _euserv_get_domain_id \"$_domain\"; then\n _err \"invalid domain\"\n return 1\n fi\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n_euserv_get_domain_orders() {\n # returns: _euserv_domain_orders\n\n _debug \"get domain_orders\"\n\n xml_content=$(printf '\n \n domain.get_domain_orders\n \n \n \n \n \n login\n %s\n \n \n password\n %s\n \n \n \n \n \n ' \"$EUSERV_Username\" \"$EUSERV_Password\")\n\n export _H1=\"Content-Type: text/xml\"\n response=\"$(_post \"$xml_content\" \"$EUSERV_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"status100\"; then\n _err \"Error could not get domain orders\"\n _debug \"xml_content\" \"$xml_content\"\n _debug \"response\" \"$response\"\n return 1\n fi\n\n # save response to reduce API calls\n _euserv_domain_orders=\"$response\"\n return 0\n}\n\n_euserv_get_domain_id() {\n # returns: _euserv_domain_id\n domain=$1\n _debug \"get domain_id\"\n\n # find line where the domain name is within the $response\n _startLine=$(echo \"$_euserv_domain_orders\" | grep -n '>domain_name<.*>'\"$domain\"'<' | cut -d ':' -f 1)\n # next occurency of domain_id after the domain_name is the correct one\n _euserv_domain_id=$(echo \"$_euserv_domain_orders\" | sed -n \"$_startLine\"',$p' | grep '>domain_id<' | _head_n 1 | sed 's/.*\\([0-9]*\\)<\\/i4>.*/\\1/')\n\n if [ -z \"$_euserv_domain_id\" ]; then\n _err \"Could not find domain_id for domain $domain\"\n _debug \"_euserv_domain_orders\" \"$_euserv_domain_orders\"\n return 1\n fi\n\n return 0\n}\n\n_euserv_delete_record() {\n record_id=$1\n xml_content=$(printf '\n \n domain.dns_delete_record\n \n \n \n \n \n login\n \n %s\n \n \n \n password\n \n %s\n \n \n \n dns_record_id\n \n %s\n \n \n \n \n \n \n ' \"$EUSERV_Username\" \"$EUSERV_Password\" \"$record_id\")\n\n export _H1=\"Content-Type: text/xml\"\n response=\"$(_post \"$xml_content\" \"$EUSERV_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"status100\"; then\n _err \"Error deleting record\"\n _debug \"xml_content\" \"$xml_content\"\n _debug \"response\" \"$response\"\n return 1\n fi\n\n return 0\n\n}\n\n_euserv_add_record() {\n domain=$1\n sub_domain=$2\n txtval=$3\n\n xml_content=$(printf '\n \n domain.dns_create_record\n \n \n \n \n \n login\n \n %s\n \n \n \n password\n \n %s\n \n \n domain_id\n \n %s\n \n \n \n dns_record_subdomain\n \n %s\n \n \n \n dns_record_type\n \n TXT\n \n \n \n dns_record_value\n \n %s\n \n \n \n dns_record_ttl\n \n 300\n \n \n \n \n \n \n ' \"$EUSERV_Username\" \"$EUSERV_Password\" \"$_euserv_domain_id\" \"$sub_domain\" \"$txtval\")\n\n export _H1=\"Content-Type: text/xml\"\n response=\"$(_post \"$xml_content\" \"$EUSERV_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"status100\"; then\n _err \"Error could not create record\"\n _debug \"xml_content\" \"$xml_content\"\n _debug \"response\" \"$response\"\n return 1\n fi\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_exoscale.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_exoscale_info='Exoscale.com\nSite: Exoscale.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_exoscale\nOptions:\n EXOSCALE_API_KEY API Key\n EXOSCALE_SECRET_KEY API Secret key\n'\n\nEXOSCALE_API=\"https://api-ch-gva-2.exoscale.com/v2\"\n\n######## Public functions ########\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_exoscale_add() {\n fulldomain=$1\n txtvalue=$2\n\n _debug \"Using Exoscale DNS v2 API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if ! _check_auth; then\n return 1\n fi\n\n root_domain_id=$(_get_root_domain_id \"$fulldomain\")\n if [ -z \"$root_domain_id\" ]; then\n _err \"Unable to determine root domain ID for $fulldomain\"\n return 1\n fi\n _debug root_domain_id \"$root_domain_id\"\n\n # Always get the subdomain part first\n sub_domain=$(_get_sub_domain \"$fulldomain\" \"$root_domain_id\")\n _debug sub_domain \"$sub_domain\"\n\n # Build the record name properly\n if [ -z \"$sub_domain\" ]; then\n record_name=\"_acme-challenge\"\n else\n record_name=\"_acme-challenge.$sub_domain\"\n fi\n\n payload=$(printf '{\"name\":\"%s\",\"type\":\"TXT\",\"content\":\"%s\",\"ttl\":120}' \"$record_name\" \"$txtvalue\")\n _debug payload \"$payload\"\n\n response=$(_exoscale_rest POST \"/dns-domain/${root_domain_id}/record\" \"$payload\")\n if _contains \"$response\" \"\\\"id\\\"\"; then\n _info \"TXT record added successfully.\"\n return 0\n else\n _err \"Error adding TXT record: $response\"\n return 1\n fi\n}\n\ndns_exoscale_rm() {\n fulldomain=$1\n\n _debug \"Using Exoscale DNS v2 API for removal\"\n _debug fulldomain \"$fulldomain\"\n\n if ! _check_auth; then\n return 1\n fi\n\n root_domain_id=$(_get_root_domain_id \"$fulldomain\")\n if [ -z \"$root_domain_id\" ]; then\n _err \"Unable to determine root domain ID for $fulldomain\"\n return 1\n fi\n\n record_name=\"_acme-challenge\"\n sub_domain=$(_get_sub_domain \"$fulldomain\" \"$root_domain_id\")\n if [ -n \"$sub_domain\" ]; then\n record_name=\"_acme-challenge.$sub_domain\"\n fi\n\n record_id=$(_find_record_id \"$root_domain_id\" \"$record_name\")\n if [ -z \"$record_id\" ]; then\n _err \"TXT record not found for deletion.\"\n return 1\n fi\n\n response=$(_exoscale_rest DELETE \"/dns-domain/$root_domain_id/record/$record_id\")\n if _contains \"$response\" \"\\\"state\\\":\\\"success\\\"\"; then\n _info \"TXT record deleted successfully.\"\n return 0\n else\n _err \"Error deleting TXT record: $response\"\n return 1\n fi\n}\n\n######## Private helpers ########\n\n_check_auth() {\n EXOSCALE_API_KEY=\"${EXOSCALE_API_KEY:-$(_readaccountconf_mutable EXOSCALE_API_KEY)}\"\n EXOSCALE_SECRET_KEY=\"${EXOSCALE_SECRET_KEY:-$(_readaccountconf_mutable EXOSCALE_SECRET_KEY)}\"\n if [ -z \"$EXOSCALE_API_KEY\" ] || [ -z \"$EXOSCALE_SECRET_KEY\" ]; then\n _err \"EXOSCALE_API_KEY and EXOSCALE_SECRET_KEY must be set.\"\n return 1\n fi\n _saveaccountconf_mutable EXOSCALE_API_KEY \"$EXOSCALE_API_KEY\"\n _saveaccountconf_mutable EXOSCALE_SECRET_KEY \"$EXOSCALE_SECRET_KEY\"\n return 0\n}\n\n_get_root_domain_id() {\n domain=$1\n i=1\n while true; do\n candidate=$(printf \"%s\" \"$domain\" | cut -d . -f \"${i}-100\")\n [ -z \"$candidate\" ] && return 1\n _debug \"Trying root domain candidate: $candidate\"\n domains=$(_exoscale_rest GET \"/dns-domain\")\n # Extract from dns-domains array\n result=$(echo \"$domains\" | _egrep_o '\"dns-domains\":\\[.*\\]' | _egrep_o '\\{\"id\":\"[^\"]*\",\"created-at\":\"[^\"]*\",\"unicode-name\":\"[^\"]*\"\\}' | while read -r item; do\n name=$(echo \"$item\" | _egrep_o '\"unicode-name\":\"[^\"]*\"' | cut -d'\"' -f4)\n id=$(echo \"$item\" | _egrep_o '\"id\":\"[^\"]*\"' | cut -d'\"' -f4)\n if [ \"$name\" = \"$candidate\" ]; then\n echo \"$id\"\n break\n fi\n done)\n if [ -n \"$result\" ]; then\n echo \"$result\"\n return 0\n fi\n i=$(_math \"$i\" + 1)\n done\n}\n\n_get_sub_domain() {\n fulldomain=$1\n root_id=$2\n root_info=$(_exoscale_rest GET \"/dns-domain/$root_id\")\n _debug root_info \"$root_info\"\n root_name=$(echo \"$root_info\" | _egrep_o \"\\\"unicode-name\\\":\\\"[^\\\"]*\\\"\" | cut -d\\\" -f4)\n sub=${fulldomain%%.\"$root_name\"}\n\n if [ \"$sub\" = \"_acme-challenge\" ]; then\n echo \"\"\n else\n # Remove _acme-challenge. prefix to get the actual subdomain\n echo \"${sub#_acme-challenge.}\"\n fi\n}\n\n_find_record_id() {\n root_id=$1\n name=$2\n records=$(_exoscale_rest GET \"/dns-domain/$root_id/record\")\n\n # Convert search name to lowercase for case-insensitive matching\n name_lower=$(echo \"$name\" | tr '[:upper:]' '[:lower:]')\n\n echo \"$records\" | _egrep_o '\\{[^}]*\"name\":\"[^\"]*\"[^}]*\\}' | while read -r record; do\n record_name=$(echo \"$record\" | _egrep_o '\"name\":\"[^\"]*\"' | cut -d'\"' -f4)\n record_name_lower=$(echo \"$record_name\" | tr '[:upper:]' '[:lower:]')\n if [ \"$record_name_lower\" = \"$name_lower\" ]; then\n echo \"$record\" | _egrep_o '\"id\":\"[^\"]*\"' | _head_n 1 | cut -d'\"' -f4\n break\n fi\n done\n}\n\n_exoscale_sign() {\n k=$1\n shift\n hex_key=$(printf %b \"$k\" | _hex_dump | tr -d ' ')\n printf %s \"$@\" | _hmac sha256 \"$hex_key\"\n}\n\n_exoscale_rest() {\n method=$1\n path=$2\n data=$3\n\n url=\"${EXOSCALE_API}${path}\"\n expiration=$(_math \"$(date +%s)\" + 300) # 5m from now\n\n # Build the message with the actual body or empty line\n message=$(printf \"%s %s\\n%s\\n\\n\\n%s\" \"$method\" \"/v2$path\" \"$data\" \"$expiration\")\n signature=$(_exoscale_sign \"$EXOSCALE_SECRET_KEY\" \"$message\" | _base64)\n auth=\"EXO2-HMAC-SHA256 credential=${EXOSCALE_API_KEY},expires=${expiration},signature=${signature}\"\n\n _debug \"API request: $method $url\"\n _debug \"Signed message: [$message]\"\n _debug \"Authorization header: [$auth]\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Authorization: ${auth}\"\n\n if [ \"$data\" ] || [ \"$method\" = \"DELETE\" ]; then\n export _H3=\"Content-Type: application/json\"\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$url\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$url\" \"\" \"\" \"$method\")\"\n fi\n\n # shellcheck disable=SC2181\n if [ \"$?\" -ne 0 ]; then\n _err \"error $url\"\n return 1\n fi\n _debug2 response \"$response\"\n echo \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_fornex.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_fornex_info='Fornex.com\nSite: Fornex.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_fornex\nOptions:\n FORNEX_API_KEY API Key\nIssues: github.com/acmesh-official/acme.sh/issues/3998\nAuthor: Timur Umarov \n'\n\nFORNEX_API_URL=\"https://fornex.com/api\"\n\n######## Public functions #####################\n\n#Usage: dns_fornex_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_fornex_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _Fornex_API; then\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Unable to determine root domain\"\n return 1\n else\n _debug _domain \"$_domain\"\n fi\n\n _info \"Adding record\"\n if _rest POST \"dns/domain/$_domain/entry_set/\" \"{\\\"host\\\" : \\\"${fulldomain}\\\" , \\\"type\\\" : \\\"TXT\\\" , \\\"value\\\" : \\\"${txtvalue}\\\" , \\\"ttl\\\" : null}\"; then\n _debug _response \"$response\"\n _info \"Added, OK\"\n return 0\n fi\n _err \"Add txt record error.\"\n return 1\n}\n\n#Usage: dns_fornex_rm _acme-challenge.www.domain.com\ndns_fornex_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _Fornex_API; then\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Unable to determine root domain\"\n return 1\n else\n _debug _domain \"$_domain\"\n fi\n\n _debug \"Getting txt records\"\n _rest GET \"dns/domain/$_domain/entry_set?type=TXT&q=$fulldomain\"\n\n if ! _contains \"$response\" \"$txtvalue\"; then\n _err \"Txt record not found\"\n return 1\n fi\n\n _record_id=\"$(echo \"$response\" | _egrep_o \"\\{[^\\{]*\\\"value\\\"*:*\\\"$txtvalue\\\"[^\\}]*\\}\" | sed -n -e 's#.*\"id\":\\([0-9]*\\).*#\\1#p')\"\n _debug \"_record_id\" \"$_record_id\"\n if [ -z \"$_record_id\" ]; then\n _err \"can not find _record_id\"\n return 1\n fi\n\n if ! _rest DELETE \"dns/domain/$_domain/entry_set/$_record_id/\"; then\n _err \"Delete record error.\"\n return 1\n fi\n return 0\n}\n\n#################### Private functions below ##################################\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n\n i=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _rest GET \"dns/domain/?q=$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _domain=$h\n return 0\n else\n _debug \"$h not found\"\n fi\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n_Fornex_API() {\n FORNEX_API_KEY=\"${FORNEX_API_KEY:-$(_readaccountconf_mutable FORNEX_API_KEY)}\"\n if [ -z \"$FORNEX_API_KEY\" ]; then\n FORNEX_API_KEY=\"\"\n\n _err \"You didn't specify the Fornex API key yet.\"\n _err \"Please create your key and try again.\"\n\n return 1\n fi\n\n _saveaccountconf_mutable FORNEX_API_KEY \"$FORNEX_API_KEY\"\n}\n\n#method method action data\n_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Authorization: Api-Key $FORNEX_API_KEY\"\n export _H2=\"Content-Type: application/json\"\n export _H3=\"Accept: application/json\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$FORNEX_API_URL/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$FORNEX_API_URL/$ep\" | _normalizeJson)\"\n fi\n\n _ret=\"$?\"\n if [ \"$_ret\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_freedns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_freedns_info='FreeDNS\nSite: FreeDNS.afraid.org\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_freedns\nOptions:\n FREEDNS_User Username\n FREEDNS_Password Password\nIssues: github.com/acmesh-official/acme.sh/issues/2305\nAuthor: David Kerr <@dkerr64>\n'\n\n######## Public functions #####################\n\n# Export FreeDNS userid and password in following variables...\n# FREEDNS_User=username\n# FREEDNS_Password=password\n# login cookie is saved in acme account config file so userid / pw\n# need to be set only when changed.\n\n#Usage: dns_freedns_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_freedns_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Add TXT record using FreeDNS\"\n _debug \"fulldomain: $fulldomain\"\n _debug \"txtvalue: $txtvalue\"\n\n if [ -z \"$FREEDNS_User\" ] || [ -z \"$FREEDNS_Password\" ]; then\n FREEDNS_User=\"\"\n FREEDNS_Password=\"\"\n if [ -z \"$FREEDNS_COOKIE\" ]; then\n _err \"You did not specify the FreeDNS username and password yet.\"\n _err \"Please export as FREEDNS_User / FREEDNS_Password and try again.\"\n return 1\n fi\n using_cached_cookies=\"true\"\n else\n FREEDNS_COOKIE=\"$(_freedns_login \"$FREEDNS_User\" \"$FREEDNS_Password\")\"\n if [ -z \"$FREEDNS_COOKIE\" ]; then\n return 1\n fi\n using_cached_cookies=\"false\"\n fi\n\n _debug \"FreeDNS login cookies: $FREEDNS_COOKIE (cached = $using_cached_cookies)\"\n\n _saveaccountconf FREEDNS_COOKIE \"$FREEDNS_COOKIE\"\n\n # We may have to cycle through the domain name to find the\n # TLD that we own...\n i=1\n wmax=\"$(echo \"$fulldomain\" | tr '.' ' ' | wc -w)\"\n while [ \"$i\" -lt \"$wmax\" ]; do\n # split our full domain name into two parts...\n sub_domain=\"$(echo \"$fulldomain\" | cut -d. -f -\"$i\")\"\n i=\"$(_math \"$i\" + 1)\"\n top_domain=\"$(echo \"$fulldomain\" | cut -d. -f \"$i\"-100)\"\n _debug \"sub_domain: $sub_domain\"\n _debug \"top_domain: $top_domain\"\n\n DNSdomainid=\"$(_freedns_domain_id \"$top_domain\")\"\n if [ \"$?\" = \"0\" ]; then\n _info \"Domain $top_domain found at FreeDNS, domain_id $DNSdomainid\"\n break\n else\n _info \"Domain $top_domain not found at FreeDNS, try with next level of TLD\"\n fi\n done\n\n if [ -z \"$DNSdomainid\" ]; then\n # If domain ID is empty then something went wrong (top level\n # domain not found at FreeDNS).\n _err \"Domain $top_domain not found at FreeDNS\"\n return 1\n fi\n\n # Add in new TXT record with the value provided\n _debug \"Adding TXT record for $fulldomain, $txtvalue\"\n _freedns_add_txt_record \"$FREEDNS_COOKIE\" \"$DNSdomainid\" \"$sub_domain\" \"$txtvalue\"\n return $?\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_freedns_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Delete TXT record using FreeDNS\"\n _debug \"fulldomain: $fulldomain\"\n _debug \"txtvalue: $txtvalue\"\n\n # Need to read cookie from conf file again in case new value set\n # during login to FreeDNS when TXT record was created.\n FREEDNS_COOKIE=\"$(_readaccountconf \"FREEDNS_COOKIE\")\"\n _debug \"FreeDNS login cookies: $FREEDNS_COOKIE\"\n\n TXTdataid=\"$(_freedns_data_id \"$fulldomain\" \"TXT\")\"\n if [ \"$?\" != \"0\" ]; then\n _info \"Cannot delete TXT record for $fulldomain, record does not exist at FreeDNS\"\n return 1\n fi\n _debug \"Data ID's found, $TXTdataid\"\n\n # now we have one (or more) TXT record data ID's. Load the page\n # for that record and search for the record txt value. If match\n # then we can delete it.\n lines=\"$(echo \"$TXTdataid\" | wc -l)\"\n _debug \"Found $lines TXT data records for $fulldomain\"\n i=0\n while [ \"$i\" -lt \"$lines\" ]; do\n i=\"$(_math \"$i\" + 1)\"\n dataid=\"$(echo \"$TXTdataid\" | sed -n \"${i}p\")\"\n _debug \"$dataid\"\n\n htmlpage=\"$(_freedns_retrieve_data_page \"$FREEDNS_COOKIE\" \"$dataid\")\"\n if [ \"$?\" != \"0\" ]; then\n if [ \"$using_cached_cookies\" = \"true\" ]; then\n _err \"Has your FreeDNS username and password changed? If so...\"\n _err \"Please export as FREEDNS_User / FREEDNS_Password and try again.\"\n fi\n return 1\n fi\n\n echo \"$htmlpage\" | grep \"value=\\\""$txtvalue"\\\"\" >/dev/null\n if [ \"$?\" = \"0\" ]; then\n # Found a match... delete the record and return\n _info \"Deleting TXT record for $fulldomain, $txtvalue\"\n _freedns_delete_txt_record \"$FREEDNS_COOKIE\" \"$dataid\"\n return $?\n fi\n done\n\n # If we get this far we did not find a match\n # Not necessarily an error, but log anyway.\n _info \"Cannot delete TXT record for $fulldomain, $txtvalue. Does not exist at FreeDNS\"\n return 0\n}\n\n#################### Private functions below ##################################\n\n# usage: _freedns_login username password\n# print string \"cookie=value\" etc.\n# returns 0 success\n_freedns_login() {\n export _H1=\"Accept-Language:en-US\"\n username=\"$1\"\n password=\"$2\"\n url=\"https://freedns.afraid.org/zc.php?step=2\"\n\n _debug \"Login to FreeDNS as user $username\"\n\n htmlpage=\"$(_post \"username=$(printf '%s' \"$username\" | _url_encode)&password=$(printf '%s' \"$password\" | _url_encode)&submit=Login&action=auth\" \"$url\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"FreeDNS login failed for user $username bad RC from _post\"\n return 1\n fi\n\n cookies=\"$(grep -i '^Set-Cookie.*dns_cookie.*$' \"$HTTP_HEADER\" | _head_n 1 | tr -d \"\\r\\n\" | cut -d \" \" -f 2)\"\n\n # if cookies is not empty then logon successful\n if [ -z \"$cookies\" ]; then\n _debug3 \"htmlpage: $htmlpage\"\n _err \"FreeDNS login failed for user $username. Check $HTTP_HEADER file\"\n return 1\n fi\n\n printf \"%s\" \"$cookies\"\n return 0\n}\n\n# usage _freedns_retrieve_subdomain_page login_cookies\n# echo page retrieved (html)\n# returns 0 success\n_freedns_retrieve_subdomain_page() {\n export _H1=\"Cookie:$1\"\n export _H2=\"Accept-Language:en-US\"\n url=\"https://freedns.afraid.org/subdomain/\"\n\n _debug \"Retrieve subdomain page from FreeDNS\"\n\n htmlpage=\"$(_get \"$url\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"FreeDNS retrieve subdomains failed bad RC from _get\"\n return 1\n elif [ -z \"$htmlpage\" ]; then\n _err \"FreeDNS returned empty subdomain page\"\n return 1\n fi\n\n _debug3 \"htmlpage: $htmlpage\"\n\n printf \"%s\" \"$htmlpage\"\n return 0\n}\n\n# usage _freedns_retrieve_data_page login_cookies data_id\n# echo page retrieved (html)\n# returns 0 success\n_freedns_retrieve_data_page() {\n export _H1=\"Cookie:$1\"\n export _H2=\"Accept-Language:en-US\"\n data_id=\"$2\"\n url=\"https://freedns.afraid.org/subdomain/edit.php?data_id=$2\"\n\n _debug \"Retrieve data page for ID $data_id from FreeDNS\"\n\n htmlpage=\"$(_get \"$url\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"FreeDNS retrieve data page failed bad RC from _get\"\n return 1\n elif [ -z \"$htmlpage\" ]; then\n _err \"FreeDNS returned empty data page\"\n return 1\n fi\n\n _debug3 \"htmlpage: $htmlpage\"\n\n printf \"%s\" \"$htmlpage\"\n return 0\n}\n\n# usage _freedns_add_txt_record login_cookies domain_id subdomain value\n# returns 0 success\n_freedns_add_txt_record() {\n export _H1=\"Cookie:$1\"\n export _H2=\"Accept-Language:en-US\"\n domain_id=\"$2\"\n subdomain=\"$3\"\n value=\"$(printf '%s' \"$4\" | _url_encode)\"\n url=\"https://freedns.afraid.org/subdomain/save.php?step=2\"\n\n htmlpage=\"$(_post \"type=TXT&domain_id=$domain_id&subdomain=$subdomain&address=%22$value%22&send=Save%21\" \"$url\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"FreeDNS failed to add TXT record for $subdomain bad RC from _post\"\n return 1\n elif ! grep \"200 OK\" \"$HTTP_HEADER\" >/dev/null; then\n _debug3 \"htmlpage: $htmlpage\"\n _err \"FreeDNS failed to add TXT record for $subdomain. Check $HTTP_HEADER file\"\n return 1\n elif _contains \"$htmlpage\" \"security code was incorrect\"; then\n _debug3 \"htmlpage: $htmlpage\"\n _err \"FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code\"\n _err \"Note that you cannot use automatic DNS validation for FreeDNS public domains\"\n return 1\n fi\n\n _debug3 \"htmlpage: $htmlpage\"\n _info \"Added acme challenge TXT record for $fulldomain at FreeDNS\"\n return 0\n}\n\n# usage _freedns_delete_txt_record login_cookies data_id\n# returns 0 success\n_freedns_delete_txt_record() {\n export _H1=\"Cookie:$1\"\n export _H2=\"Accept-Language:en-US\"\n data_id=\"$2\"\n url=\"https://freedns.afraid.org/subdomain/delete2.php\"\n\n htmlheader=\"$(_get \"$url?data_id%5B%5D=$data_id&submit=delete+selected\" \"onlyheader\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"FreeDNS failed to delete TXT record for $data_id bad RC from _get\"\n return 1\n elif ! _contains \"$htmlheader\" \"200 OK\"; then\n _debug2 \"htmlheader: $htmlheader\"\n _err \"FreeDNS failed to delete TXT record $data_id\"\n return 1\n fi\n\n _info \"Deleted acme challenge TXT record for $fulldomain at FreeDNS\"\n return 0\n}\n\n# usage _freedns_domain_id domain_name\n# echo the domain_id if found\n# return 0 success\n_freedns_domain_id() {\n # Start by escaping the dots in the domain name\n search_domain=\"$(echo \"$1\" | sed 's/\\./\\\\./g')\"\n\n # Sometimes FreeDNS does not return the subdomain page but rather\n # returns a page regarding becoming a premium member. This usually\n # happens after a period of inactivity. Immediately trying again\n # returns the correct subdomain page. So, we will try twice to\n # load the page and obtain our domain ID\n attempts=2\n while [ \"$attempts\" -gt \"0\" ]; do\n attempts=\"$(_math \"$attempts\" - 1)\"\n\n htmlpage=\"$(_freedns_retrieve_subdomain_page \"$FREEDNS_COOKIE\")\"\n if [ \"$?\" != \"0\" ]; then\n if [ \"$using_cached_cookies\" = \"true\" ]; then\n _err \"Has your FreeDNS username and password changed? If so...\"\n _err \"Please export as FREEDNS_User / FREEDNS_Password and try again.\"\n fi\n return 1\n fi\n\n domain_id=\"$(echo \"$htmlpage\" | tr -d \" \\t\\r\\n\\v\\f\" | sed 's//@ /g' | tr '@' '\\n' |\n grep \"| $search_domain | \\|$search_domain(.*) | \" |\n sed -n 's/.*\\(edit\\.php?edit_domain_id=[0-9a-zA-Z]*\\).*/\\1/p' |\n cut -d = -f 2)\"\n # The above beauty extracts domain ID from the html page...\n # strip out all blank space and new lines. Then insert newlines\n # before each table row \n # search for the domain within each row (which may or may not have\n # a text string in brackets (.*) after it.\n # And finally extract the domain ID.\n if [ -n \"$domain_id\" ]; then\n printf \"%s\" \"$domain_id\"\n return 0\n fi\n _debug \"Domain $search_domain not found. Retry loading subdomain page ($attempts attempts remaining)\"\n done\n _debug \"Domain $search_domain not found after retry\"\n return 1\n}\n\n# usage _freedns_data_id domain_name record_type\n# echo the data_id(s) if found\n# return 0 success\n_freedns_data_id() {\n # Start by escaping the dots in the domain name\n search_domain=\"$(echo \"$1\" | sed 's/\\./\\\\./g')\"\n record_type=\"$2\"\n\n # Sometimes FreeDNS does not return the subdomain page but rather\n # returns a page regarding becoming a premium member. This usually\n # happens after a period of inactivity. Immediately trying again\n # returns the correct subdomain page. So, we will try twice to\n # load the page and obtain our domain ID\n attempts=2\n while [ \"$attempts\" -gt \"0\" ]; do\n attempts=\"$(_math \"$attempts\" - 1)\"\n\n htmlpage=\"$(_freedns_retrieve_subdomain_page \"$FREEDNS_COOKIE\")\"\n if [ \"$?\" != \"0\" ]; then\n if [ \"$using_cached_cookies\" = \"true\" ]; then\n _err \"Has your FreeDNS username and password changed? If so...\"\n _err \"Please export as FREEDNS_User / FREEDNS_Password and try again.\"\n fi\n return 1\n fi\n\n data_id=\"$(echo \"$htmlpage\" | tr -d \" \\t\\r\\n\\v\\f\" | sed 's/ /@ /g' | tr '@' '\\n' |\n grep \"$record_type\" |\n grep \"$search_domain\" |\n sed -n 's/.*\\(edit\\.php?data_id=[0-9a-zA-Z]*\\).*/\\1/p' |\n cut -d = -f 2)\"\n # The above beauty extracts data ID from the html page...\n # strip out all blank space and new lines. Then insert newlines\n # before each table row \n # search for the record type withing each row (e.g. TXT)\n # search for the domain within each row (which is within a \n # anchor. And finally extract the domain ID.\n if [ -n \"$data_id\" ]; then\n printf \"%s\" \"$data_id\"\n return 0\n fi\n _debug \"Domain $search_domain not found. Retry loading subdomain page ($attempts attempts remaining)\"\n done\n _debug \"Domain $search_domain not found after retry\"\n return 1\n}\n"
},
{
"path": "dnsapi/dns_freemyip.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_freemyip_info='FreeMyIP.com\nSite: FreeMyIP.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_freemyip\nOptions:\n FREEMYIP_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/6247\nAuthor: Recolic Keghart , @Giova96\n'\n\nFREEMYIP_DNS_API=\"https://freemyip.com/update?\"\n\n################ Public functions ################\n\n#Usage: dns_freemyip_add fulldomain txtvalue\ndns_freemyip_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Add TXT record $txtvalue for $fulldomain using freemyip.com api\"\n\n FREEMYIP_Token=\"${FREEMYIP_Token:-$(_readaccountconf_mutable FREEMYIP_Token)}\"\n if [ -z \"$FREEMYIP_Token\" ]; then\n FREEMYIP_Token=\"\"\n _err \"You don't specify FREEMYIP_Token yet.\"\n _err \"Please specify your token and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable FREEMYIP_Token \"$FREEMYIP_Token\"\n\n if _is_root_domain_published \"$fulldomain\"; then\n _err \"freemyip API don't allow you to set multiple TXT record for the same subdomain!\"\n _err \"You must apply certificate for only one domain at a time!\"\n _err \"====\"\n _err \"For example, aaa.yourdomain.freemyip.com and bbb.yourdomain.freemyip.com and yourdomain.freemyip.com ALWAYS share the same TXT record. They will overwrite each other if you apply multiple domain at the same time.\"\n _debug \"If you are testing this workflow in github pipeline or acmetest, please set TEST_DNS_NO_SUBDOMAIN=1 and TEST_DNS_NO_WILDCARD=1\"\n return 1\n fi\n\n # txtvalue must be url-encoded. But it's not necessary for acme txt value.\n _freemyip_get_until_ok \"${FREEMYIP_DNS_API}token=$FREEMYIP_Token&domain=$fulldomain&txt=$txtvalue\" 2>&1\n return $?\n}\n\n#Usage: dns_freemyip_rm fulldomain txtvalue\ndns_freemyip_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Delete TXT record $txtvalue for $fulldomain using freemyip.com api\"\n\n FREEMYIP_Token=\"${FREEMYIP_Token:-$(_readaccountconf_mutable FREEMYIP_Token)}\"\n if [ -z \"$FREEMYIP_Token\" ]; then\n FREEMYIP_Token=\"\"\n _err \"You don't specify FREEMYIP_Token yet.\"\n _err \"Please specify your token and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable FREEMYIP_Token \"$FREEMYIP_Token\"\n\n # Leave the TXT record as empty or \"null\" to delete the record.\n _freemyip_get_until_ok \"${FREEMYIP_DNS_API}token=$FREEMYIP_Token&domain=$fulldomain&txt=\" 2>&1\n return $?\n}\n\n################ Private functions below ################\n_get_root() {\n _fmi_d=\"$1\"\n\n echo \"$_fmi_d\" | rev | cut -d '.' -f 1-3 | rev\n}\n\n# There is random failure while calling freemyip API too fast. This function automatically retry until success.\n_freemyip_get_until_ok() {\n _fmi_url=\"$1\"\n for i in $(seq 1 8); do\n _debug \"HTTP GET freemyip.com API '$_fmi_url', retry $i/8...\"\n _get \"$_fmi_url\" | tee /dev/fd/2 | grep OK && return 0\n _sleep 1 # DO NOT send the request too fast\n done\n _err \"Failed to request freemyip API: $_fmi_url . Server does not say 'OK'\"\n return 1\n}\n\n# Verify in public dns if domain is already there.\n_is_root_domain_published() {\n _fmi_d=\"$1\"\n _webroot=\"$(_get_root \"$_fmi_d\")\"\n\n _info \"Verifying '\"\"$_fmi_d\"\"' freemyip webroot (\"\"$_webroot\"\") is not published yet\"\n for i in $(seq 1 3); do\n _debug \"'$_webroot' ns lookup, retry $i/3...\"\n if [ \"$(_ns_lookup \"$_fmi_d\" TXT)\" ]; then\n _debug \"'$_webroot' already has a TXT record published!\"\n return 0\n fi\n _sleep 10 # Give it some time to propagate the TXT record\n done\n return 1\n}\n"
},
{
"path": "dnsapi/dns_gandi_livedns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_gandi_livedns_info='Gandi.net LiveDNS\nSite: Gandi.net/domain/dns\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gandi_livedns\nOptions:\n GANDI_LIVEDNS_KEY API Key\nIssues: github.com/fcrozat/acme.sh\nAuthor: Frédéric Crozat , Dominik Röttsches \n'\n\n# Gandi LiveDNS v5 API\n# https://api.gandi.net/docs/livedns/\n# https://api.gandi.net/docs/authentication/ for token + apikey (deprecated) authentication\n# currently under beta\n\n######## Public functions #####################\n\nGANDI_LIVEDNS_API=\"https://api.gandi.net/v5/livedns\"\n\n#Usage: dns_gandi_livedns_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_gandi_livedns_add() {\n fulldomain=$1\n txtvalue=$2\n\n GANDI_LIVEDNS_KEY=\"${GANDI_LIVEDNS_KEY:-$(_readaccountconf_mutable GANDI_LIVEDNS_KEY)}\"\n GANDI_LIVEDNS_TOKEN=\"${GANDI_LIVEDNS_TOKEN:-$(_readaccountconf_mutable GANDI_LIVEDNS_TOKEN)}\"\n if [ -z \"$GANDI_LIVEDNS_KEY\" ] && [ -z \"$GANDI_LIVEDNS_TOKEN\" ]; then\n _err \"No Token or API key (deprecated) specified for Gandi LiveDNS.\"\n _err \"Create your token or key and export it as GANDI_LIVEDNS_KEY or GANDI_LIVEDNS_TOKEN respectively\"\n return 1\n fi\n\n # Keep only one secret in configuration\n if [ -n \"$GANDI_LIVEDNS_TOKEN\" ]; then\n _saveaccountconf_mutable GANDI_LIVEDNS_TOKEN \"$GANDI_LIVEDNS_TOKEN\"\n _clearaccountconf_mutable GANDI_LIVEDNS_KEY\n elif [ -n \"$GANDI_LIVEDNS_KEY\" ]; then\n _saveaccountconf_mutable GANDI_LIVEDNS_KEY \"$GANDI_LIVEDNS_KEY\"\n _clearaccountconf_mutable GANDI_LIVEDNS_TOKEN\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _debug domain \"$_domain\"\n _debug sub_domain \"$_sub_domain\"\n\n _dns_gandi_append_record \"$_domain\" \"$_sub_domain\" \"$txtvalue\"\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_gandi_livedns_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug fulldomain \"$fulldomain\"\n _debug domain \"$_domain\"\n _debug sub_domain \"$_sub_domain\"\n _debug txtvalue \"$txtvalue\"\n\n if ! _dns_gandi_existing_rrset_values \"$_domain\" \"$_sub_domain\"; then\n return 1\n fi\n _new_rrset_values=$(echo \"$_rrset_values\" | sed \"s/...$txtvalue...//g\")\n # Cleanup dangling commata.\n _new_rrset_values=$(echo \"$_new_rrset_values\" | sed \"s/, ,/ ,/g\")\n _new_rrset_values=$(echo \"$_new_rrset_values\" | sed \"s/, *\\]/\\]/g\")\n _new_rrset_values=$(echo \"$_new_rrset_values\" | sed \"s/\\[ *,/\\[/g\")\n _debug \"New rrset_values\" \"$_new_rrset_values\"\n\n _gandi_livedns_rest PUT \\\n \"domains/$_domain/records/$_sub_domain/TXT\" \\\n \"{\\\"rrset_ttl\\\": 300, \\\"rrset_values\\\": $_new_rrset_values}\" &&\n _contains \"$response\" '{\"message\":\"DNS Record Created\"}' &&\n _info \"Removing record $(__green \"success\")\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _gandi_livedns_rest GET \"domains/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" '\"code\": 401'; then\n _err \"$response\"\n return 1\n elif _contains \"$response\" '\"code\": 404'; then\n _debug \"$h not found\"\n else\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_dns_gandi_append_record() {\n domain=$1\n sub_domain=$2\n txtvalue=$3\n\n if _dns_gandi_existing_rrset_values \"$domain\" \"$sub_domain\"; then\n _debug \"Appending new value\"\n _rrset_values=$(echo \"$_rrset_values\" | sed \"s/\\\"]/\\\",\\\"$txtvalue\\\"]/\")\n else\n _debug \"Creating new record\" \"$_rrset_values\"\n _rrset_values=\"[\\\"$txtvalue\\\"]\"\n fi\n _debug new_rrset_values \"$_rrset_values\"\n _gandi_livedns_rest PUT \"domains/$_domain/records/$sub_domain/TXT\" \\\n \"{\\\"rrset_ttl\\\": 300, \\\"rrset_values\\\": $_rrset_values}\" &&\n _contains \"$response\" '{\"message\":\"DNS Record Created\"}' &&\n _info \"Adding record $(__green \"success\")\"\n}\n\n_dns_gandi_existing_rrset_values() {\n domain=$1\n sub_domain=$2\n if ! _gandi_livedns_rest GET \"domains/$domain/records/$sub_domain\"; then\n return 1\n fi\n if ! _contains \"$response\" '\"rrset_type\":\"TXT\"'; then\n _debug \"Does not have a _acme-challenge TXT record yet.\"\n return 1\n fi\n if _contains \"$response\" '\"rrset_values\":\\[\\]'; then\n _debug \"Empty rrset_values for TXT record, no previous TXT record.\"\n return 1\n fi\n _debug \"Already has TXT record.\"\n _rrset_values=$(echo \"$response\" | _egrep_o 'rrset_values.*\\[.*\\]' |\n _egrep_o '\\[\".*\\\"]')\n return 0\n}\n\n_gandi_livedns_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Content-Type: application/json\"\n\n if [ -n \"$GANDI_LIVEDNS_TOKEN\" ]; then\n export _H2=\"Authorization: Bearer $GANDI_LIVEDNS_TOKEN\"\n else\n export _H2=\"Authorization: Apikey $GANDI_LIVEDNS_KEY\"\n fi\n\n if [ \"$m\" = \"GET\" ]; then\n response=\"$(_get \"$GANDI_LIVEDNS_API/$ep\")\"\n else\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$GANDI_LIVEDNS_API/$ep\" \"\" \"$m\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_gcloud.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_gcloud_info='Google Cloud DNS\nSite: Cloud.Google.com/dns\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcloud\nOptions:\n CLOUDSDK_ACTIVE_CONFIG_NAME Active config name. E.g. \"default\"\nAuthor: Janos Lenart \n'\n\n######## Public functions #####################\n\n# Usage: dns_gcloud_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_gcloud_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using gcloud\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _dns_gcloud_find_zone || return $?\n\n # Add an extra RR\n _dns_gcloud_start_tr || return $?\n _dns_gcloud_get_rrdatas || return $?\n echo \"$rrdatas\" | _dns_gcloud_remove_rrs || return $?\n printf \"%s\\n%s\\n\" \"$rrdatas\" \"\\\"$txtvalue\\\"\" | grep -v '^$' | _dns_gcloud_add_rrs || return $?\n _dns_gcloud_execute_tr || return $?\n\n _info \"$fulldomain record added\"\n}\n\n# Usage: dns_gcloud_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Remove the txt record after validation.\ndns_gcloud_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using gcloud\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n _dns_gcloud_find_zone || return $?\n\n # Remove one RR\n _dns_gcloud_start_tr || return $?\n _dns_gcloud_get_rrdatas || return $?\n echo \"$rrdatas\" | _dns_gcloud_remove_rrs || return $?\n echo \"$rrdatas\" | grep -F -v -- \"\\\"$txtvalue\\\"\" | _dns_gcloud_add_rrs || return $?\n _dns_gcloud_execute_tr || return $?\n\n _info \"$fulldomain record removed\"\n}\n\n#################### Private functions below ##################################\n\n_dns_gcloud_start_tr() {\n if ! trd=$(mktemp -d); then\n _err \"_dns_gcloud_start_tr: failed to create temporary directory\"\n return 1\n fi\n tr=\"$trd/tr.yaml\"\n _debug tr \"$tr\"\n\n if ! gcloud dns record-sets transaction start \\\n --transaction-file=\"$tr\" \\\n --zone=\"$managedZone\"; then\n rm -r \"$trd\"\n _err \"_dns_gcloud_start_tr: failed to execute transaction\"\n return 1\n fi\n}\n\n_dns_gcloud_execute_tr() {\n if ! gcloud dns record-sets transaction execute \\\n --transaction-file=\"$tr\" \\\n --zone=\"$managedZone\"; then\n _debug tr \"$(cat \"$tr\")\"\n rm -r \"$trd\"\n _err \"_dns_gcloud_execute_tr: failed to execute transaction\"\n return 1\n fi\n rm -r \"$trd\"\n\n for i in $(seq 1 120); do\n if gcloud dns record-sets changes list \\\n --zone=\"$managedZone\" \\\n --filter='status != done' |\n grep -q '^.*'; then\n _info \"_dns_gcloud_execute_tr: waiting for transaction to be comitted ($i/120)...\"\n sleep 5\n else\n return 0\n fi\n done\n\n _err \"_dns_gcloud_execute_tr: transaction is still pending after 10 minutes\"\n rm -r \"$trd\"\n return 1\n}\n\n_dns_gcloud_remove_rrs() {\n if ! xargs -r gcloud dns record-sets transaction remove \\\n --name=\"$fulldomain.\" \\\n --ttl=\"$ttl\" \\\n --type=TXT \\\n --zone=\"$managedZone\" \\\n --transaction-file=\"$tr\" --; then\n _debug tr \"$(cat \"$tr\")\"\n rm -r \"$trd\"\n _err \"_dns_gcloud_remove_rrs: failed to remove RRs\"\n return 1\n fi\n}\n\n_dns_gcloud_add_rrs() {\n ttl=60\n if ! xargs -r gcloud dns record-sets transaction add \\\n --name=\"$fulldomain.\" \\\n --ttl=\"$ttl\" \\\n --type=TXT \\\n --zone=\"$managedZone\" \\\n --transaction-file=\"$tr\" --; then\n _debug tr \"$(cat \"$tr\")\"\n rm -r \"$trd\"\n _err \"_dns_gcloud_add_rrs: failed to add RRs\"\n return 1\n fi\n}\n\n_dns_gcloud_find_zone() {\n # Prepare a filter that matches zones that are suiteable for this entry.\n # For example, _acme-challenge.something.domain.com might need to go into something.domain.com or domain.com;\n # this function finds the longest postfix that has a managed zone.\n part=\"$fulldomain\"\n filter=\"dnsName=( \"\n while [ \"$part\" != \"\" ]; do\n filter=\"$filter$part. \"\n part=\"$(echo \"$part\" | sed 's/[^.]*\\.*//')\"\n done\n filter=\"$filter) AND visibility=public\"\n _debug filter \"$filter\"\n\n # List domains and find the zone with the deepest sub-domain (in case of some levels of delegation)\n if ! match=$(gcloud dns managed-zones list \\\n --format=\"value(name, dnsName)\" \\\n --filter=\"$filter\" |\n while read -r dnsName name; do\n printf \"%s\\t%s\\t%s\\n\" \"$(echo \"$name\" | awk -F\".\" '{print NF-1}')\" \"$dnsName\" \"$name\"\n done |\n sort -n -r | _head_n 1 | cut -f2,3 | grep '^.*'); then\n _err \"_dns_gcloud_find_zone: Can't find a matching managed zone! Perhaps wrong project or gcloud credentials?\"\n return 1\n fi\n\n dnsName=$(echo \"$match\" | cut -f2)\n _debug dnsName \"$dnsName\"\n managedZone=$(echo \"$match\" | cut -f1)\n _debug managedZone \"$managedZone\"\n}\n\n_dns_gcloud_get_rrdatas() {\n if ! rrdatas=$(gcloud dns record-sets list \\\n --zone=\"$managedZone\" \\\n --name=\"$fulldomain.\" \\\n --type=TXT \\\n --format=\"value(ttl,rrdatas)\"); then\n _err \"_dns_gcloud_get_rrdatas: Failed to list record-sets\"\n rm -r \"$trd\"\n return 1\n fi\n ttl=$(echo \"$rrdatas\" | cut -f1)\n # starting with version 353.0.0 gcloud seems to\n # separate records with a semicolon instead of commas\n # see also https://cloud.google.com/sdk/docs/release-notes#35300_2021-08-17\n rrdatas=$(echo \"$rrdatas\" | cut -f2 | sed 's/\"[,;]\"/\"\\n\"/g')\n}\n"
},
{
"path": "dnsapi/dns_gcore.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_gcore_info='Gcore.com\nSite: Gcore.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcore\nOptions:\n GCORE_Key API Key\nIssues: github.com/acmesh-official/acme.sh/issues/4460\n'\n\nGCORE_Api=\"https://api.gcore.com/dns/v2\"\nGCORE_Doc=\"https://api.gcore.com/docs/dns\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_gcore_add() {\n fulldomain=$1\n txtvalue=$2\n\n GCORE_Key=\"${GCORE_Key:-$(_readaccountconf_mutable GCORE_Key)}\"\n\n if [ -z \"$GCORE_Key\" ]; then\n GCORE_Key=\"\"\n _err \"You didn't specify a Gcore api key yet.\"\n _err \"You can get yours from here $GCORE_Doc\"\n return 1\n fi\n\n #save the api key to the account conf file.\n _saveaccountconf_mutable GCORE_Key \"$GCORE_Key\" \"base64\"\n\n _debug \"First detect the zone name\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _zone_name \"$_zone_name\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _gcore_rest GET \"zones/$_zone_name/$fulldomain/TXT\"\n payload=\"\"\n\n if echo \"$response\" | grep \"record is not found\" >/dev/null; then\n _info \"Record doesn't exists\"\n payload=\"{\\\"resource_records\\\":[{\\\"content\\\":[\\\"$txtvalue\\\"],\\\"enabled\\\":true}],\\\"ttl\\\":120}\"\n elif echo \"$response\" | grep \"$txtvalue\" >/dev/null; then\n _info \"Already exists, OK\"\n return 0\n elif echo \"$response\" | tr -d \" \" | grep \\\"name\\\":\\\"\"$fulldomain\"\\\",\\\"type\\\":\\\"TXT\\\" >/dev/null; then\n _info \"Record with mismatch txtvalue, try update it\"\n payload=$(echo \"$response\" | tr -d \" \" | sed 's/\"updated_at\":[0-9]\\+,//g' | sed 's/\"meta\":{}}]}/\"meta\":{}},{\"content\":['\\\"\"$txtvalue\"\\\"'],\"enabled\":true}]}/')\n fi\n\n # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so\n # we can not use updating anymore.\n # count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"count\\\":[^,]*\" | cut -d : -f 2)\n # _debug count \"$count\"\n # if [ \"$count\" = \"0\" ]; then\n _info \"Adding record\"\n if _gcore_rest PUT \"zones/$_zone_name/$fulldomain/TXT\" \"$payload\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n return 0\n elif _contains \"$response\" \"rrset is already exists\"; then\n _info \"Already exists, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n}\n\n#fulldomain txtvalue\ndns_gcore_rm() {\n fulldomain=$1\n txtvalue=$2\n\n GCORE_Key=\"${GCORE_Key:-$(_readaccountconf_mutable GCORE_Key)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _zone_name \"$_zone_name\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _gcore_rest GET \"zones/$_zone_name/$fulldomain/TXT\"\n\n if echo \"$response\" | grep \"record is not found\" >/dev/null; then\n _info \"No such txt recrod\"\n return 0\n fi\n\n if ! echo \"$response\" | tr -d \" \" | grep \\\"name\\\":\\\"\"$fulldomain\"\\\",\\\"type\\\":\\\"TXT\\\" >/dev/null; then\n _err \"Error: $response\"\n return 1\n fi\n\n if ! echo \"$response\" | tr -d \" \" | grep \\\"\"$txtvalue\"\\\" >/dev/null; then\n _info \"No such txt recrod\"\n return 0\n fi\n\n count=\"$(echo \"$response\" | grep -o \"content\" | wc -l)\"\n\n if [ \"$count\" = \"1\" ]; then\n if ! _gcore_rest DELETE \"zones/$_zone_name/$fulldomain/TXT\"; then\n _err \"Delete record error. $response\"\n return 1\n fi\n return 0\n fi\n\n payload=\"$(echo \"$response\" | tr -d \" \" | sed 's/\"updated_at\":[0-9]\\+,//g' | sed 's/{\"id\":[0-9]\\+,\"content\":\\[\"'\"$txtvalue\"'\"\\],\"enabled\":true,\"meta\":{}}//' | sed 's/\\[,/\\[/' | sed 's/,,/,/' | sed 's/,\\]/\\]/')\"\n if ! _gcore_rest PUT \"zones/$_zone_name/$fulldomain/TXT\" \"$payload\"; then\n _err \"Delete record error. $response\"\n fi\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.sub.domain.com\n#returns\n# _sub_domain=_acme-challenge.sub or _acme-challenge\n# _domain=domain.com\n# _zone_name=domain.com or sub.domain.com\n_get_root() {\n domain=$1\n i=1\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _gcore_rest GET \"zones/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\"; then\n _zone_name=$h\n if [ \"$_zone_name\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_gcore_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n key_trimmed=$(echo \"$GCORE_Key\" | tr -d '\"')\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: APIKey $key_trimmed\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$GCORE_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$GCORE_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_gd.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_gd_info='GoDaddy.com\nSite: GoDaddy.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gd\nOptions:\n GD_Key API Key\n GD_Secret API Secret\n'\n\nGD_Api=\"https://api.godaddy.com/v1\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_gd_add() {\n fulldomain=$1\n txtvalue=$2\n\n GD_Key=\"${GD_Key:-$(_readaccountconf_mutable GD_Key)}\"\n GD_Secret=\"${GD_Secret:-$(_readaccountconf_mutable GD_Secret)}\"\n if [ -z \"$GD_Key\" ] || [ -z \"$GD_Secret\" ]; then\n GD_Key=\"\"\n GD_Secret=\"\"\n _err \"You didn't specify godaddy api key and secret yet.\"\n _err \"Please create your key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable GD_Key \"$GD_Key\"\n _saveaccountconf_mutable GD_Secret \"$GD_Secret\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting existing records\"\n if ! _gd_rest GET \"domains/$_domain/records/TXT/$_sub_domain\"; then\n return 1\n fi\n\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"This record already exists, skipping\"\n return 0\n fi\n\n _add_data=\"{\\\"data\\\":\\\"$txtvalue\\\"}\"\n for t in $(echo \"$response\" | tr '{' \"\\n\" | grep \"\\\"name\\\":\\\"$_sub_domain\\\"\" | tr ',' \"\\n\" | grep '\"data\"' | cut -d : -f 2); do\n _debug2 t \"$t\"\n # ignore empty (previously removed) records, to prevent useless _acme-challenge TXT entries\n if [ \"$t\" ] && [ \"$t\" != '\"\"' ]; then\n _add_data=\"$_add_data,{\\\"data\\\":$t}\"\n fi\n done\n _debug2 _add_data \"$_add_data\"\n\n _info \"Adding record\"\n if _gd_rest PUT \"domains/$_domain/records/TXT/$_sub_domain\" \"[$_add_data]\"; then\n _debug \"Checking updated records of '${fulldomain}'\"\n\n if ! _gd_rest GET \"domains/$_domain/records/TXT/$_sub_domain\"; then\n _err \"Validating TXT record for '${fulldomain}' with rest error [$?].\" \"$response\"\n return 1\n fi\n\n if ! _contains \"$response\" \"$txtvalue\"; then\n _err \"TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!\"\n return 1\n fi\n else\n _err \"Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set.\"\n return 1\n fi\n\n _sleep 10\n _info \"Added TXT record '${txtvalue}' for '${fulldomain}'.\"\n return 0\n}\n\n#fulldomain\ndns_gd_rm() {\n fulldomain=$1\n txtvalue=$2\n\n GD_Key=\"${GD_Key:-$(_readaccountconf_mutable GD_Key)}\"\n GD_Secret=\"${GD_Secret:-$(_readaccountconf_mutable GD_Secret)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting existing records\"\n if ! _gd_rest GET \"domains/$_domain/records/TXT/$_sub_domain\"; then\n return 1\n fi\n\n if ! _contains \"$response\" \"$txtvalue\"; then\n _info \"The record does not exist, skip\"\n return 0\n fi\n\n _add_data=\"\"\n for t in $(echo \"$response\" | tr '{' \"\\n\" | grep \"\\\"name\\\":\\\"$_sub_domain\\\"\" | tr ',' \"\\n\" | grep '\"data\"' | cut -d : -f 2); do\n _debug2 t \"$t\"\n if [ \"$t\" ] && [ \"$t\" != \"\\\"$txtvalue\\\"\" ]; then\n if [ \"$_add_data\" ]; then\n _add_data=\"$_add_data,{\\\"data\\\":$t}\"\n else\n _add_data=\"{\\\"data\\\":$t}\"\n fi\n fi\n done\n if [ -z \"$_add_data\" ]; then\n # delete empty record\n _debug \"Delete last record for '${fulldomain}'\"\n if ! _gd_rest DELETE \"domains/$_domain/records/TXT/$_sub_domain\"; then\n _err \"Cannot delete empty TXT record for '$fulldomain'\"\n return 1\n fi\n else\n # remove specific TXT value, keeping other entries\n _debug2 _add_data \"$_add_data\"\n if ! _gd_rest PUT \"domains/$_domain/records/TXT/$_sub_domain\" \"[$_add_data]\"; then\n _err \"Cannot update TXT record for '$fulldomain'\"\n return 1\n fi\n fi\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _gd_rest GET \"domains/$h\"; then\n return 1\n fi\n\n if _contains \"$response\" '\"code\":\"NOT_FOUND\"'; then\n _debug \"$h not found\"\n else\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_gd_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Authorization: sso-key $GD_Key:$GD_Secret\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$data\" ] || [ \"$m\" = \"DELETE\" ]; then\n _debug \"data ($m): \" \"$data\"\n response=\"$(_post \"$data\" \"$GD_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$GD_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error on rest call ($m): $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n if _contains \"$response\" \"UNABLE_TO_AUTHENTICATE\"; then\n _err \"It seems that your api key or secret is not correct.\"\n return 1\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_geoscaling.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_geoscaling_info='GeoScaling.com\nSite: GeoScaling.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_geoscaling\nOptions:\n GEOSCALING_Username Username. This is usually NOT an email address\n GEOSCALING_Password Password\n'\n\n#-- dns_geoscaling_add() - Add TXT record --------------------------------------\n# Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com \"XyZ123...\"\n\ndns_geoscaling_add() {\n full_domain=$1\n txt_value=$2\n _info \"Using DNS-01 Geoscaling DNS2 hook\"\n\n GEOSCALING_Username=\"${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}\"\n GEOSCALING_Password=\"${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}\"\n if [ -z \"$GEOSCALING_Username\" ] || [ -z \"$GEOSCALING_Password\" ]; then\n GEOSCALING_Username=\n GEOSCALING_Password=\n _err \"No auth details provided. Please set user credentials using the \\$GEOSCALING_Username and \\$GEOSCALING_Password environment variables.\"\n return 1\n fi\n _saveaccountconf_mutable GEOSCALING_Username \"${GEOSCALING_Username}\"\n _saveaccountconf_mutable GEOSCALING_Password \"${GEOSCALING_Password}\"\n\n # Fills in the $zone_id and $zone_name\n find_zone \"${full_domain}\" || return 1\n _debug \"Zone id '${zone_id}' will be used.\"\n\n # We're logged in here\n\n # we should add ${full_domain} minus the trailing ${zone_name}\n\n prefix=$(echo \"${full_domain}\" | sed \"s|\\\\.${zone_name}\\$||\")\n\n body=\"id=${zone_id}&name=${prefix}&type=TXT&content=${txt_value}&ttl=300&prio=0\"\n\n do_post \"$body\" \"https://www.geoscaling.com/dns2/ajax/add_record.php\"\n exit_code=\"$?\"\n if [ \"${exit_code}\" -eq 0 ]; then\n _info \"TXT record added successfully.\"\n else\n _err \"Couldn't add the TXT record.\"\n fi\n do_logout\n return \"${exit_code}\"\n}\n\n#-- dns_geoscaling_rm() - Remove TXT record ------------------------------------\n# Usage: dns_geoscaling_rm _acme-challenge.subdomain.domain.com \"XyZ123...\"\n\ndns_geoscaling_rm() {\n full_domain=$1\n txt_value=$2\n _info \"Cleaning up after DNS-01 Geoscaling DNS2 hook\"\n\n GEOSCALING_Username=\"${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}\"\n GEOSCALING_Password=\"${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}\"\n if [ -z \"$GEOSCALING_Username\" ] || [ -z \"$GEOSCALING_Password\" ]; then\n GEOSCALING_Username=\n GEOSCALING_Password=\n _err \"No auth details provided. Please set user credentials using the \\$GEOSCALING_Username and \\$GEOSCALING_Password environment variables.\"\n return 1\n fi\n _saveaccountconf_mutable GEOSCALING_Username \"${GEOSCALING_Username}\"\n _saveaccountconf_mutable GEOSCALING_Password \"${GEOSCALING_Password}\"\n\n # fills in the $zone_id\n find_zone \"${full_domain}\" || return 1\n _debug \"Zone id '${zone_id}' will be used.\"\n\n # Here we're logged in\n # Find the record id to clean\n\n # get the domain\n response=$(do_get \"https://www.geoscaling.com/dns2/index.php?module=domain&id=${zone_id}\")\n _debug2 \"response\" \"$response\"\n\n table=\"$(echo \"${response}\" | tr -d '\\n' | sed 's|.*Basic Records .*||')\"\n _debug2 table \"${table}\"\n names=$(echo \"${table}\" | _egrep_o 'id=\"[0-9]+\\.name\">[^<]*' | sed 's|||; s|.*>||')\n ids=$(echo \"${table}\" | _egrep_o 'id=\"[0-9]+\\.name\">[^<]*' | sed 's|\\.name\">.*||; s|id=\"||')\n types=$(echo \"${table}\" | _egrep_o 'id=\"[0-9]+\\.type\">[^<]*' | sed 's|||; s|.*>||')\n values=$(echo \"${table}\" | _egrep_o 'id=\"[0-9]+\\.content\">[^<]*' | sed 's|||; s|.*>||')\n\n _debug2 names \"${names}\"\n _debug2 ids \"${ids}\"\n _debug2 types \"${types}\"\n _debug2 values \"${values}\"\n\n # look for line whose name is ${full_domain}, whose type is TXT, and whose value is ${txt_value}\n line_num=\"$(echo \"${values}\" | grep -F -n -- \"${txt_value}\" | _head_n 1 | cut -d ':' -f 1)\"\n _debug2 line_num \"${line_num}\"\n found_id=\n if [ -n \"$line_num\" ]; then\n type=$(echo \"${types}\" | sed -n \"${line_num}p\")\n name=$(echo \"${names}\" | sed -n \"${line_num}p\")\n id=$(echo \"${ids}\" | sed -n \"${line_num}p\")\n\n _debug2 type \"$type\"\n _debug2 name \"$name\"\n _debug2 id \"$id\"\n _debug2 full_domain \"$full_domain\"\n\n if [ \"${type}\" = \"TXT\" ] && [ \"${name}\" = \"${full_domain}\" ]; then\n found_id=${id}\n fi\n fi\n\n if [ \"${found_id}\" = \"\" ]; then\n _err \"Can not find record id.\"\n return 0\n fi\n\n # Remove the record\n body=\"id=${zone_id}&record_id=${found_id}\"\n response=$(do_post \"$body\" \"https://www.geoscaling.com/dns2/ajax/delete_record.php\")\n exit_code=\"$?\"\n if [ \"$exit_code\" -eq 0 ]; then\n _info \"Record removed successfully.\"\n else\n _err \"Could not clean (remove) up the record. Please go to Geoscaling administration interface and clean it by hand.\"\n fi\n do_logout\n return \"${exit_code}\"\n}\n\n########################## PRIVATE FUNCTIONS ###########################\n\ndo_get() {\n _url=$1\n export _H1=\"Cookie: $geoscaling_phpsessid_cookie\"\n _get \"${_url}\"\n}\n\ndo_post() {\n _body=$1\n _url=$2\n export _H1=\"Cookie: $geoscaling_phpsessid_cookie\"\n _post \"${_body}\" \"${_url}\"\n}\n\ndo_login() {\n\n _info \"Logging in...\"\n\n username_encoded=\"$(printf \"%s\" \"${GEOSCALING_Username}\" | _url_encode)\"\n password_encoded=\"$(printf \"%s\" \"${GEOSCALING_Password}\" | _url_encode)\"\n body=\"username=${username_encoded}&password=${password_encoded}\"\n\n response=$(_post \"$body\" \"https://www.geoscaling.com/dns2/index.php?module=auth\")\n _debug2 response \"${response}\"\n\n #retcode=$(grep '^HTTP[^ ]*' \"${HTTP_HEADER}\" | _head_n 1 | _egrep_o '[0-9]+$')\n retcode=$(grep '^HTTP[^ ]*' \"${HTTP_HEADER}\" | _head_n 1 | cut -d ' ' -f 2)\n\n if [ \"$retcode\" != \"302\" ]; then\n _err \"Geoscaling login failed for user ${GEOSCALING_Username}. Check ${HTTP_HEADER} file\"\n return 1\n fi\n\n geoscaling_phpsessid_cookie=\"$(grep -i '^set-cookie:' \"${HTTP_HEADER}\" | _egrep_o 'PHPSESSID=[^;]*;' | tr -d ';')\"\n return 0\n\n}\n\ndo_logout() {\n _info \"Logging out.\"\n response=\"$(do_get \"https://www.geoscaling.com/dns2/index.php?module=auth\")\"\n _debug2 response \"$response\"\n return 0\n}\n\nfind_zone() {\n domain=\"$1\"\n\n # do login\n do_login || return 1\n\n # get zones\n response=\"$(do_get \"https://www.geoscaling.com/dns2/index.php?module=domains\")\"\n\n table=\"$(echo \"${response}\" | tr -d '\\n' | sed 's|.*Your domains .*||')\"\n _debug2 table \"${table}\"\n zone_names=\"$(echo \"${table}\" | _egrep_o '[^<]*' | sed 's|||;s|||')\"\n _debug2 _matches \"${zone_names}\"\n # Zone names and zone IDs are in same order\n zone_ids=$(echo \"${table}\" | _egrep_o '' | sed 's|.*id=||;s|. .*||')\n\n _debug2 \"These are the zones on this Geoscaling account:\"\n _debug2 \"zone_names\" \"${zone_names}\"\n _debug2 \"And these are their respective IDs:\"\n _debug2 \"zone_ids\" \"${zone_ids}\"\n if [ -z \"${zone_names}\" ] || [ -z \"${zone_ids}\" ]; then\n _err \"Can not get zone names or IDs.\"\n return 1\n fi\n # Walk through all possible zone names\n strip_counter=1\n while true; do\n attempted_zone=$(echo \"${domain}\" | cut -d . -f \"${strip_counter}\"-)\n\n # All possible zone names have been tried\n if [ -z \"${attempted_zone}\" ]; then\n _err \"No zone for domain '${domain}' found.\"\n return 1\n fi\n\n _debug \"Looking for zone '${attempted_zone}'\"\n\n line_num=\"$(echo \"${zone_names}\" | grep -n \"^${attempted_zone}\\$\" | _head_n 1 | cut -d : -f 1)\"\n _debug2 line_num \"${line_num}\"\n if [ \"$line_num\" ]; then\n zone_id=$(echo \"${zone_ids}\" | sed -n \"${line_num}p\")\n zone_name=$(echo \"${zone_names}\" | sed -n \"${line_num}p\")\n if [ -z \"${zone_id}\" ]; then\n _err \"Can not find zone id.\"\n return 1\n fi\n _debug \"Found relevant zone '${attempted_zone}' with id '${zone_id}' - will be used for domain '${domain}'.\"\n return 0\n fi\n\n _debug \"Zone '${attempted_zone}' doesn't exist, let's try a less specific zone.\"\n strip_counter=$(_math \"${strip_counter}\" + 1)\n done\n}\n# vim: et:ts=2:sw=2:\n"
},
{
"path": "dnsapi/dns_googledomains.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_googledomains_info='Google Domains\nSite: Domains.Google.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_googledomains\nOptions:\n GOOGLEDOMAINS_ACCESS_TOKEN API Access Token\n GOOGLEDOMAINS_ZONE Zone\nIssues: github.com/acmesh-official/acme.sh/issues/4545\nAuthor: Alex Leigh \n'\n\nGOOGLEDOMAINS_API=\"https://acmedns.googleapis.com/v1/acmeChallengeSets\"\n\n######## Public functions ########\n\n#Usage: dns_googledomains_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_googledomains_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Invoking Google Domains ACME DNS API.\"\n\n if ! _dns_googledomains_setup; then\n return 1\n fi\n\n zone=\"$(_dns_googledomains_get_zone \"$fulldomain\")\"\n if [ -z \"$zone\" ]; then\n _err \"Could not find a Google Domains-managed zone containing the requested domain.\"\n return 1\n fi\n\n _debug zone \"$zone\"\n _debug txtvalue \"$txtvalue\"\n\n _info \"Adding TXT record for $fulldomain.\"\n if _dns_googledomains_api \"$zone\" \":rotateChallenges\" \"{\\\"accessToken\\\":\\\"$GOOGLEDOMAINS_ACCESS_TOKEN\\\",\\\"recordsToAdd\\\":[{\\\"fqdn\\\":\\\"$fulldomain\\\",\\\"digest\\\":\\\"$txtvalue\\\"}],\\\"keepExpiredRecords\\\":true}\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"TXT record added.\"\n return 0\n else\n _err \"Error adding TXT record.\"\n return 1\n fi\n fi\n\n _err \"Error adding TXT record.\"\n return 1\n}\n\n#Usage: dns_googledomains_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_googledomains_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Invoking Google Domains ACME DNS API.\"\n\n if ! _dns_googledomains_setup; then\n return 1\n fi\n\n zone=\"$(_dns_googledomains_get_zone \"$fulldomain\")\"\n if [ -z \"$zone\" ]; then\n _err \"Could not find a Google Domains-managed domain based on request.\"\n return 1\n fi\n\n _debug zone \"$zone\"\n _debug txtvalue \"$txtvalue\"\n\n _info \"Removing TXT record for $fulldomain.\"\n if _dns_googledomains_api \"$zone\" \":rotateChallenges\" \"{\\\"accessToken\\\":\\\"$GOOGLEDOMAINS_ACCESS_TOKEN\\\",\\\"recordsToRemove\\\":[{\\\"fqdn\\\":\\\"$fulldomain\\\",\\\"digest\\\":\\\"$txtvalue\\\"}],\\\"keepExpiredRecords\\\":true}\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _err \"Error removing TXT record.\"\n return 1\n else\n _info \"TXT record removed.\"\n return 0\n fi\n fi\n\n _err \"Error removing TXT record.\"\n return 1\n}\n\n######## Private functions ########\n\n_dns_googledomains_setup() {\n if [ -n \"$GOOGLEDOMAINS_SETUP_COMPLETED\" ]; then\n return 0\n fi\n\n GOOGLEDOMAINS_ACCESS_TOKEN=\"${GOOGLEDOMAINS_ACCESS_TOKEN:-$(_readaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN)}\"\n GOOGLEDOMAINS_ZONE=\"${GOOGLEDOMAINS_ZONE:-$(_readaccountconf_mutable GOOGLEDOMAINS_ZONE)}\"\n\n if [ -z \"$GOOGLEDOMAINS_ACCESS_TOKEN\" ]; then\n GOOGLEDOMAINS_ACCESS_TOKEN=\"\"\n _err \"Google Domains access token was not specified.\"\n _err \"Please visit Google Domains Security settings to provision an ACME DNS API access token.\"\n return 1\n fi\n\n if [ \"$GOOGLEDOMAINS_ZONE\" ]; then\n _savedomainconf GOOGLEDOMAINS_ACCESS_TOKEN \"$GOOGLEDOMAINS_ACCESS_TOKEN\"\n _savedomainconf GOOGLEDOMAINS_ZONE \"$GOOGLEDOMAINS_ZONE\"\n else\n _saveaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN \"$GOOGLEDOMAINS_ACCESS_TOKEN\"\n _clearaccountconf_mutable GOOGLEDOMAINS_ZONE\n _clearaccountconf GOOGLEDOMAINS_ZONE\n fi\n\n _debug GOOGLEDOMAINS_ACCESS_TOKEN \"$GOOGLEDOMAINS_ACCESS_TOKEN\"\n _debug GOOGLEDOMAINS_ZONE \"$GOOGLEDOMAINS_ZONE\"\n\n GOOGLEDOMAINS_SETUP_COMPLETED=1\n return 0\n}\n\n_dns_googledomains_get_zone() {\n domain=$1\n\n # Use zone directly if provided\n if [ \"$GOOGLEDOMAINS_ZONE\" ]; then\n if ! _dns_googledomains_api \"$GOOGLEDOMAINS_ZONE\"; then\n return 1\n fi\n\n echo \"$GOOGLEDOMAINS_ZONE\"\n return 0\n fi\n\n i=2\n while true; do\n curr=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug curr \"$curr\"\n\n if [ -z \"$curr\" ]; then\n return 1\n fi\n\n if _dns_googledomains_api \"$curr\"; then\n echo \"$curr\"\n return 0\n fi\n\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n_dns_googledomains_api() {\n zone=$1\n apimethod=$2\n data=\"$3\"\n\n if [ -z \"$data\" ]; then\n response=\"$(_get \"$GOOGLEDOMAINS_API/$zone$apimethod\")\"\n else\n _debug data \"$data\"\n export _H1=\"Content-Type: application/json\"\n response=\"$(_post \"$data\" \"$GOOGLEDOMAINS_API/$zone$apimethod\")\"\n fi\n\n _debug response \"$response\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Error\"\n return 1\n fi\n\n if _contains \"$response\" \"\\\"error\\\": {\"; then\n return 1\n fi\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_he.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_he_info='Hurricane Electric HE.net\nSite: dns.he.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_he\nOptions:\n HE_Username Username\n HE_Password Password\nIssues: github.com/angel333/acme.sh/issues/\nAuthor: Ondrej Simek \n'\n\n#-- dns_he_add() - Add TXT record --------------------------------------\n# Usage: dns_he_add _acme-challenge.subdomain.domain.com \"XyZ123...\"\n\ndns_he_add() {\n _full_domain=$1\n _txt_value=$2\n _info \"Using DNS-01 Hurricane Electric hook\"\n\n HE_Username=\"${HE_Username:-$(_readaccountconf_mutable HE_Username)}\"\n HE_Password=\"${HE_Password:-$(_readaccountconf_mutable HE_Password)}\"\n if [ -z \"$HE_Username\" ] || [ -z \"$HE_Password\" ]; then\n HE_Username=\n HE_Password=\n _err \"No auth details provided. Please set user credentials using the \\$HE_Username and \\$HE_Password environment variables.\"\n return 1\n fi\n _saveaccountconf_mutable HE_Username \"$HE_Username\"\n _saveaccountconf_mutable HE_Password \"$HE_Password\"\n\n # Fills in the $_zone_id\n _find_zone \"$_full_domain\" || return 1\n _debug \"Zone id \\\"$_zone_id\\\" will be used.\"\n username_encoded=\"$(printf \"%s\" \"${HE_Username}\" | _url_encode)\"\n password_encoded=\"$(printf \"%s\" \"${HE_Password}\" | _url_encode)\"\n body=\"email=${username_encoded}&pass=${password_encoded}\"\n body=\"$body&account=\"\n body=\"$body&menu=edit_zone\"\n body=\"$body&Type=TXT\"\n body=\"$body&hosted_dns_zoneid=$_zone_id\"\n body=\"$body&hosted_dns_recordid=\"\n body=\"$body&hosted_dns_editzone=1\"\n body=\"$body&Priority=\"\n body=\"$body&Name=$_full_domain\"\n body=\"$body&Content=$_txt_value\"\n body=\"$body&TTL=300\"\n body=\"$body&hosted_dns_editrecord=Submit\"\n response=\"$(_post \"$body\" \"https://dns.he.net/\")\"\n exit_code=\"$?\"\n if [ \"$exit_code\" -eq 0 ]; then\n _info \"TXT record added successfully.\"\n else\n _err \"Couldn't add the TXT record.\"\n fi\n _debug2 response \"$response\"\n return \"$exit_code\"\n}\n\n#-- dns_he_rm() - Remove TXT record ------------------------------------\n# Usage: dns_he_rm _acme-challenge.subdomain.domain.com \"XyZ123...\"\n\ndns_he_rm() {\n _full_domain=$1\n _txt_value=$2\n _info \"Cleaning up after DNS-01 Hurricane Electric hook\"\n HE_Username=\"${HE_Username:-$(_readaccountconf_mutable HE_Username)}\"\n HE_Password=\"${HE_Password:-$(_readaccountconf_mutable HE_Password)}\"\n # fills in the $_zone_id\n _find_zone \"$_full_domain\" || return 1\n _debug \"Zone id \\\"$_zone_id\\\" will be used.\"\n\n # Find the record id to clean\n username_encoded=\"$(printf \"%s\" \"${HE_Username}\" | _url_encode)\"\n password_encoded=\"$(printf \"%s\" \"${HE_Password}\" | _url_encode)\"\n body=\"email=${username_encoded}&pass=${password_encoded}\"\n body=\"$body&hosted_dns_zoneid=$_zone_id\"\n body=\"$body&menu=edit_zone\"\n body=\"$body&hosted_dns_editzone=\"\n\n response=\"$(_post \"$body\" \"https://dns.he.net/\")\"\n _debug2 \"response\" \"$response\"\n if ! _contains \"$response\" \"$_txt_value\"; then\n _debug \"The txt record is not found, just skip\"\n return 0\n fi\n _record_id=\"$(echo \"$response\" | tr -d \"#\" | sed \"s/Successfully removed record.' \\\n >/dev/null\n exit_code=\"$?\"\n if [ \"$exit_code\" -eq 0 ]; then\n _info \"Record removed successfully.\"\n else\n _err \"Could not clean (remove) up the record. Please go to HE administration interface and clean it by hand.\"\n return \"$exit_code\"\n fi\n}\n\n########################## PRIVATE FUNCTIONS ###########################\n\n_find_zone() {\n _domain=\"$1\"\n username_encoded=\"$(printf \"%s\" \"${HE_Username}\" | _url_encode)\"\n password_encoded=\"$(printf \"%s\" \"${HE_Password}\" | _url_encode)\"\n body=\"email=${username_encoded}&pass=${password_encoded}\"\n response=\"$(_post \"$body\" \"https://dns.he.net/\")\"\n _debug2 response \"$response\"\n if _contains \"$response\" '>Incorrect<'; then\n _err \"Unable to login to dns.he.net please check username and password\"\n return 1\n fi\n _table=\"$(echo \"$response\" | tr -d \"#\" | sed \"s/\"${HTTP_HEADER}\"\n\n if [ \"${method}\" = \"GET\" ]; then\n response=\"$(_get \"${url}\")\"\n else\n if [ -z \"${data}\" ]; then\n data=\"{}\"\n fi\n response=\"$(_post \"${data}\" \"${url}\" \"\" \"${method}\" \"application/json\")\"\n fi\n ret=\"${?}\"\n\n _hetznercloud_last_http_code=$(grep \"^HTTP\" \"${HTTP_HEADER}\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d '\\r\\n')\n\n if [ \"${ret}\" != \"0\" ]; then\n return 1\n fi\n\n if [ \"${_hetznercloud_last_http_code}\" = \"429\" ] && [ \"${retried}\" != \"retried\" ]; then\n retry_after=$(grep -i \"^Retry-After\" \"${HTTP_HEADER}\" | _tail_n 1 | cut -d : -f 2 | tr -d ' \\r')\n if [ -z \"${retry_after}\" ]; then\n retry_after=1\n fi\n _info \"Hetzner Cloud DNS API rate limit hit; retrying in ${retry_after} seconds.\"\n _sleep \"${retry_after}\"\n if ! _hetznercloud_api \"${method}\" \"${ep}\" \"${data}\" \"retried\"; then\n return 1\n fi\n return 0\n fi\n\n return 0\n}\n\n_hetznercloud_handle_action_response() {\n context=\"${1}\"\n if [ -z \"${response}\" ]; then\n return 0\n fi\n\n normalized=$(printf \"%s\" \"${response}\" | _normalizeJson)\n\n failed_message=\"\"\n if failed_message=$(_hetznercloud_extract_failed_action_message \"${normalized}\"); then\n if [ -n \"${failed_message}\" ]; then\n _err \"Hetzner Cloud DNS ${context} failed: ${failed_message}\"\n else\n _err \"Hetzner Cloud DNS ${context} failed.\"\n fi\n return 1\n fi\n\n action_ids=\"\"\n if action_ids=$(_hetznercloud_extract_action_ids \"${normalized}\"); then\n for action_id in ${action_ids}; do\n if [ -z \"${action_id}\" ]; then\n continue\n fi\n if ! _hetznercloud_wait_for_action \"${action_id}\" \"${context}\"; then\n return 1\n fi\n done\n fi\n\n return 0\n}\n\n_hetznercloud_extract_failed_action_message() {\n normalized=\"${1}\"\n failed_section=$(printf \"%s\" \"${normalized}\" | _egrep_o '\"failed_actions\":\\[[^]]*\\]')\n if [ -z \"${failed_section}\" ]; then\n return 1\n fi\n if _contains \"${failed_section}\" '\"failed_actions\":[]'; then\n return 1\n fi\n message=$(printf \"%s\" \"${failed_section}\" | _egrep_o '\"message\":\"[^\"]*\"' | _head_n 1 | cut -d : -f 2 | tr -d '\"')\n if [ -n \"${message}\" ]; then\n printf \"%s\" \"${message}\"\n else\n printf \"%s\" \"${failed_section}\"\n fi\n return 0\n}\n\n_hetznercloud_extract_action_ids() {\n normalized=\"${1}\"\n actions_section=$(printf \"%s\" \"${normalized}\" | _egrep_o '\"actions\":\\[[^]]*\\]')\n if [ -z \"${actions_section}\" ]; then\n return 1\n fi\n action_ids=$(printf \"%s\" \"${actions_section}\" | _egrep_o '\"id\":[0-9]*' | cut -d : -f 2 | tr -d '\"' | tr '\\n' ' ')\n action_ids=$(printf \"%s\" \"${action_ids}\" | tr -s ' ')\n action_ids=$(printf \"%s\" \"${action_ids}\" | sed 's/^ //;s/ $//')\n if [ -z \"${action_ids}\" ]; then\n return 1\n fi\n printf \"%s\" \"${action_ids}\"\n return 0\n}\n\n_hetznercloud_wait_for_action() {\n action_id=\"${1}\"\n context=\"${2}\"\n attempts=\"0\"\n\n while true; do\n if ! _hetznercloud_api GET \"/actions/${action_id}\"; then\n return 1\n fi\n if [ \"${_hetznercloud_last_http_code}\" != \"200\" ]; then\n _hetznercloud_log_http_error \"Hetzner Cloud DNS action ${action_id} query failed\" \"${_hetznercloud_last_http_code}\"\n return 1\n fi\n\n normalized=$(printf \"%s\" \"${response}\" | _normalizeJson)\n action_status=$(_hetznercloud_action_status_from_normalized \"${normalized}\")\n\n if [ -z \"${action_status}\" ]; then\n _err \"Hetzner Cloud DNS ${context} action ${action_id} returned no status.\"\n return 1\n fi\n\n if [ \"${action_status}\" = \"success\" ]; then\n return 0\n fi\n\n if [ \"${action_status}\" = \"error\" ]; then\n if action_error=$(_hetznercloud_action_error_from_normalized \"${normalized}\"); then\n _err \"Hetzner Cloud DNS ${context} action ${action_id} failed: ${action_error}\"\n else\n _err \"Hetzner Cloud DNS ${context} action ${action_id} failed.\"\n fi\n return 1\n fi\n\n attempts=$(_math \"${attempts}\" + 1)\n if [ \"${attempts}\" -ge \"${HETZNER_MAX_ATTEMPTS}\" ]; then\n _err \"Hetzner Cloud DNS ${context} action ${action_id} did not complete after ${HETZNER_MAX_ATTEMPTS} attempts.\"\n return 1\n fi\n\n _sleep 1\n done\n}\n\n_hetznercloud_action_status_from_normalized() {\n normalized=\"${1}\"\n status=$(printf \"%s\" \"${normalized}\" | _egrep_o '\"status\":\"[^\"]*\"' | _head_n 1 | cut -d : -f 2 | tr -d '\"')\n printf \"%s\" \"${status}\"\n}\n\n_hetznercloud_action_error_from_normalized() {\n normalized=\"${1}\"\n error_section=$(printf \"%s\" \"${normalized}\" | _egrep_o '\"error\":{[^}]*}')\n if [ -z \"${error_section}\" ]; then\n return 1\n fi\n message=$(printf \"%s\" \"${error_section}\" | _egrep_o '\"message\":\"[^\"]*\"' | _head_n 1 | cut -d : -f 2 | tr -d '\"')\n if [ -n \"${message}\" ]; then\n printf \"%s\" \"${message}\"\n return 0\n fi\n code=$(printf \"%s\" \"${error_section}\" | _egrep_o '\"code\":\"[^\"]*\"' | _head_n 1 | cut -d : -f 2 | tr -d '\"')\n if [ -n \"${code}\" ]; then\n printf \"%s\" \"${code}\"\n return 0\n fi\n return 1\n}\n"
},
{
"path": "dnsapi/dns_hexonet.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_hexonet_info='Hexonet.com\nSite: Hexonet.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_hexonet\nOptions:\n Hexonet_Login Login. E.g. \"username!roleId\"\n Hexonet_Password Role Password\nIssues: github.com/acmesh-official/acme.sh/issues/2389\n'\n\nHexonet_Api=\"https://coreapi.1api.net/api/call.cgi\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_hexonet_add() {\n fulldomain=$1\n txtvalue=$2\n\n Hexonet_Login=\"${Hexonet_Login:-$(_readaccountconf_mutable Hexonet_Login)}\"\n Hexonet_Password=\"${Hexonet_Password:-$(_readaccountconf_mutable Hexonet_Password)}\"\n if [ -z \"$Hexonet_Login\" ] || [ -z \"$Hexonet_Password\" ]; then\n Hexonet_Login=\"\"\n Hexonet_Password=\"\"\n _err \"You must export variables: Hexonet_Login and Hexonet_Password\"\n return 1\n fi\n\n if ! _contains \"$Hexonet_Login\" \"!\"; then\n _err \"It seems that the Hexonet_Login=$Hexonet_Login is not a restrivteed user.\"\n _err \"Please check and retry.\"\n return 1\n fi\n\n #save the username and password to the account conf file.\n _saveaccountconf_mutable Hexonet_Login \"$Hexonet_Login\"\n _saveaccountconf_mutable Hexonet_Password \"$Hexonet_Password\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _hexonet_rest \"command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT\"\n\n if ! _contains \"$response\" \"CODE=200\"; then\n _err \"Error\"\n return 1\n fi\n\n _info \"Adding record\"\n if _hexonet_rest \"command=UpdateDNSZone&dnszone=${_domain}.&addrr0=${_sub_domain}%20IN%20TXT%20${txtvalue}\"; then\n if _contains \"$response\" \"CODE=200\"; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n\n}\n\n#fulldomain txtvalue\ndns_hexonet_rm() {\n fulldomain=$1\n txtvalue=$2\n\n Hexonet_Login=\"${Hexonet_Login:-$(_readaccountconf_mutable Hexonet_Login)}\"\n Hexonet_Password=\"${Hexonet_Password:-$(_readaccountconf_mutable Hexonet_Password)}\"\n if [ -z \"$Hexonet_Login\" ] || [ -z \"$Hexonet_Password\" ]; then\n Hexonet_Login=\"\"\n Hexonet_Password=\"\"\n _err \"You must export variables: Hexonet_Login and Hexonet_Password\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _hexonet_rest \"command=QueryDNSZoneRRList&dnszone=${h}.&RRTYPE=TXT&RR=${_sub_domain}%20IN%20TXT%20\\\"${txtvalue}\\\"\"\n\n if ! _contains \"$response\" \"CODE=200\"; then\n _err \"Error\"\n return 1\n fi\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"PROPERTY[TOTAL][0]=\" | cut -d = -f 2)\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n if ! _hexonet_rest \"command=UpdateDNSZone&dnszone=${_domain}.&delrr0=${_sub_domain}%20IN%20TXT%20\\\"${txtvalue}\\\"\"; then\n _err \"Delete record error.\"\n return 1\n fi\n _contains \"$response\" \"CODE=200\"\n fi\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=1\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _hexonet_rest \"command=QueryDNSZoneRRList&dnszone=${h}.\"; then\n return 1\n fi\n\n if _contains \"$response\" \"CODE=200\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_hexonet_rest() {\n query_params=\"$1\"\n _debug \"$query_params\"\n\n response=\"$(_get \"${Hexonet_Api}?s_login=${Hexonet_Login}&s_pw=${Hexonet_Password}&${query_params}\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $query_params\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_hostingde.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_hostingde_info='Hosting.de\nSite: Hosting.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hostingde\nOptions:\n HOSTINGDE_ENDPOINT Endpoint. E.g. \"https://secure.hosting.de\"\n HOSTINGDE_APIKEY API Key\nIssues: github.com/acmesh-official/acme.sh/issues/2058\n'\n\n######## Public functions #####################\n\ndns_hostingde_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n _debug \"Calling: _hostingde_addRecord() '${fulldomain}' '${txtvalue}'\"\n _hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_addRecord\n return $?\n}\n\ndns_hostingde_rm() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n _debug \"Calling: _hostingde_removeRecord() '${fulldomain}' '${txtvalue}'\"\n _hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_removeRecord\n return $?\n}\n\n#################### own Private functions below ##################################\n\n_hostingde_apiKey() {\n HOSTINGDE_APIKEY=\"${HOSTINGDE_APIKEY:-$(_readaccountconf_mutable HOSTINGDE_APIKEY)}\"\n HOSTINGDE_ENDPOINT=\"${HOSTINGDE_ENDPOINT:-$(_readaccountconf_mutable HOSTINGDE_ENDPOINT)}\"\n if [ -z \"$HOSTINGDE_APIKEY\" ] || [ -z \"$HOSTINGDE_ENDPOINT\" ]; then\n HOSTINGDE_APIKEY=\"\"\n HOSTINGDE_ENDPOINT=\"\"\n _err \"You haven't specified hosting.de API key or endpoint yet.\"\n _err \"Please create your key and try again.\"\n return 1\n fi\n\n _saveaccountconf_mutable HOSTINGDE_APIKEY \"$HOSTINGDE_APIKEY\"\n _saveaccountconf_mutable HOSTINGDE_ENDPOINT \"$HOSTINGDE_ENDPOINT\"\n}\n\n_hostingde_parse() {\n find=\"${1}\"\n if [ \"${2}\" ]; then\n notfind=\"${2}\"\n fi\n if [ \"${notfind}\" ]; then\n _egrep_o \\\"\"${find}\\\":.*\" | grep -v \"${notfind}\" | cut -d ':' -f 2 | cut -d ',' -f 1 | tr -d ' '\n else\n _egrep_o \\\"\"${find}\\\":.*\" | cut -d ':' -f 2 | cut -d ',' -f 1 | tr -d ' '\n fi\n}\n\n_hostingde_getZoneConfig() {\n _info \"Getting ZoneConfig\"\n curZone=\"${fulldomain#*.}\"\n returnCode=1\n while _contains \"${curZone}\" \"\\\\.\"; do\n curData=\"{\\\"filter\\\":{\\\"field\\\":\\\"zoneName\\\",\\\"value\\\":\\\"${curZone}\\\"},\\\"limit\\\":1,\\\"authToken\\\":\\\"${HOSTINGDE_APIKEY}\\\"}\"\n curResult=\"$(_post \"${curData}\" \"${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneConfigsFind\")\"\n _debug \"Calling zoneConfigsFind: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneConfigsFind'\"\n _debug \"Result of zoneConfigsFind: '$curResult'\"\n if _contains \"${curResult}\" '\"status\": \"error\"'; then\n if _contains \"${curResult}\" '\"code\": 10109'; then\n _err \"The API-Key is invalid or could not be found\"\n else\n _err \"UNKNOWN API ERROR\"\n fi\n returnCode=1\n break\n fi\n if _contains \"${curResult}\" '\"totalEntries\": 1'; then\n _info \"Retrieved zone data.\"\n _debug \"Zone data: '${curResult}'\"\n zoneConfigId=$(echo \"${curResult}\" | _hostingde_parse \"id\")\n zoneConfigName=$(echo \"${curResult}\" | _hostingde_parse \"name\")\n zoneConfigType=$(echo \"${curResult}\" | _hostingde_parse \"type\" \"FindZoneConfigsResult\")\n zoneConfigExpire=$(echo \"${curResult}\" | _hostingde_parse \"expire\")\n zoneConfigNegativeTtl=$(echo \"${curResult}\" | _hostingde_parse \"negativeTtl\")\n zoneConfigRefresh=$(echo \"${curResult}\" | _hostingde_parse \"refresh\")\n zoneConfigRetry=$(echo \"${curResult}\" | _hostingde_parse \"retry\")\n zoneConfigTtl=$(echo \"${curResult}\" | _hostingde_parse \"ttl\")\n zoneConfigDnsServerGroupId=$(echo \"${curResult}\" | _hostingde_parse \"dnsServerGroupId\")\n zoneConfigEmailAddress=$(echo \"${curResult}\" | _hostingde_parse \"emailAddress\")\n zoneConfigDnsSecMode=$(echo \"${curResult}\" | _hostingde_parse \"dnsSecMode\")\n zoneConfigTemplateValues=$(echo \"${curResult}\" | _hostingde_parse \"templateValues\")\n\n if [ \"$zoneConfigTemplateValues\" != \"null\" ]; then\n _debug \"Zone is tied to a template.\"\n zoneConfigTemplateValuesTemplateId=$(echo \"${curResult}\" | _hostingde_parse \"templateId\")\n zoneConfigTemplateValuesTemplateName=$(echo \"${curResult}\" | _hostingde_parse \"templateName\")\n zoneConfigTemplateValuesTemplateReplacementsIPv4=$(echo \"${curResult}\" | _hostingde_parse \"ipv4Replacement\")\n zoneConfigTemplateValuesTemplateReplacementsIPv6=$(echo \"${curResult}\" | _hostingde_parse \"ipv6Replacement\")\n zoneConfigTemplateValuesTemplateReplacementsMailIPv4=$(echo \"${curResult}\" | _hostingde_parse \"mailIpv4Replacement\")\n zoneConfigTemplateValuesTemplateReplacementsMailIPv6=$(echo \"${curResult}\" | _hostingde_parse \"mailIpv6Replacement\")\n zoneConfigTemplateValuesTemplateTieToTemplate=$(echo \"${curResult}\" | _hostingde_parse \"tieToTemplate\")\n\n zoneConfigTemplateValues=\"{\\\"templateId\\\":${zoneConfigTemplateValuesTemplateId},\\\"templateName\\\":${zoneConfigTemplateValuesTemplateName},\\\"templateReplacements\\\":{\\\"ipv4Replacement\\\":${zoneConfigTemplateValuesTemplateReplacementsIPv4},\\\"ipv6Replacement\\\":${zoneConfigTemplateValuesTemplateReplacementsIPv6},\\\"mailIpv4Replacement\\\":${zoneConfigTemplateValuesTemplateReplacementsMailIPv4},\\\"mailIpv6Replacement\\\":${zoneConfigTemplateValuesTemplateReplacementsMailIPv6}},\\\"tieToTemplate\\\":${zoneConfigTemplateValuesTemplateTieToTemplate}}\"\n _debug \"Template values: '{$zoneConfigTemplateValues}'\"\n fi\n\n if [ \"${zoneConfigType}\" != \"\\\"NATIVE\\\"\" ]; then\n _err \"Zone is not native\"\n returnCode=1\n break\n fi\n _debug \"zoneConfigId '${zoneConfigId}'\"\n returnCode=0\n break\n fi\n curZone=\"${curZone#*.}\"\n done\n if [ $returnCode -ne 0 ]; then\n _info \"ZoneEnd reached, Zone ${curZone} not found in hosting.de API\"\n fi\n return $returnCode\n}\n\n_hostingde_getZoneStatus() {\n _debug \"Checking Zone status\"\n curData=\"{\\\"filter\\\":{\\\"field\\\":\\\"zoneConfigId\\\",\\\"value\\\":${zoneConfigId}},\\\"limit\\\":1,\\\"authToken\\\":\\\"${HOSTINGDE_APIKEY}\\\"}\"\n curResult=\"$(_post \"${curData}\" \"${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind\")\"\n _debug \"Calling zonesFind '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind'\"\n _debug \"Result of zonesFind '$curResult'\"\n zoneStatus=$(echo \"${curResult}\" | _hostingde_parse \"status\" \"success\")\n _debug \"zoneStatus '${zoneStatus}'\"\n return 0\n}\n\n_hostingde_addRecord() {\n _info \"Adding record to zone\"\n _hostingde_getZoneStatus\n _debug \"Result of zoneStatus: '${zoneStatus}'\"\n while [ \"${zoneStatus}\" != \"\\\"active\\\"\" ]; do\n _sleep 5\n _hostingde_getZoneStatus\n _debug \"Result of zoneStatus: '${zoneStatus}'\"\n done\n curData=\"{\\\"authToken\\\":\\\"${HOSTINGDE_APIKEY}\\\",\\\"zoneConfig\\\":{\\\"id\\\":${zoneConfigId},\\\"name\\\":${zoneConfigName},\\\"type\\\":${zoneConfigType},\\\"dnsServerGroupId\\\":${zoneConfigDnsServerGroupId},\\\"dnsSecMode\\\":${zoneConfigDnsSecMode},\\\"emailAddress\\\":${zoneConfigEmailAddress},\\\"soaValues\\\":{\\\"expire\\\":${zoneConfigExpire},\\\"negativeTtl\\\":${zoneConfigNegativeTtl},\\\"refresh\\\":${zoneConfigRefresh},\\\"retry\\\":${zoneConfigRetry},\\\"ttl\\\":${zoneConfigTtl}},\\\"templateValues\\\":${zoneConfigTemplateValues}},\\\"recordsToAdd\\\":[{\\\"name\\\":\\\"${fulldomain}\\\",\\\"type\\\":\\\"TXT\\\",\\\"content\\\":\\\"\\\\\\\"${txtvalue}\\\\\\\"\\\",\\\"ttl\\\":3600}]}\"\n curResult=\"$(_post \"${curData}\" \"${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate\")\"\n _debug \"Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'\"\n _debug \"Result of zoneUpdate: '$curResult'\"\n if _contains \"${curResult}\" '\"status\": \"error\"'; then\n if _contains \"${curResult}\" '\"code\": 10109'; then\n _err \"The API-Key is invalid or could not be found\"\n else\n _err \"UNKNOWN API ERROR\"\n fi\n return 1\n fi\n return 0\n}\n\n_hostingde_removeRecord() {\n _info \"Removing record from zone\"\n _hostingde_getZoneStatus\n _debug \"Result of zoneStatus: '$zoneStatus'\"\n while [ \"$zoneStatus\" != \"\\\"active\\\"\" ]; do\n _sleep 5\n _hostingde_getZoneStatus\n _debug \"Result of zoneStatus: '$zoneStatus'\"\n done\n curData=\"{\\\"authToken\\\":\\\"${HOSTINGDE_APIKEY}\\\",\\\"zoneConfig\\\":{\\\"id\\\":${zoneConfigId},\\\"name\\\":${zoneConfigName},\\\"type\\\":${zoneConfigType},\\\"dnsServerGroupId\\\":${zoneConfigDnsServerGroupId},\\\"dnsSecMode\\\":${zoneConfigDnsSecMode},\\\"emailAddress\\\":${zoneConfigEmailAddress},\\\"soaValues\\\":{\\\"expire\\\":${zoneConfigExpire},\\\"negativeTtl\\\":${zoneConfigNegativeTtl},\\\"refresh\\\":${zoneConfigRefresh},\\\"retry\\\":${zoneConfigRetry},\\\"ttl\\\":${zoneConfigTtl}},\\\"templateValues\\\":${zoneConfigTemplateValues}},\\\"recordsToDelete\\\":[{\\\"name\\\":\\\"${fulldomain}\\\",\\\"type\\\":\\\"TXT\\\",\\\"content\\\":\\\"\\\\\\\"${txtvalue}\\\\\\\"\\\"}]}\"\n curResult=\"$(_post \"${curData}\" \"${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate\")\"\n _debug \"Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'\"\n _debug \"Result of zoneUpdate: '$curResult'\"\n if _contains \"${curResult}\" '\"status\": \"error\"'; then\n if _contains \"${curResult}\" '\"code\": 10109'; then\n _err \"The API-Key is invalid or could not be found\"\n else\n _err \"UNKNOWN API ERROR\"\n fi\n return 1\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_hostup.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034,SC2154\n\ndns_hostup_info='HostUp DNS\nSite: hostup.se\nDocs: https://developer.hostup.se/\nOptions:\n HOSTUP_API_KEY Required. HostUp API key with read:dns + write:dns + read:domains scopes.\n HOSTUP_API_BASE Optional. Override API base URL (default: https://cloud.hostup.se/api).\n HOSTUP_TTL Optional. TTL for TXT records (default: 60 seconds).\n HOSTUP_ZONE_ID Optional. Force a specific zone ID (skip auto-detection).\nAuthor: HostUp (https://cloud.hostup.se/contact/en)\n'\n\nHOSTUP_API_BASE_DEFAULT=\"https://cloud.hostup.se/api\"\nHOSTUP_DEFAULT_TTL=60\n\n# Public: add TXT record\n# Usage: dns_hostup_add _acme-challenge.example.com \"txt-value\"\ndns_hostup_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Using HostUp DNS API\"\n\n if ! _hostup_init; then\n return 1\n fi\n\n if ! _hostup_detect_zone \"$fulldomain\"; then\n _err \"Unable to determine HostUp zone for $fulldomain\"\n return 1\n fi\n\n record_name=\"$(_hostup_record_name \"$fulldomain\" \"$HOSTUP_ZONE_DOMAIN\")\"\n record_name=\"$(_hostup_sanitize_name \"$record_name\")\"\n record_value=\"$(_hostup_json_escape \"$txtvalue\")\"\n\n ttl=\"${HOSTUP_TTL:-$HOSTUP_DEFAULT_TTL}\"\n\n _debug \"zone_id\" \"$HOSTUP_ZONE_ID\"\n _debug \"zone_domain\" \"$HOSTUP_ZONE_DOMAIN\"\n _debug \"record_name\" \"$record_name\"\n _debug \"ttl\" \"$ttl\"\n\n request_body=\"{\\\"name\\\":\\\"$record_name\\\",\\\"type\\\":\\\"TXT\\\",\\\"value\\\":\\\"$record_value\\\",\\\"ttl\\\":$ttl}\"\n\n if ! _hostup_rest \"POST\" \"/dns/zones/$HOSTUP_ZONE_ID/records\" \"$request_body\"; then\n return 1\n fi\n\n if ! _contains \"$_hostup_response\" '\"success\":true'; then\n _err \"HostUp DNS API: failed to create TXT record for $fulldomain\"\n _debug2 \"_hostup_response\" \"$_hostup_response\"\n return 1\n fi\n\n record_id=\"$(_hostup_extract_record_id \"$_hostup_response\")\"\n if [ -n \"$record_id\" ]; then\n _hostup_save_record_id \"$HOSTUP_ZONE_ID\" \"$fulldomain\" \"$record_id\"\n _debug \"hostup_saved_record_id\" \"$record_id\"\n fi\n\n _info \"Added TXT record for $fulldomain\"\n return 0\n}\n\n# Public: remove TXT record\n# Usage: dns_hostup_rm _acme-challenge.example.com \"txt-value\"\ndns_hostup_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Using HostUp DNS API\"\n\n if ! _hostup_init; then\n return 1\n fi\n\n if ! _hostup_detect_zone \"$fulldomain\"; then\n _err \"Unable to determine HostUp zone for $fulldomain\"\n return 1\n fi\n\n record_name_fqdn=\"$(_hostup_fqdn \"$fulldomain\")\"\n record_value=\"$txtvalue\"\n\n record_id_cached=\"$(_hostup_get_saved_record_id \"$HOSTUP_ZONE_ID\" \"$fulldomain\")\"\n if [ -n \"$record_id_cached\" ]; then\n _debug \"hostup_record_id_cached\" \"$record_id_cached\"\n if _hostup_delete_record_by_id \"$HOSTUP_ZONE_ID\" \"$record_id_cached\"; then\n _info \"Deleted TXT record $record_id_cached\"\n _hostup_clear_record_id \"$HOSTUP_ZONE_ID\" \"$fulldomain\"\n HOSTUP_ZONE_ID=\"\"\n return 0\n fi\n fi\n\n if ! _hostup_find_record \"$HOSTUP_ZONE_ID\" \"$record_name_fqdn\" \"$record_value\"; then\n _info \"TXT record not found for $record_name_fqdn. Skipping removal.\"\n _hostup_clear_record_id \"$HOSTUP_ZONE_ID\" \"$fulldomain\"\n return 0\n fi\n\n _debug \"Deleting record\" \"$HOSTUP_RECORD_ID\"\n\n if ! _hostup_delete_record_by_id \"$HOSTUP_ZONE_ID\" \"$HOSTUP_RECORD_ID\"; then\n return 1\n fi\n\n _info \"Deleted TXT record $HOSTUP_RECORD_ID\"\n _hostup_clear_record_id \"$HOSTUP_ZONE_ID\" \"$fulldomain\"\n HOSTUP_ZONE_ID=\"\"\n return 0\n}\n\n##########################\n# Private helper methods #\n##########################\n\n_hostup_init() {\n HOSTUP_API_KEY=\"${HOSTUP_API_KEY:-$(_readaccountconf_mutable HOSTUP_API_KEY)}\"\n HOSTUP_API_BASE=\"${HOSTUP_API_BASE:-$(_readaccountconf_mutable HOSTUP_API_BASE)}\"\n HOSTUP_TTL=\"${HOSTUP_TTL:-$(_readaccountconf_mutable HOSTUP_TTL)}\"\n HOSTUP_ZONE_ID=\"${HOSTUP_ZONE_ID:-$(_readaccountconf_mutable HOSTUP_ZONE_ID)}\"\n\n if [ -z \"$HOSTUP_API_BASE\" ]; then\n HOSTUP_API_BASE=\"$HOSTUP_API_BASE_DEFAULT\"\n fi\n\n if [ -z \"$HOSTUP_API_KEY\" ]; then\n HOSTUP_API_KEY=\"\"\n _err \"HOSTUP_API_KEY is not set.\"\n _err \"Please export your HostUp API key with read:dns and write:dns scopes.\"\n return 1\n fi\n\n _saveaccountconf_mutable HOSTUP_API_KEY \"$HOSTUP_API_KEY\"\n _saveaccountconf_mutable HOSTUP_API_BASE \"$HOSTUP_API_BASE\"\n\n if [ -n \"$HOSTUP_TTL\" ]; then\n _saveaccountconf_mutable HOSTUP_TTL \"$HOSTUP_TTL\"\n fi\n\n if [ -n \"$HOSTUP_ZONE_ID\" ]; then\n _saveaccountconf_mutable HOSTUP_ZONE_ID \"$HOSTUP_ZONE_ID\"\n fi\n\n return 0\n}\n\n_hostup_detect_zone() {\n fulldomain=\"$1\"\n\n if [ -n \"$HOSTUP_ZONE_ID\" ] && [ -n \"$HOSTUP_ZONE_DOMAIN\" ]; then\n return 0\n fi\n\n HOSTUP_ZONE_DOMAIN=\"\"\n _debug \"hostup_full_domain\" \"$fulldomain\"\n\n if [ -n \"$HOSTUP_ZONE_ID\" ] && [ -z \"$HOSTUP_ZONE_DOMAIN\" ]; then\n # Attempt to fetch domain name for provided zone ID\n if _hostup_fetch_zone_details \"$HOSTUP_ZONE_ID\"; then\n return 0\n fi\n HOSTUP_ZONE_ID=\"\"\n fi\n\n if ! _hostup_load_zones; then\n return 1\n fi\n\n _domain_candidate=\"$(printf \"%s\" \"$fulldomain\" | _lower_case)\"\n _debug \"hostup_initial_candidate\" \"$_domain_candidate\"\n\n while [ -n \"$_domain_candidate\" ]; do\n _debug \"hostup_zone_candidate\" \"$_domain_candidate\"\n if _hostup_lookup_zone \"$_domain_candidate\"; then\n HOSTUP_ZONE_DOMAIN=\"$_lookup_zone_domain\"\n HOSTUP_ZONE_ID=\"$_lookup_zone_id\"\n return 0\n fi\n\n case \"$_domain_candidate\" in\n *.*) ;;\n *) break ;;\n esac\n\n _domain_candidate=\"${_domain_candidate#*.}\"\n done\n\n HOSTUP_ZONE_ID=\"\"\n return 1\n}\n\n_hostup_record_name() {\n fulldomain=\"$1\"\n zonedomain=\"$2\"\n\n # Remove trailing dot, if any\n fulldomain=\"${fulldomain%.}\"\n zonedomain=\"${zonedomain%.}\"\n\n if [ \"$fulldomain\" = \"$zonedomain\" ]; then\n printf \"%s\" \"@\"\n return 0\n fi\n\n suffix=\".$zonedomain\"\n case \"$fulldomain\" in\n *\"$suffix\")\n printf \"%s\" \"${fulldomain%\"$suffix\"}\"\n ;;\n *)\n # Domain not within zone, fall back to full host\n printf \"%s\" \"$fulldomain\"\n ;;\n esac\n}\n\n_hostup_sanitize_name() {\n name=\"$1\"\n\n if [ -z \"$name\" ] || [ \"$name\" = \".\" ]; then\n printf \"%s\" \"@\"\n return 0\n fi\n\n # Remove any trailing dot\n name=\"${name%.}\"\n printf \"%s\" \"$name\"\n}\n\n_hostup_fqdn() {\n domain=\"$1\"\n printf \"%s\" \"${domain%.}\"\n}\n\n_hostup_fetch_zone_details() {\n zone_id=\"$1\"\n\n if ! _hostup_rest \"GET\" \"/dns/zones/$zone_id/records\" \"\"; then\n return 1\n fi\n\n zonedomain=\"$(printf \"%s\" \"$_hostup_response\" | _egrep_o '\"domain\":\"[^\"]*\"' | sed -n '1p' | cut -d ':' -f 2 | tr -d '\"')\"\n if [ -n \"$zonedomain\" ]; then\n HOSTUP_ZONE_DOMAIN=\"$zonedomain\"\n return 0\n fi\n\n return 1\n}\n\n_hostup_load_zones() {\n if ! _hostup_rest \"GET\" \"/dns/zones\" \"\"; then\n return 1\n fi\n\n HOSTUP_ZONES_CACHE=\"\"\n data=\"$(printf \"%s\" \"$_hostup_response\" | tr '{' '\\n')\"\n\n while IFS= read -r line; do\n case \"$line\" in\n *'\"domain_id\"'*'\"domain\"'*)\n zone_id=\"$(printf \"%s\" \"$line\" | _hostup_json_extract \"domain_id\")\"\n zone_domain=\"$(printf \"%s\" \"$line\" | _hostup_json_extract \"domain\")\"\n if [ -n \"$zone_id\" ] && [ -n \"$zone_domain\" ]; then\n HOSTUP_ZONES_CACHE=\"${HOSTUP_ZONES_CACHE}${zone_domain}|${zone_id}\n\"\n _debug \"hostup_zone_loaded\" \"$zone_domain|$zone_id\"\n fi\n ;;\n esac\n done </dev/null\n else\n _post \"${_post_body}\" \"${dns_api}/v2/zones/${zoneid}/recordsets/${_record_id}\" false \"PUT\" >/dev/null\n fi\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n if [ \"$_code\" != \"202\" ]; then\n _err \"dns_huaweicloud: http code ${_code}\"\n return 1\n fi\n return 0\n}\n\n# _rm_record $token $zoneid $recordid\n# assume ${dns_api} exist\n# no output\n# return 0\n_rm_record() {\n _token=$1\n _zone_id=$2\n _record_id=$3\n\n export _H2=\"Content-Type: application/json\"\n export _H1=\"X-Auth-Token: ${_token}\"\n\n _post \"\" \"${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}\" false \"DELETE\" >/dev/null\n return $?\n}\n\n_get_token() {\n _username=$1\n _password=$2\n _domain_name=$3\n\n _debug \"Getting Token\"\n body=\"{\n \\\"auth\\\": {\n \\\"identity\\\": {\n \\\"methods\\\": [\n \\\"password\\\"\n ],\n \\\"password\\\": {\n \\\"user\\\": {\n \\\"name\\\": \\\"${_username}\\\",\n \\\"password\\\": \\\"${_password}\\\",\n \\\"domain\\\": {\n \\\"name\\\": \\\"${_domain_name}\\\"\n }\n }\n }\n },\n \\\"scope\\\": {\n \\\"project\\\": {\n \\\"name\\\": \\\"ap-southeast-1\\\"\n }\n }\n }\n }\"\n export _H1=\"Content-Type: application/json;charset=utf8\"\n _post \"${body}\" \"${iam_api}/v3/auth/tokens\" >/dev/null\n _code=$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\n _token=$(grep \"^X-Subject-Token\" \"$HTTP_HEADER\" | cut -d \" \" -f 2-)\n _secure_debug \"${_code}\"\n printf \"%s\" \"${_token}\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_infoblox.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_infoblox_info='Infoblox.com\nSite: Infoblox.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_infoblox\nOptions:\n Infoblox_Creds Credentials. E.g. \"username:password\"\n Infoblox_Server Server hostname. IP or FQDN of infoblox appliance\nIssues: github.com/jasonkeller/acme.sh\nAuthor: Jason Keller, Elijah Tenai\n'\n\ndns_infoblox_add() {\n\n ## Nothing to see here, just some housekeeping\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using Infoblox API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ## Check for the credentials\n if [ -z \"$Infoblox_Creds\" ] || [ -z \"$Infoblox_Server\" ]; then\n Infoblox_Creds=\"\"\n Infoblox_Server=\"\"\n _err \"You didn't specify the Infoblox credentials or server (Infoblox_Creds; Infoblox_Server).\"\n _err \"Please set them via EXPORT Infoblox_Creds=username:password or EXPORT Infoblox_server=ip/hostname and try again.\"\n return 1\n fi\n\n if [ -z \"$Infoblox_View\" ]; then\n _info \"No Infoblox_View set, using fallback value 'default'\"\n Infoblox_View=\"default\"\n fi\n\n ## Save the credentials to the account file\n _saveaccountconf Infoblox_Creds \"$Infoblox_Creds\"\n _saveaccountconf Infoblox_Server \"$Infoblox_Server\"\n _saveaccountconf Infoblox_View \"$Infoblox_View\"\n\n ## URLencode Infoblox View to deal with e.g. spaces\n Infoblox_ViewEncoded=$(printf \"%b\" \"$Infoblox_View\" | _url_encode)\n\n ## Base64 encode the credentials\n Infoblox_CredsEncoded=$(printf \"%b\" \"$Infoblox_Creds\" | _base64)\n\n ## Construct the HTTP Authorization header\n export _H1=\"Accept-Language:en-US\"\n export _H2=\"Authorization: Basic $Infoblox_CredsEncoded\"\n\n ## Construct the request URL\n baseurlnObject=\"https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}\"\n\n ## Add the challenge record to the Infoblox grid member\n result=\"$(_post \"\" \"$baseurlnObject\" \"\" \"POST\")\"\n\n ## Let's see if we get something intelligible back from the unit\n if [ \"$(echo \"$result\" | _egrep_o \"record:txt/.*:.*/${Infoblox_ViewEncoded}\")\" ]; then\n _info \"Successfully created the txt record\"\n return 0\n else\n _err \"Error encountered during record addition\"\n _err \"$result\"\n return 1\n fi\n\n}\n\ndns_infoblox_rm() {\n\n ## Nothing to see here, just some housekeeping\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using Infoblox API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n ## URLencode Infoblox View to deal with e.g. spaces\n Infoblox_ViewEncoded=$(printf \"%b\" \"$Infoblox_View\" | _url_encode)\n\n ## Base64 encode the credentials\n Infoblox_CredsEncoded=\"$(printf \"%b\" \"$Infoblox_Creds\" | _base64)\"\n\n ## Construct the HTTP Authorization header\n export _H1=\"Accept-Language:en-US\"\n export _H2=\"Authorization: Basic $Infoblox_CredsEncoded\"\n\n ## Does the record exist? Let's check.\n baseurlnObject=\"https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}&_return_type=xml-pretty\"\n result=\"$(_get \"$baseurlnObject\")\"\n\n ## Let's see if we get something intelligible back from the grid\n if [ \"$(echo \"$result\" | _egrep_o \"record:txt/.*:.*/${Infoblox_ViewEncoded}\")\" ]; then\n ## Extract the object reference\n objRef=\"$(printf \"%b\" \"$result\" | _egrep_o \"record:txt/.*:.*/${Infoblox_ViewEncoded}\")\"\n objRmUrl=\"https://$Infoblox_Server/wapi/v2.2.2/$objRef\"\n ## Delete them! All the stale records!\n rmResult=\"$(_post \"\" \"$objRmUrl\" \"\" \"DELETE\")\"\n ## Let's see if that worked\n if [ \"$(echo \"$rmResult\" | _egrep_o \"record:txt/.*:.*/${Infoblox_ViewEncoded}\")\" ]; then\n _info \"Successfully deleted $objRef\"\n return 0\n else\n _err \"Error occurred during txt record delete\"\n _err \"$rmResult\"\n return 1\n fi\n else\n _err \"Record to delete didn't match an existing record\"\n _err \"$result\"\n return 1\n fi\n}\n\n#################### Private functions below ##################################\n"
},
{
"path": "dnsapi/dns_infoblox_uddi.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_infoblox_uddi_info='Infoblox UDDI\nSite: Infoblox.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infoblox_uddi\nOptions:\n Infoblox_UDDI_Key API Key for Infoblox UDDI\n Infoblox_Portal URL, e.g. \"csp.infoblox.com\" or \"csp.eu.infoblox.com\"\nIssues: github.com/acmesh-official/acme.sh/issues\nAuthor: Stefan Riegel\n'\n\nInfoblox_UDDI_Api=\"https://\"\n\n######## Public functions #####################\n\n#Usage: dns_infoblox_uddi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_infoblox_uddi_add() {\n fulldomain=$1\n txtvalue=$2\n\n Infoblox_UDDI_Key=\"${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}\"\n Infoblox_Portal=\"${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}\"\n\n _info \"Using Infoblox UDDI API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if [ -z \"$Infoblox_UDDI_Key\" ] || [ -z \"$Infoblox_Portal\" ]; then\n Infoblox_UDDI_Key=\"\"\n Infoblox_Portal=\"\"\n _err \"You didn't specify the Infoblox UDDI key or server (Infoblox_UDDI_Key; Infoblox_Portal).\"\n _err \"Please set them via EXPORT Infoblox_UDDI_Key=your_key, EXPORT Infoblox_Portal=csp.infoblox.com and try again.\"\n return 1\n fi\n\n _saveaccountconf_mutable Infoblox_UDDI_Key \"$Infoblox_UDDI_Key\"\n _saveaccountconf_mutable Infoblox_Portal \"$Infoblox_Portal\"\n\n export _H1=\"Authorization: Token $Infoblox_UDDI_Key\"\n export _H2=\"Content-Type: application/json\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting existing txt records\"\n _infoblox_rest GET \"dns/record?_filter=type%20eq%20'TXT'%20and%20name_in_zone%20eq%20'$_sub_domain'%20and%20zone%20eq%20'$_domain_id'\"\n\n _info \"Adding record\"\n body=\"{\\\"type\\\":\\\"TXT\\\",\\\"name_in_zone\\\":\\\"$_sub_domain\\\",\\\"zone\\\":\\\"$_domain_id\\\",\\\"ttl\\\":120,\\\"inheritance_sources\\\":{\\\"ttl\\\":{\\\"action\\\":\\\"override\\\"}},\\\"rdata\\\":{\\\"text\\\":\\\"$txtvalue\\\"}}\"\n\n if _infoblox_rest POST \"dns/record\" \"$body\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n return 0\n elif _contains \"$response\" '\"error\"'; then\n # Check if record already exists\n if _contains \"$response\" \"already exists\" || _contains \"$response\" \"duplicate\"; then\n _info \"Already exists, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n _err \"Response: $response\"\n return 1\n fi\n else\n _info \"Added, OK\"\n return 0\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n}\n\n#Usage: dns_infoblox_uddi_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_infoblox_uddi_rm() {\n fulldomain=$1\n txtvalue=$2\n\n Infoblox_UDDI_Key=\"${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}\"\n Infoblox_Portal=\"${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}\"\n\n if [ -z \"$Infoblox_UDDI_Key\" ] || [ -z \"$Infoblox_Portal\" ]; then\n _err \"Credentials not found\"\n return 1\n fi\n\n _info \"Using Infoblox UDDI API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n export _H1=\"Authorization: Token $Infoblox_UDDI_Key\"\n export _H2=\"Content-Type: application/json\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records to delete\"\n # Filter by txtvalue to support wildcard certs (multiple TXT records)\n filter=\"type%20eq%20'TXT'%20and%20name_in_zone%20eq%20'$_sub_domain'%20and%20zone%20eq%20'$_domain_id'%20and%20rdata.text%20eq%20'$txtvalue'\"\n _infoblox_rest GET \"dns/record?_filter=$filter\"\n\n if ! _contains \"$response\" '\"results\"'; then\n _info \"Don't need to remove, record not found.\"\n return 0\n fi\n\n record_id=$(echo \"$response\" | _egrep_o '\"id\":[[:space:]]*\"[^\"]*\"' | _head_n 1 | cut -d '\"' -f 4)\n _debug \"record_id\" \"$record_id\"\n\n if [ -z \"$record_id\" ]; then\n _info \"Don't need to remove, record not found.\"\n return 0\n fi\n\n # Extract UUID from the full record ID (format: dns/record/uuid)\n record_uuid=$(echo \"$record_id\" | sed 's|.*/||')\n _debug \"record_uuid\" \"$record_uuid\"\n\n if ! _infoblox_rest DELETE \"dns/record/$record_uuid\"; then\n _err \"Delete record error.\"\n return 1\n fi\n\n _info \"Removed record successfully\"\n return 0\n}\n\n#################### Private functions below ##################################\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=dns/auth_zone/xxxx-xxxx\n_get_root() {\n domain=$1\n i=1\n p=1\n\n # Remove _acme-challenge prefix if present\n domain_no_acme=$(echo \"$domain\" | sed 's/^_acme-challenge\\.//')\n\n while true; do\n h=$(printf \"%s\" \"$domain_no_acme\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n # not valid\n return 1\n fi\n\n # Query for the zone with both trailing dot and without\n filter=\"fqdn%20eq%20'$h.'%20or%20fqdn%20eq%20'$h'\"\n if ! _infoblox_rest GET \"dns/auth_zone?_filter=$filter\"; then\n # API error - don't continue if we get auth errors\n if _contains \"$response\" \"401\" || _contains \"$response\" \"Authorization\"; then\n _err \"Authentication failed. Please check your Infoblox_UDDI_Key.\"\n return 1\n fi\n # For other errors, continue to parent domain\n p=$i\n i=$((i + 1))\n continue\n fi\n\n # Check if response contains results (even if empty)\n if _contains \"$response\" '\"results\"'; then\n # Extract zone ID - must match the pattern dns/auth_zone/...\n zone_id=$(echo \"$response\" | _egrep_o '\"id\":[[:space:]]*\"dns/auth_zone/[^\"]*\"' | _head_n 1 | cut -d '\"' -f 4)\n if [ -n \"$zone_id\" ]; then\n # Found the zone\n _domain=\"$h\"\n _domain_id=\"$zone_id\"\n\n # Calculate subdomain\n if [ \"$_domain\" = \"$domain\" ]; then\n _sub_domain=\"\"\n else\n _cutlength=$((${#domain} - ${#_domain} - 1))\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -c \"1-$_cutlength\")\n fi\n\n return 0\n fi\n fi\n\n p=$i\n i=$((i + 1))\n done\n\n return 1\n}\n\n# _infoblox_rest GET \"dns/record?_filter=...\"\n# _infoblox_rest POST \"dns/record\" \"{json body}\"\n# _infoblox_rest DELETE \"dns/record/uuid\"\n_infoblox_rest() {\n method=$1\n ep=\"$2\"\n data=\"$3\"\n\n _debug \"$ep\"\n\n # Ensure credentials are available (when called from _get_root)\n Infoblox_UDDI_Key=\"${Infoblox_UDDI_Key:-$(_readaccountconf_mutable Infoblox_UDDI_Key)}\"\n Infoblox_Portal=\"${Infoblox_Portal:-$(_readaccountconf_mutable Infoblox_Portal)}\"\n\n Infoblox_UDDI_Api=\"https://$Infoblox_Portal/api/ddi/v1\"\n export _H1=\"Authorization: Token $Infoblox_UDDI_Key\"\n export _H2=\"Content-Type: application/json\"\n\n # Debug (masked)\n _tok_len=$(printf \"%s\" \"$Infoblox_UDDI_Key\" | wc -c | tr -d ' \\n')\n _debug2 \"Auth header set\" \"Token len=${_tok_len} on $Infoblox_Portal\"\n\n if [ \"$method\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$Infoblox_UDDI_Api/$ep\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$Infoblox_UDDI_Api/$ep\")\"\n fi\n\n _ret=\"$?\"\n _debug2 response \"$response\"\n\n if [ \"$_ret\" != \"0\" ]; then\n _err \"Error: $ep\"\n return 1\n fi\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_infomaniak.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_infomaniak_info='Infomaniak.com\nSite: Infomaniak.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak\nOptions:\n INFOMANIAK_API_TOKEN API Token\nIssues: github.com/acmesh-official/acme.sh/issues/3188\n\n'\n\n# To use this API you need visit the API dashboard of your account.\n# Note: the URL looks like this:\n# https://manager.infomaniak.com/v3//ng/profile/user/token/list\n# Then generate a token with following scopes :\n# - domain:read\n# - dns:read\n# - dns:write\n# this is given as an environment variable INFOMANIAK_API_TOKEN\n\n# base variables\n\nDEFAULT_INFOMANIAK_API_URL=\"https://api.infomaniak.com\"\nDEFAULT_INFOMANIAK_TTL=300\n\n######## Public functions #####################\n\n#Usage: dns_infomaniak_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_infomaniak_add() {\n\n INFOMANIAK_API_TOKEN=\"${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}\"\n INFOMANIAK_API_URL=\"${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}\"\n INFOMANIAK_TTL=\"${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}\"\n\n if [ -z \"$INFOMANIAK_API_TOKEN\" ]; then\n INFOMANIAK_API_TOKEN=\"\"\n _err \"Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN\"\n return 1\n fi\n\n if [ -z \"$INFOMANIAK_API_URL\" ]; then\n INFOMANIAK_API_URL=\"$DEFAULT_INFOMANIAK_API_URL\"\n fi\n\n if [ -z \"$INFOMANIAK_TTL\" ]; then\n INFOMANIAK_TTL=\"$DEFAULT_INFOMANIAK_TTL\"\n fi\n\n #save the token to the account conf file.\n _saveaccountconf_mutable INFOMANIAK_API_TOKEN \"$INFOMANIAK_API_TOKEN\"\n\n if [ \"$INFOMANIAK_API_URL\" != \"$DEFAULT_INFOMANIAK_API_URL\" ]; then\n _saveaccountconf_mutable INFOMANIAK_API_URL \"$INFOMANIAK_API_URL\"\n fi\n\n if [ \"$INFOMANIAK_TTL\" != \"$DEFAULT_INFOMANIAK_TTL\" ]; then\n _saveaccountconf_mutable INFOMANIAK_TTL \"$INFOMANIAK_TTL\"\n fi\n\n export _H1=\"Authorization: Bearer $INFOMANIAK_API_TOKEN\"\n export _H2=\"Content-Type: application/json\"\n\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n _info \"Infomaniak DNS API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n # guess which base domain to add record to\n zone=$(_get_zone \"$fulldomain\")\n if [ -z \"$zone\" ]; then\n _err \"cannot find zone:<${zone}> to modify\"\n return 1\n fi\n\n # extract first part of domain\n key=${fulldomain%.\"$zone\"}\n\n _debug \"key:$key\"\n _debug \"txtvalue: $txtvalue\"\n\n # payload\n data=\"{\\\"type\\\": \\\"TXT\\\", \\\"source\\\": \\\"$key\\\", \\\"target\\\": \\\"$txtvalue\\\", \\\"ttl\\\": $INFOMANIAK_TTL}\"\n\n # API call\n response=$(_post \"$data\" \"${INFOMANIAK_API_URL}/2/zones/${zone}/records\")\n if [ -n \"$response\" ]; then\n if [ ! \"$(echo \"$response\" | _contains '\"result\":\"success\"')\" ]; then\n _info \"Record added\"\n _debug \"response: $response\"\n return 0\n fi\n fi\n _err \"Could not create record.\"\n _debug \"Response: $response\"\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_infomaniak_rm() {\n\n INFOMANIAK_API_TOKEN=\"${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}\"\n INFOMANIAK_API_URL=\"${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}\"\n INFOMANIAK_TTL=\"${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}\"\n\n if [ -z \"$INFOMANIAK_API_TOKEN\" ]; then\n INFOMANIAK_API_TOKEN=\"\"\n _err \"Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN.\"\n return 1\n fi\n\n if [ -z \"$INFOMANIAK_API_URL\" ]; then\n INFOMANIAK_API_URL=\"$DEFAULT_INFOMANIAK_API_URL\"\n fi\n\n if [ -z \"$INFOMANIAK_TTL\" ]; then\n INFOMANIAK_TTL=\"$DEFAULT_INFOMANIAK_TTL\"\n fi\n\n #save the token to the account conf file.\n _saveaccountconf_mutable INFOMANIAK_API_TOKEN \"$INFOMANIAK_API_TOKEN\"\n\n if [ \"$INFOMANIAK_API_URL\" != \"$DEFAULT_INFOMANIAK_API_URL\" ]; then\n _saveaccountconf_mutable INFOMANIAK_API_URL \"$INFOMANIAK_API_URL\"\n fi\n\n if [ \"$INFOMANIAK_TTL\" != \"$DEFAULT_INFOMANIAK_TTL\" ]; then\n _saveaccountconf_mutable INFOMANIAK_TTL \"$INFOMANIAK_TTL\"\n fi\n\n export _H1=\"Authorization: Bearer $INFOMANIAK_API_TOKEN\"\n export _H2=\"ContentType: application/json\"\n\n fulldomain=$1\n txtvalue=$2\n _info \"Infomaniak DNS API\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n # guess which base domain to add record to\n zone=$(_get_zone \"$fulldomain\")\n if [ -z \"$zone\" ]; then\n _err \"cannot find zone:<$zone> to modify\"\n return 1\n fi\n\n # extract first part of domain\n key=${fulldomain%.\"$zone\"}\n key=$(echo \"$key\" | _lower_case)\n\n _debug \"zone:$zone\"\n _debug \"key:$key\"\n\n # find previous record\n # shellcheck disable=SC2086\n response=$(_get \"${INFOMANIAK_API_URL}/2/zones/${zone}/records\" | sed 's/.*\"data\":\\[\\(.*\\)\\]}/\\1/; s/},{/}{/g')\n record_id=$(echo \"$response\" | sed -n 's/.*\"id\":\"*\\([0-9]*\\)\"*.*\"source\":\"'\"$key\"'\".*\"target\":\"\\\\\"'\"$txtvalue\"'\\\\\"\".*/\\1/p')\n _debug \"key: $key\"\n _debug \"txtvalue: $txtvalue\"\n _debug \"record_id: $record_id\"\n\n if [ -z \"$record_id\" ]; then\n _err \"could not find record to delete\"\n _debug \"response: $response\"\n return 1\n fi\n\n # API call\n response=$(_post \"\" \"${INFOMANIAK_API_URL}/2/zones/${zone}/records/${record_id}\" \"\" DELETE)\n if [ -n \"$response\" ]; then\n if [ ! \"$(echo \"$response\" | _contains '\"result\":\"success\"')\" ]; then\n _info \"Record deleted\"\n return 0\n fi\n fi\n _err \"Could not delete record.\"\n _debug \"Response: $response\"\n return 1\n}\n\n#################### Private functions below ##################################\n\n_get_zone() {\n domain=\"$1\"\n # Whatever the domain is, you can get the fqdn with the following.\n # shellcheck disable=SC1004\n response=$(_get \"${INFOMANIAK_API_URL}/2/domains/${domain}/zones\" | sed 's/.*\\[{\"fqdn\"\\:\"\\(.*\\)/\\1/')\n echo \"${response%%\\\"*}\"\n}\n"
},
{
"path": "dnsapi/dns_internetbs.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_internetbs_info='InternetBS.net\nSite: InternetBS.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_internetbs\nOptions:\n INTERNETBS_API_KEY API Key\n INTERNETBS_API_PASSWORD API Password\nIssues: github.com/acmesh-official/acme.sh/issues/2261\nAuthor: Ne-Lexa \n'\n\nINTERNETBS_API_URL=\"https://api.internet.bs\"\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_internetbs_add() {\n fulldomain=$1\n txtvalue=$2\n\n INTERNETBS_API_KEY=\"${INTERNETBS_API_KEY:-$(_readaccountconf_mutable INTERNETBS_API_KEY)}\"\n INTERNETBS_API_PASSWORD=\"${INTERNETBS_API_PASSWORD:-$(_readaccountconf_mutable INTERNETBS_API_PASSWORD)}\"\n\n if [ -z \"$INTERNETBS_API_KEY\" ] || [ -z \"$INTERNETBS_API_PASSWORD\" ]; then\n INTERNETBS_API_KEY=\"\"\n INTERNETBS_API_PASSWORD=\"\"\n _err \"You didn't specify the INTERNET.BS api key and password yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n _saveaccountconf_mutable INTERNETBS_API_KEY \"$INTERNETBS_API_KEY\"\n _saveaccountconf_mutable INTERNETBS_API_PASSWORD \"$INTERNETBS_API_PASSWORD\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # https://testapi.internet.bs/Domain/DnsRecord/Add?ApiKey=testapi&Password=testpass&FullRecordName=w3.test-api-domain7.net&Type=CNAME&Value=www.internet.bs%&ResponseFormat=json\n if _internetbs_rest POST \"Domain/DnsRecord/Add\" \"FullRecordName=${_sub_domain}.${_domain}&Type=TXT&Value=${txtvalue}&ResponseFormat=json\"; then\n if ! _contains \"$response\" \"\\\"status\\\":\\\"SUCCESS\\\"\"; then\n _err \"ERROR add TXT record\"\n _err \"$response\"\n return 1\n fi\n\n _info \"txt record add success.\"\n return 0\n fi\n\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_internetbs_rm() {\n fulldomain=$1\n txtvalue=$2\n\n INTERNETBS_API_KEY=\"${INTERNETBS_API_KEY:-$(_readaccountconf_mutable INTERNETBS_API_KEY)}\"\n INTERNETBS_API_PASSWORD=\"${INTERNETBS_API_PASSWORD:-$(_readaccountconf_mutable INTERNETBS_API_PASSWORD)}\"\n\n if [ -z \"$INTERNETBS_API_KEY\" ] || [ -z \"$INTERNETBS_API_PASSWORD\" ]; then\n INTERNETBS_API_KEY=\"\"\n INTERNETBS_API_PASSWORD=\"\"\n _err \"You didn't specify the INTERNET.BS api key and password yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n # https://testapi.internet.bs/Domain/DnsRecord/List?ApiKey=testapi&Password=testpass&Domain=test-api-domain7.net&FilterType=CNAME&ResponseFormat=json\n _internetbs_rest POST \"Domain/DnsRecord/List\" \"Domain=$_domain&FilterType=TXT&ResponseFormat=json\"\n\n if ! _contains \"$response\" \"\\\"status\\\":\\\"SUCCESS\\\"\"; then\n _err \"ERROR list dns records\"\n _err \"$response\"\n return 1\n fi\n\n if _contains \"$response\" \"\\name\\\":\\\"${_sub_domain}.${_domain}\\\"\"; then\n _info \"txt record find.\"\n\n # https://testapi.internet.bs/Domain/DnsRecord/Remove?ApiKey=testapi&Password=testpass&FullRecordName=www.test-api-domain7.net&Type=cname&ResponseFormat=json\n _internetbs_rest POST \"Domain/DnsRecord/Remove\" \"FullRecordName=${_sub_domain}.${_domain}&Type=TXT&ResponseFormat=json\"\n\n if ! _contains \"$response\" \"\\\"status\\\":\\\"SUCCESS\\\"\"; then\n _err \"ERROR remove dns record\"\n _err \"$response\"\n return 1\n fi\n\n _info \"txt record deleted success.\"\n return 0\n fi\n\n return 1\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=12345\n_get_root() {\n domain=$1\n i=2\n p=1\n\n # https://testapi.internet.bs/Domain/List?ApiKey=testapi&Password=testpass&CompactList=yes&ResponseFormat=json\n if _internetbs_rest POST \"Domain/List\" \"CompactList=yes&ResponseFormat=json\"; then\n\n if ! _contains \"$response\" \"\\\"status\\\":\\\"SUCCESS\\\"\"; then\n _err \"ERROR fetch domain list\"\n _err \"$response\"\n return 1\n fi\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"${i}\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"\\\"$h\\\"\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"${p}\")\n _domain=${h}\n return 0\n fi\n\n p=${i}\n i=$(_math \"$i\" + 1)\n done\n fi\n return 1\n}\n\n#Usage: method URI data\n_internetbs_rest() {\n m=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n url=\"${INTERNETBS_API_URL}/${ep}\"\n\n _debug url \"$url\"\n\n apiKey=\"$(printf \"%s\" \"${INTERNETBS_API_KEY}\" | _url_encode)\"\n password=\"$(printf \"%s\" \"${INTERNETBS_API_PASSWORD}\" | _url_encode)\"\n\n if [ \"$m\" = \"GET\" ]; then\n response=\"$(_get \"${url}?ApiKey=${apiKey}&Password=${password}&${data}\" | tr -d '\\r')\"\n else\n _debug2 data \"$data\"\n response=\"$(_post \"$data\" \"${url}?ApiKey=${apiKey}&Password=${password}\" | tr -d '\\r')\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_inwx.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_inwx_info='INWX.de\nSite: INWX.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_inwx\nOptions:\n INWX_User Username\n INWX_Password Password\n INWX_Shared_Secret 2 Factor Authentication Shared Secret (optional requires oathtool)\n'\n\n# Dependencies:\n# -------------\n# - oathtool (When using 2 Factor Authentication)\n\nINWX_Api=\"https://api.domrobot.com/xmlrpc/\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_inwx_add() {\n fulldomain=$1\n txtvalue=$2\n\n INWX_User=\"${INWX_User:-$(_readaccountconf_mutable INWX_User)}\"\n INWX_Password=\"${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}\"\n INWX_Shared_Secret=\"${INWX_Shared_Secret:-$(_readaccountconf_mutable INWX_Shared_Secret)}\"\n if [ -z \"$INWX_User\" ] || [ -z \"$INWX_Password\" ]; then\n INWX_User=\"\"\n INWX_Password=\"\"\n _err \"You don't specify inwx user and password yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable INWX_User \"$INWX_User\"\n _saveaccountconf_mutable INWX_Password \"$INWX_Password\"\n _saveaccountconf_mutable INWX_Shared_Secret \"$INWX_Shared_Secret\"\n\n if ! _inwx_login; then\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n _inwx_add_record \"$_domain\" \"$_sub_domain\" \"$txtvalue\"\n\n}\n\n#fulldomain txtvalue\ndns_inwx_rm() {\n\n fulldomain=$1\n txtvalue=$2\n\n INWX_User=\"${INWX_User:-$(_readaccountconf_mutable INWX_User)}\"\n INWX_Password=\"${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}\"\n INWX_Shared_Secret=\"${INWX_Shared_Secret:-$(_readaccountconf_mutable INWX_Shared_Secret)}\"\n if [ -z \"$INWX_User\" ] || [ -z \"$INWX_Password\" ]; then\n INWX_User=\"\"\n INWX_Password=\"\"\n _err \"You don't specify inwx user and password yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n if ! _inwx_login; then\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n\n xml_content=$(printf '\n \n nameserver.info\n \n \n \n \n \n domain\n \n %s\n \n \n \n type\n \n TXT\n \n \n \n name\n \n %s\n \n \n \n content\n \n %s\n \n \n \n \n \n \n ' \"$_domain\" \"$_sub_domain\" \"$txtvalue\")\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"Command completed successfully\"; then\n _err \"Error could not get txt records\"\n return 1\n fi\n\n if ! printf \"%s\" \"$response\" | grep \"count\" >/dev/null; then\n _info \"Do not need to delete record\"\n else\n _record_id=$(printf '%s' \"$response\" | _egrep_o '.*(record){1}(.*)([0-9]+){1}' | _egrep_o 'id<\\/name>[0-9]+' | _egrep_o '[0-9]+')\n _info \"Deleting record\"\n _inwx_delete_record \"$_record_id\"\n fi\n\n}\n\n#################### Private functions below ##################################\n\n_inwx_check_cookie() {\n INWX_Cookie=\"${INWX_Cookie:-$(_readaccountconf_mutable INWX_Cookie)}\"\n if [ -z \"$INWX_Cookie\" ]; then\n _debug \"No cached cookie found\"\n return 1\n fi\n _H1=\"$INWX_Cookie\"\n export _H1\n\n xml_content=$(printf '\n \n account.info\n ')\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n if _contains \"$response\" \"code1000\"; then\n _debug \"Cached cookie still valid\"\n return 0\n fi\n\n _debug \"Cached cookie no longer valid\"\n _H1=\"\"\n export _H1\n INWX_Cookie=\"\"\n _saveaccountconf_mutable INWX_Cookie \"$INWX_Cookie\"\n return 1\n}\n\n_htmlEscape() {\n _s=\"$1\"\n _s=$(echo \"$_s\" | sed \"s/&/&/g\")\n _s=$(echo \"$_s\" | sed \"s//\\>/g\")\n _s=$(echo \"$_s\" | sed 's/\"/\\"/g')\n printf -- %s \"$_s\"\n}\n\n_inwx_login() {\n\n if _inwx_check_cookie; then\n _debug \"Already logged in\"\n return 0\n fi\n\n XML_PASS=$(_htmlEscape \"$INWX_Password\")\n\n xml_content=$(printf '\n \n account.login\n \n \n \n \n \n user\n \n %s\n \n \n \n pass\n \n %s\n \n \n \n \n \n \n ' \"$INWX_User\" \"$XML_PASS\")\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n INWX_Cookie=$(printf \"Cookie: %s\" \"$(grep \"domrobot=\" \"$HTTP_HEADER\" | grep -i \"^Set-Cookie:\" | _tail_n 1 | _egrep_o 'domrobot=[^;]*;' | tr -d ';')\")\n _H1=$INWX_Cookie\n export _H1\n export INWX_Cookie\n _saveaccountconf_mutable INWX_Cookie \"$INWX_Cookie\"\n\n if ! _contains \"$response\" \"code1000\"; then\n _err \"INWX API: Authentication error (username/password correct?)\"\n return 1\n fi\n\n #https://github.com/inwx/php-client/blob/master/INWX/Domrobot.php#L71\n if _contains \"$response\" \"tfaGOOGLE-AUTH\"; then\n if [ -z \"$INWX_Shared_Secret\" ]; then\n _err \"INWX API: Mobile TAN detected.\"\n _err \"Please define a shared secret.\"\n return 1\n fi\n\n if ! _exists oathtool; then\n _err \"Please install oathtool to use 2 Factor Authentication.\"\n _err \"\"\n return 1\n fi\n\n tan=\"$(oathtool --base32 --totp \"${INWX_Shared_Secret}\" 2>/dev/null)\"\n\n xml_content=$(printf '\n \n account.unlock\n \n \n \n \n \n tan\n \n %s\n \n \n \n \n \n \n ' \"$tan\")\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"code1000\"; then\n _err \"INWX API: Mobile TAN not correct.\"\n return 1\n fi\n fi\n\n}\n\n_get_root() {\n domain=$1\n _debug \"get root\"\n\n domain=$1\n i=2\n p=1\n\n xml_content='\n \n nameserver.list\n \n \n \n \n \n pagelimit\n \n 9999\n \n \n \n \n \n \n '\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"$h\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n\n}\n\n_inwx_delete_record() {\n record_id=$1\n xml_content=$(printf '\n \n nameserver.deleteRecord\n \n \n \n \n \n id\n \n %s\n \n \n \n \n \n \n ' \"$record_id\")\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n if ! printf \"%s\" \"$response\" | grep \"Command completed successfully\" >/dev/null; then\n _err \"Error\"\n return 1\n fi\n return 0\n\n}\n\n_inwx_update_record() {\n record_id=$1\n txtval=$2\n xml_content=$(printf '\n \n nameserver.updateRecord\n \n \n \n \n \n content\n \n %s\n \n \n \n id\n \n %s\n \n \n \n \n \n \n ' \"$txtval\" \"$record_id\")\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n if ! printf \"%s\" \"$response\" | grep \"Command completed successfully\" >/dev/null; then\n _err \"Error\"\n return 1\n fi\n return 0\n\n}\n\n_inwx_add_record() {\n\n domain=$1\n sub_domain=$2\n txtval=$3\n\n xml_content=$(printf '\n \n nameserver.createRecord\n \n \n \n \n \n domain\n \n %s\n \n \n \n type\n \n TXT\n \n \n \n content\n \n %s\n \n \n \n name\n \n %s\n \n \n \n \n \n \n ' \"$domain\" \"$txtval\" \"$sub_domain\")\n\n response=\"$(_post \"$xml_content\" \"$INWX_Api\" \"\" \"POST\")\"\n\n if ! printf \"%s\" \"$response\" | grep \"Command completed successfully\" >/dev/null; then\n _err \"Error\"\n return 1\n fi\n return 0\n}\n"
},
{
"path": "dnsapi/dns_ionos.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ionos_info='IONOS.de\nSite: IONOS.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos\nOptions:\n IONOS_PREFIX Prefix\n IONOS_SECRET Secret\nIssues: github.com/acmesh-official/acme.sh/issues/3379\n'\n\nIONOS_API=\"https://api.hosting.ionos.com/dns\"\nIONOS_ROUTE_ZONES=\"/v1/zones\"\n\nIONOS_TXT_TTL=60 # minimum accepted by API\nIONOS_TXT_PRIO=10\n\ndns_ionos_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _ionos_init; then\n return 1\n fi\n\n _body=\"[{\\\"name\\\":\\\"$_sub_domain.$_domain\\\",\\\"type\\\":\\\"TXT\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":$IONOS_TXT_TTL,\\\"prio\\\":$IONOS_TXT_PRIO,\\\"disabled\\\":false}]\"\n\n if _ionos_rest POST \"$IONOS_ROUTE_ZONES/$_zone_id/records\" \"$_body\" && [ \"$_code\" = \"201\" ]; then\n _info \"TXT record has been created successfully.\"\n return 0\n fi\n\n return 1\n}\n\ndns_ionos_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _ionos_init; then\n return 1\n fi\n\n if ! _ionos_get_record \"$fulldomain\" \"$_zone_id\" \"$txtvalue\"; then\n _err \"Could not find _acme-challenge TXT record.\"\n return 1\n fi\n\n if _ionos_rest DELETE \"$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id\" && [ \"$_code\" = \"200\" ]; then\n _info \"TXT record has been deleted successfully.\"\n return 0\n fi\n\n return 1\n}\n\n_ionos_init() {\n IONOS_PREFIX=\"${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}\"\n IONOS_SECRET=\"${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}\"\n\n if [ -z \"$IONOS_PREFIX\" ] || [ -z \"$IONOS_SECRET\" ]; then\n _err \"You didn't specify an IONOS api prefix and secret yet.\"\n _err \"Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret.\"\n _err \"\"\n _err \"Then set them before calling acme.sh:\"\n _err \"\\$ export IONOS_PREFIX=\\\"...\\\"\"\n _err \"\\$ export IONOS_SECRET=\\\"...\\\"\"\n _err \"\\$ acme.sh --issue -d ... --dns dns_ionos\"\n return 1\n fi\n\n _saveaccountconf_mutable IONOS_PREFIX \"$IONOS_PREFIX\"\n _saveaccountconf_mutable IONOS_SECRET \"$IONOS_SECRET\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Cannot find this domain in your IONOS account.\"\n return 1\n fi\n}\n\n_get_root() {\n domain=$1\n i=1\n p=1\n\n if _ionos_rest GET \"$IONOS_ROUTE_ZONES\"; then\n _response=\"$(echo \"$_response\" | tr -d \"\\n\")\"\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n return 1\n fi\n\n _zone=\"$(echo \"$_response\" | _egrep_o \"\\\"name\\\":\\\"$h\\\".*\\}\")\"\n if [ \"$_zone\" ]; then\n _zone_id=$(printf \"%s\\n\" \"$_zone\" | _egrep_o \"\\\"id\\\":\\\"[a-fA-F0-9\\-]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d '\\\"')\n if [ \"$_zone_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n\n return 0\n fi\n\n return 1\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n done\n fi\n\n return 1\n}\n\n_ionos_get_record() {\n fulldomain=$1\n zone_id=$2\n txtrecord=$3\n\n if _ionos_rest GET \"$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT\"; then\n _response=\"$(echo \"$_response\" | tr -d \"\\n\")\"\n\n _record=\"$(echo \"$_response\" | _egrep_o \"\\\"name\\\":\\\"$fulldomain\\\"[^\\}]*\\\"type\\\":\\\"TXT\\\"[^\\}]*\\\"content\\\":\\\"\\\\\\\\\\\"$txtrecord\\\\\\\\\\\"\\\".*\\}\")\"\n if [ \"$_record\" ]; then\n _record_id=$(printf \"%s\\n\" \"$_record\" | _egrep_o \"\\\"id\\\":\\\"[a-fA-F0-9\\-]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d '\\\"')\n\n return 0\n fi\n fi\n\n return 1\n}\n\n_ionos_rest() {\n method=\"$1\"\n route=\"$2\"\n data=\"$3\"\n\n IONOS_API_KEY=\"$(printf \"%s.%s\" \"$IONOS_PREFIX\" \"$IONOS_SECRET\")\"\n\n export _H1=\"X-API-Key: $IONOS_API_KEY\"\n\n # clear headers\n : >\"$HTTP_HEADER\"\n\n if [ \"$method\" != \"GET\" ]; then\n export _H2=\"Accept: application/json\"\n export _H3=\"Content-Type: application/json\"\n\n _response=\"$(_post \"$data\" \"$IONOS_API$route\" \"\" \"$method\" \"application/json\")\"\n else\n export _H2=\"Accept: */*\"\n export _H3=\n\n _response=\"$(_get \"$IONOS_API$route\")\"\n fi\n\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Error $route: $_response\"\n return 1\n fi\n\n _debug2 \"_response\" \"$_response\"\n _debug2 \"_code\" \"$_code\"\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_ionos_cloud.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ionos_cloud_info='IONOS Cloud DNS\nSite: ionos.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos_cloud\nOptions:\n IONOS_TOKEN API Token.\nIssues: github.com/acmesh-official/acme.sh/issues/5243\n'\n\n# Supports IONOS Cloud DNS API v1.15.4\n\nIONOS_CLOUD_API=\"https://dns.de-fra.ionos.com\"\nIONOS_CLOUD_ROUTE_ZONES=\"/zones\"\n\ndns_ionos_cloud_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _ionos_init; then\n return 1\n fi\n\n _record_name=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 1)\n _body=\"{\\\"properties\\\":{\\\"name\\\":\\\"$_record_name\\\", \\\"type\\\":\\\"TXT\\\", \\\"content\\\":\\\"$txtvalue\\\"}}\"\n\n if _ionos_cloud_rest POST \"$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records\" \"$_body\" && [ \"$_code\" = \"202\" ]; then\n _info \"TXT record has been created successfully.\"\n return 0\n fi\n\n return 1\n}\n\ndns_ionos_cloud_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _ionos_init; then\n return 1\n fi\n\n if ! _ionos_cloud_get_record \"$_zone_id\" \"$txtvalue\" \"$fulldomain\"; then\n _err \"Could not find _acme-challenge TXT record.\"\n return 1\n fi\n\n if _ionos_cloud_rest DELETE \"$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id\" && [ \"$_code\" = \"202\" ]; then\n _info \"TXT record has been deleted successfully.\"\n return 0\n fi\n\n return 1\n}\n\n_ionos_init() {\n IONOS_TOKEN=\"${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}\"\n\n if [ -z \"$IONOS_TOKEN\" ]; then\n _err \"You didn't specify an IONOS token yet.\"\n _err \"Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token.\"\n _err \"You need to set it before calling acme.sh:\"\n _err \"\\$ export IONOS_TOKEN=\\\"...\\\"\"\n _err \"\\$ acme.sh --issue -d ... --dns dns_ionos_cloud\"\n return 1\n fi\n\n _saveaccountconf_mutable IONOS_TOKEN \"$IONOS_TOKEN\"\n\n if ! _get_cloud_zone \"$fulldomain\"; then\n _err \"Cannot find zone $zone in your IONOS account.\"\n return 1\n fi\n\n return 0\n}\n\n_get_cloud_zone() {\n domain=$1\n zone=$(printf \"%s\" \"$domain\" | cut -d . -f 2-)\n\n if _ionos_cloud_rest GET \"$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone\"; then\n _response=\"$(echo \"$_response\" | tr -d \"\\n\")\"\n\n _zone_list_items=$(echo \"$_response\" | _egrep_o \"\\\"items\\\":.*\")\n\n _zone_id=$(printf \"%s\\n\" \"$_zone_list_items\" | _egrep_o \"\\\"id\\\":\\\"[a-fA-F0-9\\-]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d '\\\"')\n if [ \"$_zone_id\" ]; then\n return 0\n fi\n fi\n\n return 1\n}\n\n_ionos_cloud_get_record() {\n zone_id=$1\n txtrecord=$2\n # this is to transform the domain to lower case\n fulldomain=$(printf \"%s\" \"$3\" | _lower_case)\n # this is to transform record name to lower case\n # IONOS Cloud API transforms all record names to lower case\n _record_name=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 1 | _lower_case)\n\n if _ionos_cloud_rest GET \"$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records\"; then\n _response=\"$(echo \"$_response\" | tr -d \"\\n\")\"\n\n pattern=\"\\{\\\"id\\\":\\\"[a-fA-F0-9\\-]*\\\",\\\"type\\\":\\\"record\\\",\\\"href\\\":\\\"/zones/$zone_id/records/[a-fA-F0-9\\-]*\\\",\\\"metadata\\\":\\{\\\"createdDate\\\":\\\"[A-Z0-9\\:\\.\\-]*\\\",\\\"lastModifiedDate\\\":\\\"[A-Z0-9\\:\\.\\-]*\\\",\\\"fqdn\\\":\\\"$fulldomain\\\",\\\"state\\\":\\\"AVAILABLE\\\",\\\"zoneId\\\":\\\"$zone_id\\\"\\},\\\"properties\\\":\\{\\\"content\\\":\\\"$txtrecord\\\",\\\"enabled\\\":true,\\\"name\\\":\\\"$_record_name\\\",\\\"priority\\\":[0-9]*,\\\"ttl\\\":[0-9]*,\\\"type\\\":\\\"TXT\\\"\\}\\}\"\n\n _record=\"$(echo \"$_response\" | _egrep_o \"$pattern\")\"\n if [ \"$_record\" ]; then\n _record_id=$(printf \"%s\\n\" \"$_record\" | _egrep_o \"\\\"id\\\":\\\"[a-fA-F0-9\\-]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d '\\\"')\n return 0\n fi\n fi\n\n return 1\n}\n\n_ionos_cloud_rest() {\n method=\"$1\"\n route=\"$2\"\n data=\"$3\"\n\n export _H1=\"Authorization: Bearer $IONOS_TOKEN\"\n\n # clear headers\n : >\"$HTTP_HEADER\"\n\n if [ \"$method\" != \"GET\" ]; then\n _response=\"$(_post \"$data\" \"$IONOS_CLOUD_API$route\" \"\" \"$method\" \"application/json\")\"\n else\n _response=\"$(_get \"$IONOS_CLOUD_API$route\")\"\n fi\n\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Error $route: $_response\"\n return 1\n fi\n\n _debug2 \"_response\" \"$_response\"\n _debug2 \"_code\" \"$_code\"\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_ipv64.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ipv64_info='IPv64.net\nSite: IPv64.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ipv64\nOptions:\n IPv64_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/4419\nAuthor: Roman Lumetsberger\n'\n\nIPv64_API=\"https://ipv64.net/api\"\n\n######## Public functions ######################\n\n#Usage: dns_ipv64_add _acme-challenge.domain.ipv64.net \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_ipv64_add() {\n fulldomain=$1\n txtvalue=$2\n\n IPv64_Token=\"${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}\"\n if [ -z \"$IPv64_Token\" ]; then\n _err \"You must export variable: IPv64_Token\"\n _err \"The API Key for your IPv64 account is necessary.\"\n _err \"You can look it up in your IPv64 account.\"\n return 1\n fi\n\n # Now save the credentials.\n _saveaccountconf_mutable IPv64_Token \"$IPv64_Token\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\" \"$fulldomain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # convert to lower case\n _domain=\"$(echo \"$_domain\" | _lower_case)\"\n _sub_domain=\"$(echo \"$_sub_domain\" | _lower_case)\"\n # Now add the TXT record\n _info \"Trying to add TXT record\"\n if _ipv64_rest \"POST\" \"add_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue\"; then\n _info \"TXT record has been successfully added.\"\n return 0\n else\n _err \"Errors happened during adding the TXT record, response=$_response\"\n return 1\n fi\n\n}\n\n#Usage: fulldomain txtvalue\n#Usage: dns_ipv64_rm _acme-challenge.domain.ipv64.net \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n#Remove the txt record after validation.\ndns_ipv64_rm() {\n fulldomain=$1\n txtvalue=$2\n\n IPv64_Token=\"${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}\"\n if [ -z \"$IPv64_Token\" ]; then\n _err \"You must export variable: IPv64_Token\"\n _err \"The API Key for your IPv64 account is necessary.\"\n _err \"You can look it up in your IPv64 account.\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\" \"$fulldomain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # convert to lower case\n _domain=\"$(echo \"$_domain\" | _lower_case)\"\n _sub_domain=\"$(echo \"$_sub_domain\" | _lower_case)\"\n # Now delete the TXT record\n _info \"Trying to delete TXT record\"\n if _ipv64_rest \"DELETE\" \"del_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue\"; then\n _info \"TXT record has been successfully deleted.\"\n return 0\n else\n _err \"Errors happened during deleting the TXT record, response=$_response\"\n return 1\n fi\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=\"$1\"\n i=1\n p=1\n\n _ipv64_get \"get_domains\"\n domain_data=$_response\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n #if _contains \"$domain_data\" \"\\\"\"$h\"\\\"\\:\"; then\n if _contains \"$domain_data\" \"\\\"\"\"$h\"\"\\\"\\:\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n#send get request to api\n# $1 has to set the api-function\n_ipv64_get() {\n url=\"$IPv64_API?$1\"\n export _H1=\"Authorization: Bearer $IPv64_Token\"\n\n _response=$(_get \"$url\")\n _response=\"$(echo \"$_response\" | _normalizeJson)\"\n\n if _contains \"$_response\" \"429 Too Many Requests\"; then\n _info \"API throttled, sleeping to reset the limit\"\n _sleep 10\n _response=$(_get \"$url\")\n _response=\"$(echo \"$_response\" | _normalizeJson)\"\n fi\n}\n\n_ipv64_rest() {\n url=\"$IPv64_API\"\n export _H1=\"Authorization: Bearer $IPv64_Token\"\n export _H2=\"Content-Type: application/x-www-form-urlencoded\"\n _response=$(_post \"$2\" \"$url\" \"\" \"$1\")\n\n if _contains \"$_response\" \"429 Too Many Requests\"; then\n _info \"API throttled, sleeping to reset the limit\"\n _sleep 10\n _response=$(_post \"$2\" \"$url\" \"\" \"$1\")\n fi\n\n if ! _contains \"$_response\" \"\\\"info\\\":\\\"success\\\"\"; then\n return 1\n fi\n _debug2 response \"$_response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_ispconfig.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_ispconfig_info='ISPConfig Server API\nSite: ISPConfig.org\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ispconfig\nOptions:\n ISPC_User Remote User\n ISPC_Password Remote Password\n ISPC_Api API URL. E.g. \"https://ispc.domain.tld:8080/remote/json.php\"\n ISPC_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept\n'\n\n# ISPConfig 3.1 API\n# User must provide login data and URL to the ISPConfig installation incl. port.\n# The remote user in ISPConfig must have access to:\n# - DNS txt Functions\n# - DNS zone functions\n# - Client functions\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_ispconfig_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n _debug \"Calling: dns_ispconfig_add() '${fulldomain}' '${txtvalue}'\"\n _ISPC_credentials && _ISPC_login && _ISPC_getZoneInfo && _ISPC_addTxt\n}\n\n#Usage: dns_myapi_rm _acme-challenge.www.domain.com\ndns_ispconfig_rm() {\n fulldomain=\"${1}\"\n _debug \"Calling: dns_ispconfig_rm() '${fulldomain}'\"\n _ISPC_credentials && _ISPC_login && _ISPC_rmTxt\n}\n\n#################### Private functions below ##################################\n\n_ISPC_credentials() {\n ISPC_User=\"${ISPC_User:-$(_readaccountconf_mutable ISPC_User)}\"\n ISPC_Password=\"${ISPC_Password:-$(_readaccountconf_mutable ISPC_Password)}\"\n ISPC_Api=\"${ISPC_Api:-$(_readaccountconf_mutable ISPC_Api)}\"\n ISPC_Api_Insecure=\"${ISPC_Api_Insecure:-$(_readaccountconf_mutable ISPC_Api_Insecure)}\"\n if [ -z \"${ISPC_User}\" ] || [ -z \"${ISPC_Password}\" ] || [ -z \"${ISPC_Api}\" ] || [ -z \"${ISPC_Api_Insecure}\" ]; then\n ISPC_User=\"\"\n ISPC_Password=\"\"\n ISPC_Api=\"\"\n ISPC_Api_Insecure=\"\"\n _err \"You haven't specified the ISPConfig Login data, URL and whether you want check the ISPC SSL cert. Please try again.\"\n return 1\n else\n _saveaccountconf_mutable ISPC_User \"${ISPC_User}\"\n _saveaccountconf_mutable ISPC_Password \"${ISPC_Password}\"\n _saveaccountconf_mutable ISPC_Api \"${ISPC_Api}\"\n _saveaccountconf_mutable ISPC_Api_Insecure \"${ISPC_Api_Insecure}\"\n # Set whether curl should use secure or insecure mode\n export HTTPS_INSECURE=\"${ISPC_Api_Insecure}\"\n fi\n}\n\n_ISPC_login() {\n _info \"Getting Session ID\"\n curData=\"{\\\"username\\\":\\\"${ISPC_User}\\\",\\\"password\\\":\\\"${ISPC_Password}\\\",\\\"client_login\\\":false}\"\n curResult=\"$(_post \"${curData}\" \"${ISPC_Api}?login\")\"\n _debug \"Calling _ISPC_login: '${curData}' '${ISPC_Api}?login'\"\n _debug \"Result of _ISPC_login: '$curResult'\"\n if _contains \"${curResult}\" '\"code\":\"ok\"'; then\n sessionID=$(echo \"${curResult}\" | _egrep_o \"response.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2)\n _info \"Retrieved Session ID.\"\n _debug \"Session ID: '${sessionID}'\"\n else\n _err \"Couldn't retrieve the Session ID.\"\n return 1\n fi\n}\n\n_ISPC_getZoneInfo() {\n _info \"Getting Zoneinfo\"\n zoneEnd=false\n curZone=\"${fulldomain}\"\n while [ \"${zoneEnd}\" = false ]; do\n # we can strip the first part of the fulldomain, since it's just the _acme-challenge string\n curZone=\"${curZone#*.}\"\n # suffix . needed for zone -> domain.tld.\n curData=\"{\\\"session_id\\\":\\\"${sessionID}\\\",\\\"primary_id\\\":{\\\"origin\\\":\\\"${curZone}.\\\"}}\"\n curResult=\"$(_post \"${curData}\" \"${ISPC_Api}?dns_zone_get\")\"\n _debug \"Calling _ISPC_getZoneInfo: '${curData}' '${ISPC_Api}?dns_zone_get'\"\n _debug \"Result of _ISPC_getZoneInfo: '$curResult'\"\n if _contains \"${curResult}\" '\"id\":\"'; then\n zoneFound=true\n zoneEnd=true\n _info \"Retrieved zone data.\"\n _debug \"Zone data: '${curResult}'\"\n fi\n if [ \"${curZone#*.}\" != \"$curZone\" ]; then\n _debug2 \"$curZone still contains a '.' - so we can check next higher level\"\n else\n zoneEnd=true\n _err \"Couldn't retrieve zone data.\"\n return 1\n fi\n done\n if [ \"${zoneFound}\" ]; then\n server_id=$(echo \"${curResult}\" | _egrep_o \"server_id.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2)\n _debug \"Server ID: '${server_id}'\"\n case \"${server_id}\" in\n '' | *[!0-9]*)\n _err \"Server ID is not numeric.\"\n return 1\n ;;\n *) _info \"Retrieved Server ID\" ;;\n esac\n zone=$(echo \"${curResult}\" | _egrep_o \"\\\"id.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2)\n _debug \"Zone: '${zone}'\"\n case \"${zone}\" in\n '' | *[!0-9]*)\n _err \"Zone ID is not numeric.\"\n return 1\n ;;\n *) _info \"Retrieved Zone ID\" ;;\n esac\n sys_userid=$(echo \"${curResult}\" | _egrep_o \"sys_userid.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2)\n _debug \"SYS User ID: '${sys_userid}'\"\n case \"${sys_userid}\" in\n '' | *[!0-9]*)\n _err \"SYS User ID is not numeric.\"\n return 1\n ;;\n *) _info \"Retrieved SYS User ID.\" ;;\n esac\n zoneFound=\"\"\n zoneEnd=\"\"\n fi\n # Need to get client_id as it is different from sys_userid\n curData=\"{\\\"session_id\\\":\\\"${sessionID}\\\",\\\"sys_userid\\\":\\\"${sys_userid}\\\"}\"\n curResult=\"$(_post \"${curData}\" \"${ISPC_Api}?client_get_id\")\"\n _debug \"Calling _ISPC_ClientGetID: '${curData}' '${ISPC_Api}?client_get_id'\"\n _debug \"Result of _ISPC_ClientGetID: '$curResult'\"\n client_id=$(echo \"${curResult}\" | _egrep_o \"response.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2 | tr -d '{}')\n _debug \"Client ID: '${client_id}'\"\n case \"${client_id}\" in\n '' | *[!0-9]*)\n _err \"Client ID is not numeric.\"\n return 1\n ;;\n *) _info \"Retrieved Client ID.\" ;;\n esac\n}\n\n_ISPC_addTxt() {\n curSerial=\"$(date +%s)\"\n curStamp=\"$(date +'%F %T')\"\n params=\"\\\"server_id\\\":\\\"${server_id}\\\",\\\"zone\\\":\\\"${zone}\\\",\\\"name\\\":\\\"${fulldomain}.\\\",\\\"type\\\":\\\"txt\\\",\\\"data\\\":\\\"${txtvalue}\\\",\\\"aux\\\":\\\"0\\\",\\\"ttl\\\":\\\"3600\\\",\\\"active\\\":\\\"y\\\",\\\"stamp\\\":\\\"${curStamp}\\\",\\\"serial\\\":\\\"${curSerial}\\\"\"\n curData=\"{\\\"session_id\\\":\\\"${sessionID}\\\",\\\"client_id\\\":\\\"${client_id}\\\",\\\"params\\\":{${params}},\\\"update_serial\\\":true}\"\n curResult=\"$(_post \"${curData}\" \"${ISPC_Api}?dns_txt_add\")\"\n _debug \"Calling _ISPC_addTxt: '${curData}' '${ISPC_Api}?dns_txt_add'\"\n _debug \"Result of _ISPC_addTxt: '$curResult'\"\n record_id=$(echo \"${curResult}\" | _egrep_o \"\\\"response.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2)\n _debug \"Record ID: '${record_id}'\"\n case \"${record_id}\" in\n '' | *[!0-9]*)\n _err \"Couldn't add ACME Challenge TXT record to zone.\"\n return 1\n ;;\n *) _info \"Added ACME Challenge TXT record to zone.\" ;;\n esac\n}\n\n_ISPC_rmTxt() {\n # Need to get the record ID.\n curData=\"{\\\"session_id\\\":\\\"${sessionID}\\\",\\\"primary_id\\\":{\\\"name\\\":\\\"${fulldomain}.\\\",\\\"type\\\":\\\"TXT\\\"}}\"\n curResult=\"$(_post \"${curData}\" \"${ISPC_Api}?dns_txt_get\")\"\n _debug \"Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_get'\"\n _debug \"Result of _ISPC_rmTxt: '$curResult'\"\n if _contains \"${curResult}\" '\"code\":\"ok\"'; then\n record_id=$(echo \"${curResult}\" | _egrep_o \"\\\"id.*\" | cut -d ':' -f 2 | cut -d '\"' -f 2)\n _debug \"Record ID: '${record_id}'\"\n case \"${record_id}\" in\n '' | *[!0-9]*)\n _err \"Record ID is not numeric.\"\n return 1\n ;;\n *)\n unset IFS\n _info \"Retrieved Record ID.\"\n curData=\"{\\\"session_id\\\":\\\"${sessionID}\\\",\\\"primary_id\\\":\\\"${record_id}\\\",\\\"update_serial\\\":true}\"\n curResult=\"$(_post \"${curData}\" \"${ISPC_Api}?dns_txt_delete\")\"\n _debug \"Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_delete'\"\n _debug \"Result of _ISPC_rmTxt: '$curResult'\"\n if _contains \"${curResult}\" '\"code\":\"ok\"'; then\n _info \"Removed ACME Challenge TXT record from zone.\"\n else\n _err \"Couldn't remove ACME Challenge TXT record from zone.\"\n return 1\n fi\n ;;\n esac\n fi\n}\n"
},
{
"path": "dnsapi/dns_jd.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_jd_info='jdcloud.com\nSite: jdcloud.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_jd\nOptions:\n JD_ACCESS_KEY_ID Access key ID\n JD_ACCESS_KEY_SECRET Access key secret\n JD_REGION Region. E.g. \"cn-north-1\"\nIssues: github.com/acmesh-official/acme.sh/issues/2388\n'\n\n_JD_ACCOUNT=\"https://uc.jdcloud.com/account/accesskey\"\n\n_JD_PROD=\"clouddnsservice\"\n_JD_API=\"jdcloud-api.com\"\n\n_JD_API_VERSION=\"v1\"\n_JD_DEFAULT_REGION=\"cn-north-1\"\n\n_JD_HOST=\"$_JD_PROD.$_JD_API\"\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_jd_add() {\n fulldomain=$1\n txtvalue=$2\n\n JD_ACCESS_KEY_ID=\"${JD_ACCESS_KEY_ID:-$(_readaccountconf_mutable JD_ACCESS_KEY_ID)}\"\n JD_ACCESS_KEY_SECRET=\"${JD_ACCESS_KEY_SECRET:-$(_readaccountconf_mutable JD_ACCESS_KEY_SECRET)}\"\n JD_REGION=\"${JD_REGION:-$(_readaccountconf_mutable JD_REGION)}\"\n\n if [ -z \"$JD_ACCESS_KEY_ID\" ] || [ -z \"$JD_ACCESS_KEY_SECRET\" ]; then\n JD_ACCESS_KEY_ID=\"\"\n JD_ACCESS_KEY_SECRET=\"\"\n _err \"You haven't specifed the jdcloud api key id or api key secret yet.\"\n _err \"Please create your key and try again. see $(__green $_JD_ACCOUNT)\"\n return 1\n fi\n\n _saveaccountconf_mutable JD_ACCESS_KEY_ID \"$JD_ACCESS_KEY_ID\"\n _saveaccountconf_mutable JD_ACCESS_KEY_SECRET \"$JD_ACCESS_KEY_SECRET\"\n if [ -z \"$JD_REGION\" ]; then\n _debug \"Using default region: $_JD_DEFAULT_REGION\"\n JD_REGION=\"$_JD_DEFAULT_REGION\"\n else\n _saveaccountconf_mutable JD_REGION \"$JD_REGION\"\n fi\n _JD_BASE_URI=\"$_JD_API_VERSION/regions/$JD_REGION\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n #_debug \"Getting getViewTree\"\n\n _debug \"Adding records\"\n\n _addrr=\"{\\\"req\\\":{\\\"hostRecord\\\":\\\"$_sub_domain\\\",\\\"hostValue\\\":\\\"$txtvalue\\\",\\\"ttl\\\":300,\\\"type\\\":\\\"TXT\\\",\\\"viewValue\\\":-1},\\\"regionId\\\":\\\"$JD_REGION\\\",\\\"domainId\\\":\\\"$_domain_id\\\"}\"\n #_addrr='{\"req\":{\"hostRecord\":\"xx\",\"hostValue\":\"\\\"value4\\\"\",\"jcloudRes\":false,\"mxPriority\":null,\"port\":null,\"ttl\":300,\"type\":\"TXT\",\"weight\":null,\"viewValue\":-1},\"regionId\":\"cn-north-1\",\"domainId\":\"8824\"}'\n if jd_rest POST \"domain/$_domain_id/RRAdd\" \"\" \"$_addrr\"; then\n _rid=\"$(echo \"$response\" | tr '{},' '\\n' | grep '\"id\":' | cut -d : -f 2)\"\n if [ -z \"$_rid\" ]; then\n _err \"Can not find record id from the result.\"\n return 1\n fi\n _info \"TXT record added successfully.\"\n _srid=\"$(_readdomainconf \"JD_CLOUD_RIDS\")\"\n if [ \"$_srid\" ]; then\n _rid=\"$_srid,$_rid\"\n fi\n _savedomainconf \"JD_CLOUD_RIDS\" \"$_rid\"\n return 0\n fi\n\n return 1\n}\n\ndns_jd_rm() {\n fulldomain=$1\n txtvalue=$2\n\n JD_ACCESS_KEY_ID=\"${JD_ACCESS_KEY_ID:-$(_readaccountconf_mutable JD_ACCESS_KEY_ID)}\"\n JD_ACCESS_KEY_SECRET=\"${JD_ACCESS_KEY_SECRET:-$(_readaccountconf_mutable JD_ACCESS_KEY_SECRET)}\"\n JD_REGION=\"${JD_REGION:-$(_readaccountconf_mutable JD_REGION)}\"\n\n if [ -z \"$JD_REGION\" ]; then\n _debug \"Using default region: $_JD_DEFAULT_REGION\"\n JD_REGION=\"$_JD_DEFAULT_REGION\"\n fi\n\n _JD_BASE_URI=\"$_JD_API_VERSION/regions/$JD_REGION\"\n\n _info \"Getting existing records for $fulldomain\"\n _srid=\"$(_readdomainconf \"JD_CLOUD_RIDS\")\"\n _debug _srid \"$_srid\"\n\n if [ -z \"$_srid\" ]; then\n _err \"Not rid skip\"\n return 0\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _cleardomainconf JD_CLOUD_RIDS\n\n _aws_tmpl_xml=\"{\\\"ids\\\":[$_srid],\\\"action\\\":\\\"del\\\",\\\"regionId\\\":\\\"$JD_REGION\\\",\\\"domainId\\\":\\\"$_domain_id\\\"}\"\n\n if jd_rest POST \"domain/$_domain_id/RROperate\" \"\" \"$_aws_tmpl_xml\" && _contains \"$response\" \"\\\"code\\\":\\\"OK\\\"\"; then\n _info \"TXT record deleted successfully.\"\n return 0\n fi\n return 1\n\n}\n\n#################### Private functions below ##################################\n\n_get_root() {\n domain=$1\n i=1\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug2 \"Checking domain: $h\"\n if ! jd_rest GET \"domain\"; then\n _err \"error get domain list\"\n return 1\n fi\n if [ -z \"$h\" ]; then\n #not valid\n _err \"Invalid domain\"\n return 1\n fi\n\n if _contains \"$response\" \"\\\"domainName\\\":\\\"$h\\\"\"; then\n hostedzone=\"$(echo \"$response\" | tr '{}' '\\n' | grep \"\\\"domainName\\\":\\\"$h\\\"\")\"\n _debug hostedzone \"$hostedzone\"\n if [ \"$hostedzone\" ]; then\n _domain_id=\"$(echo \"$hostedzone\" | tr ',' '\\n' | grep \"\\\"id\\\":\" | cut -d : -f 2)\"\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n fi\n _err \"Can't find domain with id: $h\"\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n#method uri qstr data\njd_rest() {\n mtd=\"$1\"\n ep=\"$2\"\n qsr=\"$3\"\n data=\"$4\"\n\n _debug mtd \"$mtd\"\n _debug ep \"$ep\"\n _debug qsr \"$qsr\"\n _debug data \"$data\"\n\n CanonicalURI=\"/$_JD_BASE_URI/$ep\"\n _debug2 CanonicalURI \"$CanonicalURI\"\n\n CanonicalQueryString=\"$qsr\"\n _debug2 CanonicalQueryString \"$CanonicalQueryString\"\n\n RequestDate=\"$(date -u +\"%Y%m%dT%H%M%SZ\")\"\n #RequestDate=\"20190713T082155Z\" ######################################################\n _debug2 RequestDate \"$RequestDate\"\n export _H1=\"X-Jdcloud-Date: $RequestDate\"\n\n RequestNonce=\"2bd0852a-8bae-4087-b2d5-$(_time)\"\n #RequestNonce=\"894baff5-72d4-4244-883a-7b2eb51e7fbe\" #################################\n _debug2 RequestNonce \"$RequestNonce\"\n export _H2=\"X-Jdcloud-Nonce: $RequestNonce\"\n\n if [ \"$data\" ]; then\n CanonicalHeaders=\"content-type:application/json\\n\"\n SignedHeaders=\"content-type;\"\n else\n CanonicalHeaders=\"\"\n SignedHeaders=\"\"\n fi\n CanonicalHeaders=\"${CanonicalHeaders}host:$_JD_HOST\\nx-jdcloud-date:$RequestDate\\nx-jdcloud-nonce:$RequestNonce\\n\"\n SignedHeaders=\"${SignedHeaders}host;x-jdcloud-date;x-jdcloud-nonce\"\n\n _debug2 CanonicalHeaders \"$CanonicalHeaders\"\n _debug2 SignedHeaders \"$SignedHeaders\"\n\n Hash=\"sha256\"\n\n RequestPayload=\"$data\"\n _debug2 RequestPayload \"$RequestPayload\"\n\n RequestPayloadHash=\"$(printf \"%s\" \"$RequestPayload\" | _digest \"$Hash\" hex | _lower_case)\"\n _debug2 RequestPayloadHash \"$RequestPayloadHash\"\n\n CanonicalRequest=\"$mtd\\n$CanonicalURI\\n$CanonicalQueryString\\n$CanonicalHeaders\\n$SignedHeaders\\n$RequestPayloadHash\"\n _debug2 CanonicalRequest \"$CanonicalRequest\"\n\n HashedCanonicalRequest=\"$(printf \"$CanonicalRequest%s\" | _digest \"$Hash\" hex)\"\n _debug2 HashedCanonicalRequest \"$HashedCanonicalRequest\"\n\n Algorithm=\"JDCLOUD2-HMAC-SHA256\"\n _debug2 Algorithm \"$Algorithm\"\n\n RequestDateOnly=\"$(echo \"$RequestDate\" | cut -c 1-8)\"\n _debug2 RequestDateOnly \"$RequestDateOnly\"\n\n Region=\"$JD_REGION\"\n Service=\"$_JD_PROD\"\n\n CredentialScope=\"$RequestDateOnly/$Region/$Service/jdcloud2_request\"\n _debug2 CredentialScope \"$CredentialScope\"\n\n StringToSign=\"$Algorithm\\n$RequestDate\\n$CredentialScope\\n$HashedCanonicalRequest\"\n\n _debug2 StringToSign \"$StringToSign\"\n\n kSecret=\"JDCLOUD2$JD_ACCESS_KEY_SECRET\"\n\n _secure_debug2 kSecret \"$kSecret\"\n\n kSecretH=\"$(printf \"%s\" \"$kSecret\" | _hex_dump | tr -d \" \")\"\n _secure_debug2 kSecretH \"$kSecretH\"\n\n kDateH=\"$(printf \"$RequestDateOnly%s\" | _hmac \"$Hash\" \"$kSecretH\" hex)\"\n _debug2 kDateH \"$kDateH\"\n\n kRegionH=\"$(printf \"$Region%s\" | _hmac \"$Hash\" \"$kDateH\" hex)\"\n _debug2 kRegionH \"$kRegionH\"\n\n kServiceH=\"$(printf \"$Service%s\" | _hmac \"$Hash\" \"$kRegionH\" hex)\"\n _debug2 kServiceH \"$kServiceH\"\n\n kSigningH=\"$(printf \"%s\" \"jdcloud2_request\" | _hmac \"$Hash\" \"$kServiceH\" hex)\"\n _debug2 kSigningH \"$kSigningH\"\n\n signature=\"$(printf \"$StringToSign%s\" | _hmac \"$Hash\" \"$kSigningH\" hex)\"\n _debug2 signature \"$signature\"\n\n Authorization=\"$Algorithm Credential=$JD_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature\"\n _debug2 Authorization \"$Authorization\"\n\n _H3=\"Authorization: $Authorization\"\n _debug _H3 \"$_H3\"\n\n url=\"https://$_JD_HOST$CanonicalURI\"\n if [ \"$qsr\" ]; then\n url=\"https://$_JD_HOST$CanonicalURI?$qsr\"\n fi\n\n if [ \"$mtd\" = \"GET\" ]; then\n response=\"$(_get \"$url\")\"\n else\n response=\"$(_post \"$data\" \"$url\" \"\" \"$mtd\" \"application/json\")\"\n fi\n\n _ret=\"$?\"\n _debug2 response \"$response\"\n if [ \"$_ret\" = \"0\" ]; then\n if _contains \"$response\" \"\\\"error\\\"\"; then\n _err \"Response error:$response\"\n return 1\n fi\n fi\n\n return \"$_ret\"\n}\n"
},
{
"path": "dnsapi/dns_joker.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_joker_info='Joker.com\nSite: Joker.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_joker\nOptions:\n JOKER_USERNAME Username\n JOKER_PASSWORD Password\nIssues: github.com/acmesh-official/acme.sh/issues/2840\nAuthor: @aattww\n'\n\nJOKER_API=\"https://svc.joker.com/nic/replace\"\n\n######## Public functions #####################\n\n#Usage: dns_joker_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_joker_add() {\n fulldomain=$1\n txtvalue=$2\n\n JOKER_USERNAME=\"${JOKER_USERNAME:-$(_readaccountconf_mutable JOKER_USERNAME)}\"\n JOKER_PASSWORD=\"${JOKER_PASSWORD:-$(_readaccountconf_mutable JOKER_PASSWORD)}\"\n\n if [ -z \"$JOKER_USERNAME\" ] || [ -z \"$JOKER_PASSWORD\" ]; then\n _err \"No Joker.com username and password specified.\"\n return 1\n fi\n\n _saveaccountconf_mutable JOKER_USERNAME \"$JOKER_USERNAME\"\n _saveaccountconf_mutable JOKER_PASSWORD \"$JOKER_PASSWORD\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _info \"Adding TXT record\"\n if _joker_rest \"username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$_domain&label=$_sub_domain&type=TXT&value=$txtvalue\"; then\n if _startswith \"$response\" \"OK\"; then\n _info \"Added, OK\"\n return 0\n fi\n fi\n _err \"Error adding TXT record.\"\n return 1\n}\n\n#fulldomain txtvalue\ndns_joker_rm() {\n fulldomain=$1\n txtvalue=$2\n\n JOKER_USERNAME=\"${JOKER_USERNAME:-$(_readaccountconf_mutable JOKER_USERNAME)}\"\n JOKER_PASSWORD=\"${JOKER_PASSWORD:-$(_readaccountconf_mutable JOKER_PASSWORD)}\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _info \"Removing TXT record\"\n # TXT record is removed by setting its value to empty.\n if _joker_rest \"username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$_domain&label=$_sub_domain&type=TXT&value=\"; then\n if _startswith \"$response\" \"OK\"; then\n _info \"Removed, OK\"\n return 0\n fi\n fi\n _err \"Error removing TXT record.\"\n return 1\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n fulldomain=$1\n i=1\n while true; do\n h=$(printf \"%s\" \"$fulldomain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n return 1\n fi\n\n # Try to remove a test record. With correct root domain, username and password this will return \"OK: ...\" regardless\n # of record in question existing or not.\n if _joker_rest \"username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$h&label=jokerTXTUpdateTest&type=TXT&value=\"; then\n if _startswith \"$response\" \"OK\"; then\n _sub_domain=\"$(echo \"$fulldomain\" | sed \"s/\\\\.$h\\$//\")\"\n _domain=$h\n return 0\n fi\n fi\n\n i=$(_math \"$i\" + 1)\n done\n\n _debug \"Root domain not found\"\n return 1\n}\n\n_joker_rest() {\n data=\"$1\"\n _debug data \"$data\"\n\n if ! response=\"$(_post \"$data\" \"$JOKER_API\" \"\" \"POST\")\"; then\n _err \"Error POSTing\"\n return 1\n fi\n _debug response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_kappernet.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_kappernet_info='kapper.net\nSite: kapper.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kappernet\nOptions:\n KAPPERNETDNS_Key API Key\n KAPPERNETDNS_Secret API Secret\nIssues: github.com/acmesh-official/acme.sh/issues/2977\n'\n\n###############################################################################\n# called with\n# fullhostname: something.example.com\n# txtvalue: someacmegenerated string\ndns_kappernet_add() {\n fullhostname=$1\n txtvalue=$2\n\n KAPPERNETDNS_Key=\"${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}\"\n KAPPERNETDNS_Secret=\"${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}\"\n KAPPERNETDNS_Api=\"https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret\"\n\n if [ -z \"$KAPPERNETDNS_Key\" ] || [ -z \"$KAPPERNETDNS_Secret\" ]; then\n _err \"Please specify your kapper.net api key and secret.\"\n _err \"If you have not received yours - send your mail to\"\n _err \"support@kapper.net to get your key and secret.\"\n return 1\n fi\n\n #store the api key and email to the account conf file.\n _saveaccountconf_mutable KAPPERNETDNS_Key \"$KAPPERNETDNS_Key\"\n _saveaccountconf_mutable KAPPERNETDNS_Secret \"$KAPPERNETDNS_Secret\"\n _debug \"Checking Domain ...\"\n if ! _get_root \"$fullhostname\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"SUBDOMAIN: $_sub_domain\"\n _debug _domain \"DOMAIN: $_domain\"\n\n _info \"Trying to add TXT DNS Record\"\n data=\"%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D\"\n if _kappernet_api GET \"action=new&subject=$_domain&data=$data\"; then\n\n if _contains \"$response\" \"{\\\"OK\\\":true\"; then\n _info \"Waiting 1 second for DNS to spread the new record\"\n _sleep 1\n return 0\n else\n _err \"Error creating a TXT DNS Record: $fullhostname TXT $txtvalue\"\n _err \"Error Message: $response\"\n return 1\n fi\n fi\n _err \"Failed creating TXT Record\"\n}\n\n###############################################################################\n# called with\n# fullhostname: something.example.com\ndns_kappernet_rm() {\n fullhostname=$1\n txtvalue=$2\n\n KAPPERNETDNS_Key=\"${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}\"\n KAPPERNETDNS_Secret=\"${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}\"\n KAPPERNETDNS_Api=\"https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret\"\n\n if [ -z \"$KAPPERNETDNS_Key\" ] || [ -z \"$KAPPERNETDNS_Secret\" ]; then\n _err \"Please specify your kapper.net api key and secret.\"\n _err \"If you have not received yours - send your mail to\"\n _err \"support@kapper.net to get your key and secret.\"\n return 1\n fi\n\n #store the api key and email to the account conf file.\n _saveaccountconf_mutable KAPPERNETDNS_Key \"$KAPPERNETDNS_Key\"\n _saveaccountconf_mutable KAPPERNETDNS_Secret \"$KAPPERNETDNS_Secret\"\n\n _info \"Trying to remove the TXT Record: $fullhostname containing $txtvalue\"\n data=\"%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D\"\n if _kappernet_api GET \"action=del&subject=$fullhostname&data=$data\"; then\n if _contains \"$response\" \"{\\\"OK\\\":true\"; then\n return 0\n else\n _err \"Error deleting DNS Record: $fullhostname containing $txtvalue\"\n _err \"Problem: $response\"\n return 1\n fi\n fi\n _err \"Problem deleting TXT DNS record\"\n}\n\n#################### Private functions below ##################################\n# called with hostname\n# e.g._acme-challenge.www.domain.com returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n if ! _kappernet_api GET \"action=list&subject=$h\"; then\n return 1\n fi\n if _contains \"$response\" '\"OK\":false'; then\n _debug \"$h not found\"\n else\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n################################################################################\n# calls the kapper.net DNS Panel API\n# with\n# method\n# param\n_kappernet_api() {\n method=$1\n param=\"$2\"\n\n _debug param \"PARAMETER=$param\"\n url=\"$KAPPERNETDNS_Api&$param\"\n _debug url \"URL=$url\"\n\n if [ \"$method\" = \"GET\" ]; then\n response=\"$(_get \"$url\")\"\n else\n _err \"Unsupported method or missing Secret/Key\"\n return 1\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_kas.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_kas_info='All-inkl Kas Server\nSite: kas.all-inkl.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kas\nOptions:\n KAS_Login API login name\n KAS_Authtype API auth type. Default: \"plain\"\n KAS_Authdata API auth data\nIssues: github.com/acmesh-official/acme.sh/issues/2715\nAuthor: squared GmbH , Martin Kammerlander , Marc-Oliver Lange \n'\n\n########################################################################\nKAS_Api_GET=\"$(_get \"https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl\")\"\nKAS_Api=\"$(echo \"$KAS_Api_GET\" | tr -d ' ' | grep -i \"//g\")\"\n_info \"[KAS] -> API URL $KAS_Api\"\n\nKAS_Auth_GET=\"$(_get \"https://kasapi.kasserver.com/soap/wsdl/KasAuth.wsdl\")\"\nKAS_Auth=\"$(echo \"$KAS_Auth_GET\" | tr -d ' ' | grep -i \"//g\")\"\n_info \"[KAS] -> AUTH URL $KAS_Auth\"\n\nKAS_default_ratelimit=5 # TODO - Every response delivers a ratelimit (seconds) where KASAPI is blocking a request.\n\n######## Public functions #####################\ndns_kas_add() {\n _fulldomain=$1\n _txtvalue=$2\n\n _info \"[KAS] -> Using DNS-01 All-inkl/Kasserver hook\"\n _info \"[KAS] -> Check and Save Props\"\n _check_and_save\n\n _info \"[KAS] -> Adding $_fulldomain DNS TXT entry on all-inkl.com/Kasserver\"\n _info \"[KAS] -> Retriving Credential Token\"\n _get_credential_token\n\n _info \"[KAS] -> Checking Zone and Record_Name\"\n _get_zone_and_record_name \"$_fulldomain\"\n\n _info \"[KAS] -> Checking for existing Record entries\"\n _get_record_id\n\n # If there is a record_id, delete the entry\n if [ -n \"$_record_id\" ]; then\n _info \"[KAS] -> Existing records found. Now deleting old entries\"\n for i in $_record_id; do\n _delete_RecordByID \"$i\"\n done\n else\n _info \"[KAS] -> No record found.\"\n fi\n\n _info \"[KAS] -> Creating TXT DNS record\"\n action=\"add_dns_settings\"\n kasReqParam=\"\\\"record_name\\\":\\\"$_record_name\\\"\"\n kasReqParam=\"$kasReqParam,\\\"record_type\\\":\\\"TXT\\\"\"\n kasReqParam=\"$kasReqParam,\\\"record_data\\\":\\\"$_txtvalue\\\"\"\n kasReqParam=\"$kasReqParam,\\\"record_aux\\\":\\\"0\\\"\"\n kasReqParam=\"$kasReqParam,\\\"zone_host\\\":\\\"$_zone\\\"\"\n response=\"$(_callAPI \"$action\" \"$kasReqParam\")\"\n _debug2 \"[KAS] -> Response\" \"$response\"\n\n if [ -z \"$response\" ]; then\n _info \"[KAS] -> Response was empty, please check manually.\"\n return 1\n elif _contains \"$response\" \"\"; then\n faultstring=\"$(echo \"$response\" | tr -d '\\n\\r' | sed \"s//\\n=> /g\" | sed \"s/<\\/faultstring>/\\n/g\" | grep \"=>\" | sed \"s/=> //g\")\"\n case \"${faultstring}\" in\n \"record_already_exists\")\n _info \"[KAS] -> The record already exists, which must not be a problem. Please check manually.\"\n ;;\n *)\n _err \"[KAS] -> An error =>$faultstring<= occurred, please check manually.\"\n return 1\n ;;\n esac\n elif ! _contains \"$response\" \"- ReturnStringTRUE
\"; then\n _err \"[KAS] -> An unknown error occurred, please check manually.\"\n return 1\n fi\n return 0\n}\n\ndns_kas_rm() {\n _fulldomain=$1\n _txtvalue=$2\n\n _info \"[KAS] -> Using DNS-01 All-inkl/Kasserver hook\"\n _info \"[KAS] -> Check and Save Props\"\n _check_and_save\n\n _info \"[KAS] -> Cleaning up after All-inkl/Kasserver hook\"\n _info \"[KAS] -> Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver\"\n _info \"[KAS] -> Retriving Credential Token\"\n _get_credential_token\n\n _info \"[KAS] -> Checking Zone and Record_Name\"\n _get_zone_and_record_name \"$_fulldomain\"\n\n _info \"[KAS] -> Getting Record ID\"\n _get_record_id\n\n _info \"[KAS] -> Removing entries with ID: $_record_id\"\n # If there is a record_id, delete the entry\n if [ -n \"$_record_id\" ]; then\n for i in $_record_id; do\n _delete_RecordByID \"$i\"\n done\n else # Cannot delete or unkown error\n _info \"[KAS] -> No record_id found that can be deleted. Please check manually.\"\n fi\n return 0\n}\n\n########################## PRIVATE FUNCTIONS ###########################\n# Delete Record ID\n_delete_RecordByID() {\n recId=$1\n action=\"delete_dns_settings\"\n kasReqParam=\"\\\"record_id\\\":\\\"$recId\\\"\"\n response=\"$(_callAPI \"$action\" \"$kasReqParam\")\"\n _debug2 \"[KAS] -> Response\" \"$response\"\n\n if [ -z \"$response\" ]; then\n _info \"[KAS] -> Response was empty, please check manually.\"\n return 1\n elif _contains \"$response\" \"\"; then\n faultstring=\"$(echo \"$response\" | tr -d '\\n\\r' | sed \"s//\\n=> /g\" | sed \"s/<\\/faultstring>/\\n/g\" | grep \"=>\" | sed \"s/=> //g\")\"\n case \"${faultstring}\" in\n \"record_id_not_found\")\n _info \"[KAS] -> The record was not found, which perhaps is not a problem. Please check manually.\"\n ;;\n *)\n _err \"[KAS] -> An error =>$faultstring<= occurred, please check manually.\"\n return 1\n ;;\n esac\n elif ! _contains \"$response\" \"- ReturnStringTRUE
\"; then\n _err \"[KAS] -> An unknown error occurred, please check manually.\"\n return 1\n fi\n}\n# Checks for the ENV variables and saves them\n_check_and_save() {\n KAS_Login=\"${KAS_Login:-$(_readaccountconf_mutable KAS_Login)}\"\n KAS_Authtype=\"${KAS_Authtype:-$(_readaccountconf_mutable KAS_Authtype)}\"\n KAS_Authdata=\"${KAS_Authdata:-$(_readaccountconf_mutable KAS_Authdata)}\"\n\n if [ -z \"$KAS_Login\" ] || [ -z \"$KAS_Authtype\" ] || [ -z \"$KAS_Authdata\" ]; then\n KAS_Login=\n KAS_Authtype=\n KAS_Authdata=\n _err \"[KAS] -> No auth details provided. Please set user credentials using the \\$KAS_Login, \\$KAS_Authtype, and \\$KAS_Authdata environment variables.\"\n return 1\n fi\n _saveaccountconf_mutable KAS_Login \"$KAS_Login\"\n _saveaccountconf_mutable KAS_Authtype \"$KAS_Authtype\"\n _saveaccountconf_mutable KAS_Authdata \"$KAS_Authdata\"\n return 0\n}\n\n# Gets back the base domain/zone and record name.\n# See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide\n_get_zone_and_record_name() {\n action=\"get_domains\"\n response=\"$(_callAPI \"$action\")\"\n _debug2 \"[KAS] -> Response\" \"$response\"\n\n if [ -z \"$response\" ]; then\n _info \"[KAS] -> Response was empty, please check manually.\"\n return 1\n elif _contains \"$response\" \"\"; then\n faultstring=\"$(echo \"$response\" | tr -d '\\n\\r' | sed \"s//\\n=> /g\" | sed \"s/<\\/faultstring>/\\n/g\" | grep \"=>\" | sed \"s/=> //g\")\"\n _err \"[KAS] -> Either no domains were found or another error =>$faultstring<= occurred, please check manually.\"\n return 1\n fi\n\n zonen=\"$(echo \"$response\" | sed 's/- /\\n/g' | sed -r 's/(.*domain_name<\\/key>)(.*)(<\\/value.*)/\\2/' | sed '/^ Zone:\" \"$_zone\"\n _debug \"[KAS] -> Domain:\" \"$domain\"\n _debug \"[KAS] -> Record_Name:\" \"$_record_name\"\n return 0\n}\n\n# Retrieve the DNS record ID\n_get_record_id() {\n action=\"get_dns_settings\"\n kasReqParam=\"\\\"zone_host\\\":\\\"$_zone\\\"\"\n response=\"$(_callAPI \"$action\" \"$kasReqParam\")\"\n _debug2 \"[KAS] -> Response\" \"$response\"\n\n if [ -z \"$response\" ]; then\n _info \"[KAS] -> Response was empty, please check manually.\"\n return 1\n elif _contains \"$response\" \"\"; then\n faultstring=\"$(echo \"$response\" | tr -d '\\n\\r' | sed \"s//\\n=> /g\" | sed \"s/<\\/faultstring>/\\n/g\" | grep \"=>\" | sed \"s/=> //g\")\"\n _err \"[KAS] -> Either no domains were found or another error =>$faultstring<= occurred, please check manually.\"\n return 1\n fi\n\n _record_id=\"$(echo \"$response\" | tr -d '\\n\\r' | sed \"s/
- /\\n/g\" | grep -i \"$_record_name\" | grep -i \">TXT<\" | sed \"s/
- record_id<\\/key>/=>/g\" | grep -i \"$_txtvalue\" | sed \"s/<\\/value><\\/item>/\\n/g\" | grep \"=>\" | sed \"s/=>//g\")\"\n _debug \"[KAS] -> Record Id: \" \"$_record_id\"\n return 0\n}\n\n# Retrieve credential token\n_get_credential_token() {\n baseParamAuth=\"\\\"kas_login\\\":\\\"$KAS_Login\\\"\"\n baseParamAuth=\"$baseParamAuth,\\\"kas_auth_type\\\":\\\"$KAS_Authtype\\\"\"\n baseParamAuth=\"$baseParamAuth,\\\"kas_auth_data\\\":\\\"$KAS_Authdata\\\"\"\n baseParamAuth=\"$baseParamAuth,\\\"session_lifetime\\\":600\"\n baseParamAuth=\"$baseParamAuth,\\\"session_update_lifetime\\\":\\\"Y\\\"\"\n\n data='{'\n data=\"$data$baseParamAuth}\"\n\n _debug \"[KAS] -> Be friendly and wait $KAS_default_ratelimit seconds by default before calling KAS API.\"\n _sleep $KAS_default_ratelimit\n\n contentType=\"text/xml\"\n export _H1=\"SOAPAction: urn:xmethodsKasApiAuthentication#KasAuth\"\n response=\"$(_post \"$data\" \"$KAS_Auth\" \"\" \"POST\" \"$contentType\")\"\n _debug2 \"[KAS] -> Response\" \"$response\"\n\n if [ -z \"$response\" ]; then\n _info \"[KAS] -> Response was empty, please check manually.\"\n return 1\n elif _contains \"$response\" \"\"; then\n faultstring=\"$(echo \"$response\" | tr -d '\\n\\r' | sed \"s//\\n=> /g\" | sed \"s/<\\/faultstring>/\\n/g\" | grep \"=>\" | sed \"s/=> //g\")\"\n _err \"[KAS] -> Could not retrieve login token or antoher error =>$faultstring<= occurred, please check manually.\"\n return 1\n fi\n\n _credential_token=\"$(echo \"$response\" | tr '\\n' ' ' | sed 's/.*return xsi:type=\"xsd:string\">\\(.*\\)<\\/return>/\\1/' | sed 's/<\\/ns1:KasAuthResponse\\(.*\\)Envelope>.*//')\"\n _debug \"[KAS] -> Credential Token: \" \"$_credential_token\"\n return 0\n}\n\n_callAPI() {\n kasaction=$1\n kasReqParams=$2\n\n baseParamAuth=\"\\\"kas_login\\\":\\\"$KAS_Login\\\"\"\n baseParamAuth=\"$baseParamAuth,\\\"kas_auth_type\\\":\\\"session\\\"\"\n baseParamAuth=\"$baseParamAuth,\\\"kas_auth_data\\\":\\\"$_credential_token\\\"\"\n\n data='{'\n data=\"$data$baseParamAuth,\\\"kas_action\\\":\\\"$kasaction\\\"\"\n if [ -n \"$kasReqParams\" ]; then\n data=\"$data,\\\"KasRequestParams\\\":{$kasReqParams}\"\n fi\n data=\"$data}\"\n\n _debug2 \"[KAS] -> Request\" \"$data\"\n\n _debug \"[KAS] -> Be friendly and wait $KAS_default_ratelimit seconds by default before calling KAS API.\"\n _sleep $KAS_default_ratelimit\n\n contentType=\"text/xml\"\n export _H1=\"SOAPAction: urn:xmethodsKasApi#KasApi\"\n response=\"$(_post \"$data\" \"$KAS_Api\" \"\" \"POST\" \"$contentType\")\"\n _debug2 \"[KAS] -> Response\" \"$response\"\n echo \"$response\"\n}\n"
},
{
"path": "dnsapi/dns_kinghost.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_kinghost_info='King.host\nDomains: KingHost.net KingHost.com.br\nSite: King.host\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_kinghost\nOptions:\n KINGHOST_Username Username\n KINGHOST_Password Password\nAuthor: Felipe Keller Braz \n'\n\n# KingHost API support #\n# https://api.kinghost.net/doc/ #\n\nKING_Api=\"https://api.kinghost.net/acme\"\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n# Used to add txt record\ndns_kinghost_add() {\n fulldomain=$1\n txtvalue=$2\n\n KINGHOST_Username=\"${KINGHOST_Username:-$(_readaccountconf_mutable KINGHOST_Username)}\"\n KINGHOST_Password=\"${KINGHOST_Password:-$(_readaccountconf_mutable KINGHOST_Password)}\"\n if [ -z \"$KINGHOST_Username\" ] || [ -z \"$KINGHOST_Password\" ]; then\n KINGHOST_Username=\"\"\n KINGHOST_Password=\"\"\n _err \"You don't specify KingHost api password and email yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable KINGHOST_Username \"$KINGHOST_Username\"\n _saveaccountconf_mutable KINGHOST_Password \"$KINGHOST_Password\"\n\n _debug \"Getting txt records\"\n _kinghost_rest GET \"dns\" \"name=$fulldomain&content=$txtvalue\"\n\n #This API call returns \"status\":\"ok\" if dns record does not exist\n #We are creating a new txt record here, so we expect the \"ok\" status\n if ! echo \"$response\" | grep '\"status\":\"ok\"' >/dev/null; then\n _err \"Error\"\n _err \"$response\"\n return 1\n fi\n\n _kinghost_rest POST \"dns\" \"name=$fulldomain&content=$txtvalue\"\n if ! echo \"$response\" | grep '\"status\":\"ok\"' >/dev/null; then\n _err \"Error\"\n _err \"$response\"\n return 1\n fi\n\n return 0\n}\n\n# Usage: fulldomain txtvalue\n# Used to remove the txt record after validation\ndns_kinghost_rm() {\n fulldomain=$1\n txtvalue=$2\n\n KINGHOST_Password=\"${KINGHOST_Password:-$(_readaccountconf_mutable KINGHOST_Password)}\"\n KINGHOST_Username=\"${KINGHOST_Username:-$(_readaccountconf_mutable KINGHOST_Username)}\"\n if [ -z \"$KINGHOST_Password\" ] || [ -z \"$KINGHOST_Username\" ]; then\n KINGHOST_Password=\"\"\n KINGHOST_Username=\"\"\n _err \"You don't specify KingHost api key and email yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n _kinghost_rest DELETE \"dns\" \"name=$fulldomain&content=$txtvalue\"\n if ! echo \"$response\" | grep '\"status\":\"ok\"' >/dev/null; then\n _err \"Error\"\n _err \"$response\"\n return 1\n fi\n\n return 0\n}\n\n#################### Private functions below ##################################\n_kinghost_rest() {\n method=$1\n uri=\"$2\"\n data=\"$3\"\n _debug \"$uri\"\n\n export _H1=\"X-Auth-Email: $KINGHOST_Username\"\n export _H2=\"X-Auth-Key: $KINGHOST_Password\"\n\n if [ \"$method\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$KING_Api/$uri.json\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$KING_Api/$uri.json?$data\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $uri\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_knot.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_knot_info='Knot Server knsupdate\nSite: www.knot-dns.cz/docs/2.5/html/man_knsupdate.html\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_knot\nOptions:\n KNOT_SERVER Server hostname. Default: \"localhost\".\n KNOT_KEY File path to TSIG key\n'\n\n# See also dns_nsupdate.sh\n\n######## Public functions #####################\n\n#Usage: dns_knot_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_knot_add() {\n fulldomain=$1\n txtvalue=$2\n _checkKey || return 1\n [ -n \"${KNOT_SERVER}\" ] || KNOT_SERVER=\"localhost\"\n # save the dns server and key to the account.conf file.\n _saveaccountconf KNOT_SERVER \"${KNOT_SERVER}\"\n _saveaccountconf KNOT_KEY \"${KNOT_KEY}\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Domain does not exist.\"\n return 1\n fi\n\n _info \"Adding ${fulldomain}. 60 TXT \\\"${txtvalue}\\\"\"\n\n knsupdate <\n'\n\n#See https://developer.leaseweb.com for more information.\n######## Public functions #####################\n\nLSW_API=\"https://api.leaseweb.com/hosting/v2/domains\"\n\n#Usage: dns_leaseweb_add _acme-challenge.www.domain.com\ndns_leaseweb_add() {\n fulldomain=$1\n txtvalue=$2\n\n LSW_Key=\"${LSW_Key:-$(_readaccountconf_mutable LSW_Key)}\"\n if [ -z \"$LSW_Key\" ]; then\n LSW_Key=\"\"\n _err \"You don't specify Leaseweb api key yet.\"\n _err \"Please create your key and try again.\"\n return 1\n fi\n\n #save the api key to the account conf file.\n _saveaccountconf_mutable LSW_Key \"$LSW_Key\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _root_domain \"$_domain\"\n _debug _domain \"$fulldomain\"\n\n if _lsw_api \"POST\" \"$_domain\" \"$fulldomain\" \"$txtvalue\"; then\n if [ \"$_code\" = \"201\" ]; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error, invalid code. Code: $_code\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_leaseweb_rm() {\n fulldomain=$1\n txtvalue=$2\n\n LSW_Key=\"${LSW_Key:-$(_readaccountconf_mutable LSW_Key)}\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _root_domain \"$_domain\"\n _debug _domain \"$fulldomain\"\n\n if _lsw_api \"DELETE\" \"$_domain\" \"$fulldomain\" \"$txtvalue\"; then\n if [ \"$_code\" = \"204\" ]; then\n _info \"Deleted, OK\"\n return 0\n else\n _err \"Delete txt record error.\"\n return 1\n fi\n fi\n _err \"Delete txt record error.\"\n\n return 1\n}\n\n#################### Private functions below ##################################\n# _acme-challenge.www.domain.com\n# returns\n# _domain=domain.com\n_get_root() {\n rdomain=$1\n i=\"$(echo \"$rdomain\" | tr '.' ' ' | wc -w)\"\n i=$(_math \"$i\" - 1)\n\n while true; do\n h=$(printf \"%s\" \"$rdomain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n return 1 #not valid domain\n fi\n\n #Check API if domain exists\n if _lsw_api \"GET\" \"$h\"; then\n if [ \"$_code\" = \"200\" ]; then\n _domain=\"$h\"\n return 0\n fi\n fi\n i=$(_math \"$i\" - 1)\n if [ \"$i\" -lt 2 ]; then\n return 1 #not found, no need to check _acme-challenge.sub.domain in leaseweb api.\n fi\n done\n\n return 1\n}\n\n_lsw_api() {\n cmd=$1\n d=$2\n fd=$3\n tvalue=$4\n\n # Construct the HTTP Authorization header\n export _H2=\"Content-Type: application/json\"\n export _H1=\"X-Lsw-Auth: ${LSW_Key}\"\n\n if [ \"$cmd\" = \"GET\" ]; then\n response=\"$(_get \"$LSW_API/$d\")\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n _debug response \"$response\"\n return 0\n fi\n\n if [ \"$cmd\" = \"POST\" ]; then\n data=\"{\\\"name\\\": \\\"$fd.\\\",\\\"type\\\": \\\"TXT\\\",\\\"content\\\": [\\\"$tvalue\\\"],\\\"ttl\\\": 60}\"\n response=\"$(_post \"$data\" \"$LSW_API/$d/resourceRecordSets\" \"$data\" \"POST\")\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n _debug response \"$response\"\n return 0\n fi\n\n if [ \"$cmd\" = \"DELETE\" ]; then\n response=\"$(_post \"\" \"$LSW_API/$d/resourceRecordSets/$fd/TXT\" \"\" \"DELETE\")\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n _debug response \"$response\"\n return 0\n fi\n\n return 1\n}\n"
},
{
"path": "dnsapi/dns_lexicon.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_lexicon_info='Lexicon DNS client\nSite: github.com/AnalogJ/lexicon\nDocs: github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-DNS-API\nOptions:\n PROVIDER Provider\n'\n\nlexicon_cmd=\"lexicon\"\n\nwiki=\"https://github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-dns-api\"\n\n_lexicon_init() {\n if ! _exists \"$lexicon_cmd\"; then\n _err \"Please install $lexicon_cmd first: $wiki\"\n return 1\n fi\n\n PROVIDER=\"${PROVIDER:-$(_readdomainconf PROVIDER)}\"\n if [ -z \"$PROVIDER\" ]; then\n PROVIDER=\"\"\n _err \"Please define env PROVIDER first: $wiki\"\n return 1\n fi\n\n _savedomainconf PROVIDER \"$PROVIDER\"\n export PROVIDER\n\n # e.g. busybox-ash does not know [:upper:]\n # shellcheck disable=SC2018,SC2019\n Lx_name=$(echo LEXICON_\"${PROVIDER}\"_USERNAME | tr 'a-z' 'A-Z')\n eval \"$Lx_name=\\${$Lx_name:-$(_readaccountconf_mutable \"$Lx_name\")}\"\n Lx_name_v=$(eval echo \\$\"$Lx_name\")\n _secure_debug \"$Lx_name\" \"$Lx_name_v\"\n if [ \"$Lx_name_v\" ]; then\n _saveaccountconf_mutable \"$Lx_name\" \"$Lx_name_v\"\n eval export \"$Lx_name\"\n fi\n\n # shellcheck disable=SC2018,SC2019\n Lx_token=$(echo LEXICON_\"${PROVIDER}\"_TOKEN | tr 'a-z' 'A-Z')\n eval \"$Lx_token=\\${$Lx_token:-$(_readaccountconf_mutable \"$Lx_token\")}\"\n Lx_token_v=$(eval echo \\$\"$Lx_token\")\n _secure_debug \"$Lx_token\" \"$Lx_token_v\"\n if [ \"$Lx_token_v\" ]; then\n _saveaccountconf_mutable \"$Lx_token\" \"$Lx_token_v\"\n eval export \"$Lx_token\"\n fi\n\n # shellcheck disable=SC2018,SC2019\n Lx_password=$(echo LEXICON_\"${PROVIDER}\"_PASSWORD | tr 'a-z' 'A-Z')\n eval \"$Lx_password=\\${$Lx_password:-$(_readaccountconf_mutable \"$Lx_password\")}\"\n Lx_password_v=$(eval echo \\$\"$Lx_password\")\n _secure_debug \"$Lx_password\" \"$Lx_password_v\"\n if [ \"$Lx_password_v\" ]; then\n _saveaccountconf_mutable \"$Lx_password\" \"$Lx_password_v\"\n eval export \"$Lx_password\"\n fi\n\n # shellcheck disable=SC2018,SC2019\n Lx_domaintoken=$(echo LEXICON_\"${PROVIDER}\"_DOMAINTOKEN | tr 'a-z' 'A-Z')\n eval \"$Lx_domaintoken=\\${$Lx_domaintoken:-$(_readaccountconf_mutable \"$Lx_domaintoken\")}\"\n Lx_domaintoken_v=$(eval echo \\$\"$Lx_domaintoken\")\n _secure_debug \"$Lx_domaintoken\" \"$Lx_domaintoken_v\"\n if [ \"$Lx_domaintoken_v\" ]; then\n _saveaccountconf_mutable \"$Lx_domaintoken\" \"$Lx_domaintoken_v\"\n eval export \"$Lx_domaintoken\"\n fi\n\n # shellcheck disable=SC2018,SC2019\n Lx_api_key=$(echo LEXICON_\"${PROVIDER}\"_API_KEY | tr 'a-z' 'A-Z')\n eval \"$Lx_api_key=\\${$Lx_api_key:-$(_readaccountconf_mutable \"$Lx_api_key\")}\"\n Lx_api_key_v=$(eval echo \\$\"$Lx_api_key\")\n _secure_debug \"$Lx_api_key\" \"$Lx_api_key_v\"\n if [ \"$Lx_api_key_v\" ]; then\n _saveaccountconf_mutable \"$Lx_api_key\" \"$Lx_api_key_v\"\n eval export \"$Lx_api_key\"\n fi\n}\n\n######## Public functions #####################\n\n#Usage: dns_lexicon_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_lexicon_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _lexicon_init; then\n return 1\n fi\n\n domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 2-999)\n\n _secure_debug LEXICON_OPTS \"$LEXICON_OPTS\"\n _savedomainconf LEXICON_OPTS \"$LEXICON_OPTS\"\n\n # shellcheck disable=SC2086\n $lexicon_cmd \"$PROVIDER\" $LEXICON_OPTS create \"${domain}\" TXT --name=\"_acme-challenge.${domain}.\" --content=\"${txtvalue}\" --output QUIET\n\n}\n\n#Usage: dns_lexicon_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_lexicon_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _lexicon_init; then\n return 1\n fi\n\n domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 2-999)\n\n # shellcheck disable=SC2086\n $lexicon_cmd \"$PROVIDER\" $LEXICON_OPTS delete \"${domain}\" TXT --name=\"_acme-challenge.${domain}.\" --content=\"${txtvalue}\" --output QUIET\n\n}\n"
},
{
"path": "dnsapi/dns_limacity.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_limacity_info='lima-city.de\nSite: www.lima-city.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_limacity\nOptions:\n LIMACITY_APIKEY API Key. Note: The API Key must have following roles: dns.admin, domains.reader\nIssues: github.com/acmesh-official/acme.sh/issues/4758\nAuthor: @Laraveluser\n'\n\n######## Public functions #####################\n\nLIMACITY_APIKEY=\"${LIMACITY_APIKEY:-$(_readaccountconf_mutable LIMACITY_APIKEY)}\"\nAUTH=$(printf \"%s\" \"api:$LIMACITY_APIKEY\" | _base64 -w 0)\nexport _H1=\"Authorization: Basic $AUTH\"\nexport _H2=\"Content-Type: application/json\"\nAPIBASE=https://www.lima-city.de/usercp\n\n#Usage: dns_limacity_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_limacity_add() {\n _debug LIMACITY_APIKEY \"$LIMACITY_APIKEY\"\n if [ \"$LIMACITY_APIKEY\" = \"\" ]; then\n _err \"No Credentials given\"\n return 1\n fi\n\n # save the dns server and key to the account conf file.\n _saveaccountconf_mutable LIMACITY_APIKEY \"${LIMACITY_APIKEY}\"\n\n fulldomain=$1\n txtvalue=$2\n if ! _lima_get_domain_id \"$fulldomain\"; then return 1; fi\n\n msg=$(_post \"{\\\"nameserver_record\\\":{\\\"name\\\":\\\"${fulldomain}\\\",\\\"type\\\":\\\"TXT\\\",\\\"content\\\":\\\"${txtvalue}\\\",\\\"ttl\\\":60}}\" \"${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json\" \"\" \"POST\")\n _debug \"$msg\"\n\n if [ \"$(echo \"$msg\" | _egrep_o \"\\\"status\\\":\\\"ok\\\"\")\" = \"\" ]; then\n _err \"$msg\"\n return 1\n fi\n\n return 0\n}\n\n#Usage: dns_limacity_rm _acme-challenge.www.domain.com\ndns_limacity_rm() {\n\n fulldomain=$1\n txtvalue=$2\n if ! _lima_get_domain_id \"$fulldomain\"; then return 1; fi\n\n for recordId in $(_get \"${APIBASE}/domains/${LIMACITY_DOMAINID}/records.json\" | _egrep_o \"{\\\"id\\\":[0-9]*[^}]*,\\\"name\\\":\\\"${fulldomain}\\\"\" | _egrep_o \"[0-9]*\"); do\n _post \"\" \"${APIBASE}/domains/${LIMACITY_DOMAINID}/records/${recordId}\" \"\" \"DELETE\"\n done\n\n return 0\n}\n\n#################### Private functions below ##################################\n\n_lima_get_domain_id() {\n domain=\"$1\"\n _debug \"$domain\"\n i=2\n p=1\n\n domains=$(_get \"${APIBASE}/domains.json\")\n if [ \"$(echo \"$domains\" | _egrep_o \"\\{.*\"\"domains\"\"\")\" ]; then\n response=\"$(echo \"$domains\" | tr -d \"\\n\" | tr '{' \"|\" | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n hostedzone=\"$(echo \"$response\" | _egrep_o \"\\{.*\"\"unicode_fqdn\"\"[^,]+\"\"$h\"\".*\\}\")\"\n if [ \"$hostedzone\" ]; then\n LIMACITY_DOMAINID=$(printf \"%s\\n\" \"$hostedzone\" | _egrep_o \"\\\"id\\\":\\s*[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"$LIMACITY_DOMAINID\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n fi\n return 1\n}\n"
},
{
"path": "dnsapi/dns_linode.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_linode_info='Linode.com (Old)\n Deprecated. Use dns_linode_v4\nSite: Linode.com\nOptions:\n LINODE_API_KEY API Key\nAuthor: Philipp Grosswiler \n'\n\nLINODE_API_URL=\"https://api.linode.com/?api_key=$LINODE_API_KEY&api_action=\"\n\n######## Public functions #####################\n\n#Usage: dns_linode_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_linode_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n\n if ! _Linode_API; then\n return 1\n fi\n\n _info \"Using Linode\"\n _debug \"Calling: dns_linode_add() '${fulldomain}' '${txtvalue}'\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Domain does not exist.\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _parameters=\"&DomainID=$_domain_id&Type=TXT&Name=$_sub_domain&Target=$txtvalue\"\n\n if _rest GET \"domain.resource.create\" \"$_parameters\" && [ -n \"$response\" ]; then\n _resource_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"ResourceID\\\":\\s*[0-9]+\" | cut -d : -f 2 | tr -d \" \" | _head_n 1)\n _debug _resource_id \"$_resource_id\"\n\n if [ -z \"$_resource_id\" ]; then\n _err \"Error adding the domain resource.\"\n return 1\n fi\n\n _info \"Domain resource successfully added.\"\n return 0\n fi\n\n return 1\n}\n\n#Usage: dns_linode_rm _acme-challenge.www.domain.com\ndns_linode_rm() {\n fulldomain=\"${1}\"\n\n if ! _Linode_API; then\n return 1\n fi\n\n _info \"Using Linode\"\n _debug \"Calling: dns_linode_rm() '${fulldomain}'\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Domain does not exist.\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _parameters=\"&DomainID=$_domain_id\"\n\n if _rest GET \"domain.resource.list\" \"$_parameters\" && [ -n \"$response\" ]; then\n response=\"$(echo \"$response\" | tr -d \"\\n\" | tr '{' \"|\" | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n\n resource=\"$(echo \"$response\" | _egrep_o \"{.*\\\"NAME\\\":\\s*\\\"$_sub_domain\\\".*}\")\"\n if [ \"$resource\" ]; then\n _resource_id=$(printf \"%s\\n\" \"$resource\" | _egrep_o \"\\\"RESOURCEID\\\":\\s*[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"$_resource_id\" ]; then\n _debug _resource_id \"$_resource_id\"\n\n _parameters=\"&DomainID=$_domain_id&ResourceID=$_resource_id\"\n\n if _rest GET \"domain.resource.delete\" \"$_parameters\" && [ -n \"$response\" ]; then\n _resource_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"ResourceID\\\":\\s*[0-9]+\" | cut -d : -f 2 | tr -d \" \" | _head_n 1)\n _debug _resource_id \"$_resource_id\"\n\n if [ -z \"$_resource_id\" ]; then\n _err \"Error deleting the domain resource.\"\n return 1\n fi\n\n _info \"Domain resource successfully deleted.\"\n return 0\n fi\n fi\n\n return 1\n fi\n\n return 0\n fi\n\n return 1\n}\n\n#################### Private functions below ##################################\n\n_Linode_API() {\n if [ -z \"$LINODE_API_KEY\" ]; then\n LINODE_API_KEY=\"\"\n\n _err \"You didn't specify the Linode API key yet.\"\n _err \"Please create your key and try again.\"\n\n return 1\n fi\n\n _saveaccountconf LINODE_API_KEY \"$LINODE_API_KEY\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=12345\n_get_root() {\n domain=$1\n i=2\n p=1\n\n if _rest GET \"domain.list\"; then\n response=\"$(echo \"$response\" | tr -d \"\\n\" | tr '{' \"|\" | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n hostedzone=\"$(echo \"$response\" | _egrep_o \"{.*\\\"DOMAIN\\\":\\s*\\\"$h\\\".*}\")\"\n if [ \"$hostedzone\" ]; then\n _domain_id=$(printf \"%s\\n\" \"$hostedzone\" | _egrep_o \"\\\"DOMAINID\\\":\\s*[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n fi\n return 1\n}\n\n#method method action data\n_rest() {\n mtd=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n\n _debug mtd \"$mtd\"\n _debug ep \"$ep\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$mtd\" != \"GET\" ]; then\n # both POST and DELETE.\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$LINODE_API_URL$ep\" \"\" \"$mtd\")\"\n else\n response=\"$(_get \"$LINODE_API_URL$ep$data\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_linode_v4.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_linode_v4_info='Linode.com\nSite: Linode.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4\nOptions:\n LINODE_V4_API_KEY API Key\nAuthor: Philipp Grosswiler , Aaron W. Swenson \n'\n\nLINODE_V4_API_URL=\"https://api.linode.com/v4/domains\"\n\n######## Public functions #####################\n\n#Usage: dns_linode_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_linode_v4_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n\n if ! _Linode_API; then\n return 1\n fi\n\n _info \"Using Linode\"\n _debug \"Calling: dns_linode_add() '${fulldomain}' '${txtvalue}'\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Domain does not exist.\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _payload=\"{\n \\\"type\\\": \\\"TXT\\\",\n \\\"name\\\": \\\"$_sub_domain\\\",\n \\\"target\\\": \\\"$txtvalue\\\",\n \\\"ttl_sec\\\": 300\n }\"\n\n if _rest POST \"/$_domain_id/records\" \"$_payload\" && [ -n \"$response\" ]; then\n _resource_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\": *[0-9]+\" | cut -d : -f 2 | tr -d \" \" | _head_n 1)\n _debug _resource_id \"$_resource_id\"\n\n if [ -z \"$_resource_id\" ]; then\n _err \"Error adding the domain resource.\"\n return 1\n fi\n\n _info \"Domain resource successfully added.\"\n return 0\n fi\n\n return 1\n}\n\n#Usage: dns_linode_rm _acme-challenge.www.domain.com\ndns_linode_v4_rm() {\n fulldomain=\"${1}\"\n\n if ! _Linode_API; then\n return 1\n fi\n\n _info \"Using Linode\"\n _debug \"Calling: dns_linode_rm() '${fulldomain}'\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Domain does not exist.\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if _H4=\"X-Filter: { \\\"type\\\": \\\"TXT\\\", \\\"name\\\": \\\"$_sub_domain\\\" }\" _rest GET \"/$_domain_id/records\" && [ -n \"$response\" ]; then\n response=\"$(echo \"$response\" | tr -d \"\\n\" | tr '{' \"|\" | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n\n resource=\"$(echo \"$response\" | _egrep_o \"\\{.*\\\"name\\\": *\\\"$_sub_domain\\\".*}\")\"\n if [ \"$resource\" ]; then\n _resource_id=$(printf \"%s\\n\" \"$resource\" | _egrep_o \"\\\"id\\\": *[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"$_resource_id\" ]; then\n _debug _resource_id \"$_resource_id\"\n\n if _rest DELETE \"/$_domain_id/records/$_resource_id\" && [ -n \"$response\" ]; then\n # On 200/OK, empty set is returned. Check for error, if any.\n _error_response=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"errors\\\"\" | cut -d : -f 2 | tr -d \" \" | _head_n 1)\n\n if [ -n \"$_error_response\" ]; then\n _err \"Error deleting the domain resource: $_error_response\"\n return 1\n fi\n\n _info \"Domain resource successfully deleted.\"\n return 0\n fi\n fi\n\n return 1\n fi\n\n return 0\n fi\n\n return 1\n}\n\n#################### Private functions below ##################################\n\n_Linode_API() {\n LINODE_V4_API_KEY=\"${LINODE_V4_API_KEY:-$(_readaccountconf_mutable LINODE_V4_API_KEY)}\"\n if [ -z \"$LINODE_V4_API_KEY\" ]; then\n LINODE_V4_API_KEY=\"\"\n\n _err \"You didn't specify the Linode v4 API key yet.\"\n _err \"Please create your key and try again.\"\n\n return 1\n fi\n\n _saveaccountconf_mutable LINODE_V4_API_KEY \"$LINODE_V4_API_KEY\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=12345\n_get_root() {\n full_host_str=\"$1\"\n\n i=2\n p=1\n while true; do\n # loop through the received string (e.g. _acme-challenge.sub3.sub2.sub1.domain.tld),\n # starting from the lowest subdomain, and check if it's a hosted domain\n tst_hosted_domain=$(printf \"%s\" \"$full_host_str\" | cut -d . -f \"$i\"-100)\n _debug tst_hosted_domain \"$tst_hosted_domain\"\n if [ -z \"$tst_hosted_domain\" ]; then\n #not valid\n _err \"Couldn't get domain from string '$full_host_str'.\"\n return 1\n fi\n\n _debug \"Querying Linode APIv4 for hosted zone: $tst_hosted_domain\"\n if _H4=\"X-Filter: {\\\"domain\\\":\\\"$tst_hosted_domain\\\"}\" _rest GET; then\n _debug \"Got response from API: $response\"\n response=\"$(echo \"$response\" | tr -d \"\\n\" | tr '{' \"|\" | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n hostedzone=\"$(echo \"$response\" | _egrep_o \"\\{.*\\\"domain\\\": *\\\"$tst_hosted_domain\\\".*}\")\"\n if [ \"$hostedzone\" ]; then\n _domain_id=$(printf \"%s\\n\" \"$hostedzone\" | _egrep_o \"\\\"id\\\": *[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n _debug \"Found domain hosted on Linode DNS. Zone: $tst_hosted_domain, id: $_domain_id\"\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$full_host_str\" | cut -d . -f 1-\"$p\")\n _domain=$tst_hosted_domain\n return 0\n fi\n return 1\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n fi\n done\n\n return 1\n}\n\n#method method action data\n_rest() {\n mtd=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n\n _debug mtd \"$mtd\"\n _debug ep \"$ep\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Content-Type: application/json\"\n export _H3=\"Authorization: Bearer $LINODE_V4_API_KEY\"\n\n if [ \"$mtd\" != \"GET\" ]; then\n # both POST and DELETE.\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$LINODE_V4_API_URL$ep\" \"\" \"$mtd\")\"\n else\n response=\"$(_get \"$LINODE_V4_API_URL$ep$data\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_loopia.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_loopia_info='Loopia.se\nSite: Loopia.se\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_loopia\nOptions:\n LOOPIA_Api API URL. E.g. \"https://api.loopia./RPCSERV\" where the is one of: com, no, rs, se. Default: \"se\".\n LOOPIA_User Username\n LOOPIA_Password Password\n'\n\nLOOPIA_Api_Default=\"https://api.loopia.se/RPCSERV\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_loopia_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _loopia_load_config; then\n return 1\n fi\n\n _loopia_save_config\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n\n if ! _loopia_add_sub_domain \"$_domain\" \"$_sub_domain\"; then\n return 1\n fi\n if ! _loopia_add_record \"$_domain\" \"$_sub_domain\" \"$txtvalue\"; then\n return 1\n fi\n\n}\n\ndns_loopia_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _loopia_load_config; then\n return 1\n fi\n\n _loopia_save_config\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n xml_content=$(printf '\n \n removeSubdomain\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n ' \"$LOOPIA_User\" \"$Encoded_Password\" \"$_domain\" \"$_sub_domain\")\n\n response=\"$(_post \"$xml_content\" \"$LOOPIA_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"OK\"; then\n err_response=$(echo \"$response\" | sed 's/.*\\(.*\\)<\\/string>.*/\\1/')\n _err \"Error could not get txt records: $err_response\"\n return 1\n fi\n}\n\n#################### Private functions below ##################################\n\n_loopia_load_config() {\n LOOPIA_Api=\"${LOOPIA_Api:-$(_readaccountconf_mutable LOOPIA_Api)}\"\n LOOPIA_User=\"${LOOPIA_User:-$(_readaccountconf_mutable LOOPIA_User)}\"\n LOOPIA_Password=\"${LOOPIA_Password:-$(_readaccountconf_mutable LOOPIA_Password)}\"\n\n if [ -z \"$LOOPIA_Api\" ]; then\n LOOPIA_Api=\"$LOOPIA_Api_Default\"\n fi\n\n if [ -z \"$LOOPIA_User\" ] || [ -z \"$LOOPIA_Password\" ]; then\n LOOPIA_User=\"\"\n LOOPIA_Password=\"\"\n\n _err \"A valid Loopia API user and password not provided.\"\n _err \"Please provide a valid API user and try again.\"\n\n return 1\n fi\n\n if _contains \"$LOOPIA_Password\" \"'\" || _contains \"$LOOPIA_Password\" '\"'; then\n _err \"Password contains a quotation mark or double quotation marks and this is not supported by dns_loopia.sh\"\n return 1\n fi\n\n Encoded_Password=$(_xml_encode \"$LOOPIA_Password\")\n return 0\n}\n\n_loopia_save_config() {\n if [ \"$LOOPIA_Api\" != \"$LOOPIA_Api_Default\" ]; then\n _saveaccountconf_mutable LOOPIA_Api \"$LOOPIA_Api\"\n fi\n _saveaccountconf_mutable LOOPIA_User \"$LOOPIA_User\"\n _saveaccountconf_mutable LOOPIA_Password \"$LOOPIA_Password\"\n}\n\n_loopia_get_records() {\n domain=$1\n sub_domain=$2\n\n xml_content=$(printf '\n \n getZoneRecords\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n ' \"$LOOPIA_User\" \"$Encoded_Password\" \"$domain\" \"$sub_domain\")\n\n response=\"$(_post \"$xml_content\" \"$LOOPIA_Api\" \"\" \"POST\")\"\n if ! _contains \"$response\" \"\"; then\n err_response=$(echo \"$response\" | sed 's/.*\\(.*\\)<\\/string>.*/\\1/')\n _err \"Error: $err_response\"\n return 1\n fi\n return 0\n}\n\n_get_root() {\n domain=$1\n _debug \"get root\"\n\n domain=$1\n i=2\n p=1\n\n xml_content=$(printf '\n \n getDomains\n \n \n %s\n \n \n %s\n \n \n ' \"$LOOPIA_User\" \"$Encoded_Password\")\n\n response=\"$(_post \"$xml_content\" \"$LOOPIA_Api\" \"\" \"POST\")\"\n while true; do\n h=$(echo \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"$h\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n\n}\n\n_loopia_add_record() {\n domain=$1\n sub_domain=$2\n txtval=$3\n\n xml_content=$(printf '\n \n addZoneRecord\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n \n \n \n type\n TXT\n \n \n priority\n 0\n \n \n ttl\n 300\n \n \n rdata\n %s\n \n \n \n \n \n ' \"$LOOPIA_User\" \"$Encoded_Password\" \"$domain\" \"$sub_domain\" \"$txtval\")\n\n response=\"$(_post \"$xml_content\" \"$LOOPIA_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"OK\"; then\n err_response=$(echo \"$response\" | sed 's/.*\\(.*\\)<\\/string>.*/\\1/')\n _err \"Error: $err_response\"\n return 1\n fi\n return 0\n}\n\n_sub_domain_exists() {\n domain=$1\n sub_domain=$2\n\n xml_content=$(printf '\n \n getSubdomains\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n ' \"$LOOPIA_User\" \"$Encoded_Password\" \"$domain\")\n\n response=\"$(_post \"$xml_content\" \"$LOOPIA_Api\" \"\" \"POST\")\"\n\n if _contains \"$response\" \"$sub_domain\"; then\n return 0\n fi\n return 1\n}\n\n_loopia_add_sub_domain() {\n domain=$1\n sub_domain=$2\n\n if _sub_domain_exists \"$domain\" \"$sub_domain\"; then\n return 0\n fi\n\n xml_content=$(printf '\n \n addSubdomain\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n %s\n \n \n ' \"$LOOPIA_User\" \"$Encoded_Password\" \"$domain\" \"$sub_domain\")\n\n response=\"$(_post \"$xml_content\" \"$LOOPIA_Api\" \"\" \"POST\")\"\n\n if ! _contains \"$response\" \"OK\"; then\n err_response=$(echo \"$response\" | sed 's/.*\\(.*\\)<\\/string>.*/\\1/')\n _err \"Error: $err_response\"\n return 1\n fi\n return 0\n}\n\n_xml_encode() {\n encoded_string=$1\n encoded_string=$(echo \"$encoded_string\" | sed 's/&/\\&/')\n encoded_string=$(echo \"$encoded_string\" | sed 's//\\>/')\n printf \"%s\" \"$encoded_string\"\n}\n"
},
{
"path": "dnsapi/dns_lua.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_lua_info='LuaDNS.com\nDomains: LuaDNS.net\nSite: LuaDNS.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_lua\nOptions:\n LUA_Key API key\n LUA_Email Email\nAuthor: \n'\n\nLUA_Api=\"https://api.luadns.com/v1\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_lua_add() {\n fulldomain=$1\n txtvalue=$2\n\n LUA_Key=\"${LUA_Key:-$(_readaccountconf_mutable LUA_Key)}\"\n LUA_Email=\"${LUA_Email:-$(_readaccountconf_mutable LUA_Email)}\"\n LUA_auth=$(printf \"%s\" \"$LUA_Email:$LUA_Key\" | _base64)\n\n if [ -z \"$LUA_Key\" ] || [ -z \"$LUA_Email\" ]; then\n LUA_Key=\"\"\n LUA_Email=\"\"\n _err \"You don't specify luadns api key and email yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable LUA_Key \"$LUA_Key\"\n _saveaccountconf_mutable LUA_Email \"$LUA_Email\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n if _LUA_rest POST \"zones/$_domain_id/records\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$fulldomain.\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":120}\"; then\n if _contains \"$response\" \"$fulldomain\"; then\n _info \"Added\"\n #todo: check if the record takes effect\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n}\n\n#fulldomain\ndns_lua_rm() {\n fulldomain=$1\n txtvalue=$2\n\n LUA_Key=\"${LUA_Key:-$(_readaccountconf_mutable LUA_Key)}\"\n LUA_Email=\"${LUA_Email:-$(_readaccountconf_mutable LUA_Email)}\"\n LUA_auth=$(printf \"%s\" \"$LUA_Email:$LUA_Key\" | _base64)\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _LUA_rest GET \"zones/${_domain_id}/records\"\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"name\\\":\\\"$fulldomain.\\\",\\\"type\\\":\\\"TXT\\\"\" | wc -l | tr -d \" \")\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n record_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":[^,]*,\\\"name\\\":\\\"$fulldomain.\\\",\\\"type\\\":\\\"TXT\\\"\" | _head_n 1 | cut -d: -f2 | cut -d, -f1)\n _debug \"record_id\" \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if ! _LUA_rest DELETE \"/zones/$_domain_id/records/$record_id\"; then\n _err \"Delete record error.\"\n return 1\n fi\n _contains \"$response\" \"$record_id\"\n fi\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n if ! _LUA_rest GET \"zones\"; then\n return 1\n fi\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\"; then\n _domain_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"id\\\":[^,]*,\\\"name\\\":\\\"$h\\\"\" | cut -d : -f 2 | cut -d , -f 1)\n _debug _domain_id \"$_domain_id\"\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_LUA_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Authorization: Basic $LUA_auth\"\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$LUA_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$LUA_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_maradns.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_maradns_info='MaraDNS Server\nSite: MaraDNS.samiam.org\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_maradns\nOptions:\n MARA_ZONE_FILE Zone file path. E.g. \"/etc/maradns/db.domain.com\"\n MARA_DUENDE_PID_PATH Duende PID Path. E.g. \"/run/maradns/etc_maradns_mararc.pid\"\nIssues: github.com/acmesh-official/acme.sh/issues/2072\n'\n\n#Usage: dns_maradns_add _acme-challenge.www.domain.com \"token\"\ndns_maradns_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n MARA_ZONE_FILE=\"${MARA_ZONE_FILE:-$(_readaccountconf_mutable MARA_ZONE_FILE)}\"\n MARA_DUENDE_PID_PATH=\"${MARA_DUENDE_PID_PATH:-$(_readaccountconf_mutable MARA_DUENDE_PID_PATH)}\"\n\n _check_zone_file \"$MARA_ZONE_FILE\" || return 1\n _check_duende_pid_path \"$MARA_DUENDE_PID_PATH\" || return 1\n\n _saveaccountconf_mutable MARA_ZONE_FILE \"$MARA_ZONE_FILE\"\n _saveaccountconf_mutable MARA_DUENDE_PID_PATH \"$MARA_DUENDE_PID_PATH\"\n\n printf \"%s. TXT '%s' ~\\n\" \"$fulldomain\" \"$txtvalue\" >>\"$MARA_ZONE_FILE\"\n _reload_maradns \"$MARA_DUENDE_PID_PATH\" || return 1\n}\n\n#Usage: dns_maradns_rm _acme-challenge.www.domain.com \"token\"\ndns_maradns_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n MARA_ZONE_FILE=\"${MARA_ZONE_FILE:-$(_readaccountconf_mutable MARA_ZONE_FILE)}\"\n MARA_DUENDE_PID_PATH=\"${MARA_DUENDE_PID_PATH:-$(_readaccountconf_mutable MARA_DUENDE_PID_PATH)}\"\n\n _check_zone_file \"$MARA_ZONE_FILE\" || return 1\n _check_duende_pid_path \"$MARA_DUENDE_PID_PATH\" || return 1\n\n _saveaccountconf_mutable MARA_ZONE_FILE \"$MARA_ZONE_FILE\"\n _saveaccountconf_mutable MARA_DUENDE_PID_PATH \"$MARA_DUENDE_PID_PATH\"\n\n _sed_i \"/^$fulldomain.\\+TXT '$txtvalue' ~/d\" \"$MARA_ZONE_FILE\"\n _reload_maradns \"$MARA_DUENDE_PID_PATH\" || return 1\n}\n\n_check_zone_file() {\n zonefile=\"$1\"\n if [ -z \"$zonefile\" ]; then\n _err \"MARA_ZONE_FILE not passed!\"\n return 1\n elif [ ! -w \"$zonefile\" ]; then\n _err \"MARA_ZONE_FILE not writable: $zonefile\"\n return 1\n fi\n}\n\n_check_duende_pid_path() {\n pidpath=\"$1\"\n if [ -z \"$pidpath\" ]; then\n _err \"MARA_DUENDE_PID_PATH not passed!\"\n return 1\n fi\n if [ ! -r \"$pidpath\" ]; then\n _err \"MARA_DUENDE_PID_PATH not readable: $pidpath\"\n return 1\n fi\n}\n\n_reload_maradns() {\n pidpath=\"$1\"\n kill -s HUP -- \"$(cat \"$pidpath\")\"\n if [ $? -ne 0 ]; then\n _err \"Unable to reload MaraDNS, kill returned\"\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_me.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_me_info='DnsMadeEasy.com\nSite: DnsMadeEasy.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_me\nOptions:\n ME_Key API Key\n ME_Secret API Secret\nAuthor: \n'\n\nME_Api=https://api.dnsmadeeasy.com/V2.0/dns/managed\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_me_add() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$ME_Key\" ] || [ -z \"$ME_Secret\" ]; then\n ME_Key=\"\"\n ME_Secret=\"\"\n _err \"You didn't specify DNSMadeEasy api key and secret yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf ME_Key \"$ME_Key\"\n _saveaccountconf ME_Secret \"$ME_Secret\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _me_rest GET \"${_domain_id}/records?recordName=$_sub_domain&type=TXT\"\n\n if ! _contains \"$response\" \"\\\"totalRecords\\\":\"; then\n _err \"Error\"\n return 1\n fi\n\n _info \"Adding record\"\n if _me_rest POST \"$_domain_id/records/\" \"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"value\\\":\\\"$txtvalue\\\",\\\"gtdLocation\\\":\\\"DEFAULT\\\",\\\"ttl\\\":120}\"; then\n if printf -- \"%s\" \"$response\" | grep \\\"id\\\": >/dev/null; then\n _info \"Added\"\n #todo: check if the record takes effect\n return 0\n elif printf -- \"%s\" \"$response\" | grep -q \"already exists\"; then\n _info \"Record already exists, skipping.\"\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n\n}\n\n#fulldomain\ndns_me_rm() {\n fulldomain=$1\n txtvalue=$2\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _me_rest GET \"${_domain_id}/records?recordName=$_sub_domain&type=TXT\"\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"totalRecords\\\":[^,]*\" | cut -d : -f 2)\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n record_id=$(printf \"%s\\n\" \"$response\" | _egrep_o \",\\\"value\\\":\\\"..$txtvalue..\\\",\\\"id\\\":[^,]*\" | cut -d : -f 3 | head -n 1)\n _debug \"record_id\" \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if ! _me_rest DELETE \"$_domain_id/records/$record_id\"; then\n _err \"Delete record error.\"\n return 1\n fi\n _contains \"$response\" ''\n fi\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _me_rest GET \"name?domainname=$h\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\"; then\n _domain_id=$(printf \"%s\\n\" \"$response\" | sed 's/^{//; s/}$//; s/{.*}//' | sed -r 's/^.*\"id\":([0-9]+).*$/\\1/')\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_me_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n cdate=$(LANG=C date -u +\"%a, %d %b %Y %T %Z\")\n hmac=$(printf \"%s\" \"$cdate\" | _hmac sha1 \"$(printf \"%s\" \"$ME_Secret\" | _hex_dump | tr -d \" \")\" hex)\n\n export _H1=\"x-dnsme-apiKey: $ME_Key\"\n export _H2=\"x-dnsme-requestDate: $cdate\"\n export _H3=\"x-dnsme-hmac: $hmac\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$ME_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$ME_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_mgwm.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_mgwm_info='mgw-media.de\nSite: mgw-media.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mgwm\nOptions:\n MGWM_CUSTOMER Your customer number\n MGWM_API_HASH Your API Hash\nIssues: github.com/acmesh-official/acme.sh/issues/6669\n'\n# Base URL for the mgw-media.de API\nMGWM_API_BASE=\"https://api.mgw-media.de/record\"\n\n######## Public functions #####################\n\n# This function is called by acme.sh to add a TXT record.\ndns_mgwm_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using mgw-media.de DNS API for domain $fulldomain (add record)\"\n _debug \"fulldomain: $fulldomain\"\n _debug \"txtvalue: $txtvalue\"\n\n # Call the new private function to handle the API request.\n # The 'add' action, fulldomain, type 'txt' and txtvalue are passed.\n if _mgwm_request \"add\" \"$fulldomain\" \"txt\" \"$txtvalue\"; then\n _info \"TXT record for $fulldomain successfully added via mgw-media.de API.\"\n _sleep 10 # Wait briefly for DNS propagation, a common practice in DNS-01 hooks.\n return 0\n else\n # Error message already logged by _mgwm_request, but a specific one here helps.\n _err \"mgwm_add: Failed to add TXT record for $fulldomain.\"\n return 1\n fi\n}\n# This function is called by acme.sh to remove a TXT record after validation.\ndns_mgwm_rm() {\n fulldomain=$1\n txtvalue=$2 # This txtvalue is now used to identify the specific record to be removed.\n _info \"Removing TXT record for $fulldomain using mgw-media.de DNS API (remove record)\"\n _debug \"fulldomain: $fulldomain\"\n _debug \"txtvalue: $txtvalue\"\n\n # Call the new private function to handle the API request.\n # The 'rm' action, fulldomain, type 'txt' and txtvalue are passed.\n if _mgwm_request \"rm\" \"$fulldomain\" \"txt\" \"$txtvalue\"; then\n _info \"TXT record for $fulldomain successfully removed via mgw-media.de API.\"\n return 0\n else\n # Error message already logged by _mgwm_request, but a specific one here helps.\n _err \"mgwm_rm: Failed to remove TXT record for $fulldomain.\"\n return 1\n fi\n}\n#################### Private functions below ##################################\n\n# _mgwm_request() encapsulates the API call logic, including\n# loading credentials, setting the Authorization header, and executing the request.\n# Arguments:\n# $1: action (e.g., \"add\", \"rm\")\n# $2: fulldomain\n# $3: type (e.g., \"txt\")\n# $4: content (the txtvalue)\n_mgwm_request() {\n _action=\"$1\"\n _fulldomain=\"$2\"\n _type=\"$3\"\n _content=\"$4\"\n\n _debug \"Calling _mgwm_request for action: $_action, domain: $_fulldomain, type: $_type, content: $_content\"\n\n # Load credentials from environment or acme.sh config\n MGWM_CUSTOMER=\"${MGWM_CUSTOMER:-$(_readaccountconf_mutable MGWM_CUSTOMER)}\"\n MGWM_API_HASH=\"${MGWM_API_HASH:-$(_readaccountconf_mutable MGWM_API_HASH)}\"\n\n # Check if credentials are set\n if [ -z \"$MGWM_CUSTOMER\" ] || [ -z \"$MGWM_API_HASH\" ]; then\n _err \"You didn't specify one or more of MGWM_CUSTOMER or MGWM_API_HASH.\"\n _err \"Please check these environment variables and try again.\"\n return 1\n fi\n\n # Save credentials for automatic renewal and future calls\n _saveaccountconf_mutable MGWM_CUSTOMER \"$MGWM_CUSTOMER\"\n _saveaccountconf_mutable MGWM_API_HASH \"$MGWM_API_HASH\"\n\n # Create the Basic Auth Header. acme.sh's _base64 function is used for encoding.\n _credentials=\"$(printf \"%s:%s\" \"$MGWM_CUSTOMER\" \"$MGWM_API_HASH\" | _base64)\"\n export _H1=\"Authorization: Basic $_credentials\"\n _debug \"Set Authorization Header: Basic \" # Log debug message without sensitive credentials\n\n # Construct the API URL based on the action and provided parameters.\n _request_url=\"${MGWM_API_BASE}/${_action}/${_fulldomain}/${_type}/${_content}\"\n _debug \"Constructed mgw-media.de API URL for action '$_action': ${_request_url}\"\n\n # Execute the HTTP GET request with the Authorization Header.\n # The 5th parameter of _get is where acme.sh expects custom HTTP headers like Authorization.\n response=\"$(_get \"$_request_url\")\"\n _debug \"mgw-media.de API response for action '$_action': $response\"\n\n # Check the API response for success. The API returns \"OK\" on success.\n if [ \"$response\" = \"OK\" ]; then\n _info \"mgw-media.de API action '$_action' for record '$_fulldomain' successful.\"\n return 0\n else\n _err \"Failed mgw-media.de API action '$_action' for record '$_fulldomain'. Unexpected API Response: '$response'\"\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_miab.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_miab_info='Mail-in-a-Box\nSite: MailInaBox.email\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_miab\nOptions:\n MIAB_Username Admin username\n MIAB_Password Admin password\n MIAB_Server Server hostname. FQDN of your_MIAB Server\nIssues: github.com/acmesh-official/acme.sh/issues/2550\nAuthor: Darven Dissek, William Gertz\n'\n\n######## Public functions #####################\n\n#Usage: dns_miab_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_miab_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using miab challenge add\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n #retrieve MIAB environemt vars\n if ! _retrieve_miab_env; then\n return 1\n fi\n\n #check domain and seperate into domain and host\n if ! _get_root \"$fulldomain\"; then\n _err \"Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}\"\n return 1\n fi\n\n _debug2 _sub_domain \"$_sub_domain\"\n _debug2 _domain \"$_domain\"\n\n #add the challenge record\n _api_path=\"custom/${fulldomain}/txt\"\n _miab_rest \"$txtvalue\" \"$_api_path\" \"POST\"\n\n #check if result was good\n if _contains \"$response\" \"updated DNS\"; then\n _info \"Successfully created the txt record\"\n return 0\n else\n _err \"Error encountered during record add\"\n _err \"$response\"\n return 1\n fi\n}\n\n#Usage: dns_miab_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_miab_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using miab challenge delete\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n #retrieve MIAB environemt vars\n if ! _retrieve_miab_env; then\n return 1\n fi\n\n #check domain and seperate into doamin and host\n if ! _get_root \"$fulldomain\"; then\n _err \"Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}\"\n return 1\n fi\n\n _debug2 _sub_domain \"$_sub_domain\"\n _debug2 _domain \"$_domain\"\n\n #Remove the challenge record\n _api_path=\"custom/${fulldomain}/txt\"\n _miab_rest \"$txtvalue\" \"$_api_path\" \"DELETE\"\n\n #check if result was good\n if _contains \"$response\" \"updated DNS\"; then\n _info \"Successfully removed the txt record\"\n return 0\n else\n _err \"Error encountered during record remove\"\n _err \"$response\"\n return 1\n fi\n}\n\n#################### Private functions below ##################################\n#\n#Usage: _get_root _acme-challenge.www.domain.com\n#Returns:\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n _passed_domain=$1\n _debug _passed_domain \"$_passed_domain\"\n _i=2\n _p=1\n\n #get the zones hosed on MIAB server, must be a json stream\n _miab_rest \"\" \"zones\" \"GET\"\n\n if ! _is_json \"$response\"; then\n _err \"ERROR fetching domain list\"\n _err \"$response\"\n return 1\n fi\n\n #cycle through the passed domain seperating out a test domain discarding\n # the subdomain by marching thorugh the dots\n while true; do\n _test_domain=$(printf \"%s\" \"$_passed_domain\" | cut -d . -f \"${_i}\"-100)\n _debug _test_domain \"$_test_domain\"\n\n if [ -z \"$_test_domain\" ]; then\n return 1\n fi\n\n #report found if the test domain is in the json response and\n # report the subdomain\n if _contains \"$response\" \"\\\"$_test_domain\\\"\"; then\n _sub_domain=$(printf \"%s\" \"$_passed_domain\" | cut -d . -f 1-\"${_p}\")\n _domain=${_test_domain}\n return 0\n fi\n\n #cycle to the next dot in the passed domain\n _p=${_i}\n _i=$(_math \"$_i\" + 1)\n done\n\n return 1\n}\n\n#Usage: _retrieve_miab_env\n#Returns (from store or environment variables):\n# MIAB_Username\n# MIAB_Password\n# MIAB_Server\n#retrieve MIAB environment variables, report errors and quit if problems\n_retrieve_miab_env() {\n MIAB_Username=\"${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}\"\n MIAB_Password=\"${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}\"\n MIAB_Server=\"${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}\"\n\n #debug log the environmental variables\n _debug MIAB_Username \"$MIAB_Username\"\n _debug MIAB_Password \"$MIAB_Password\"\n _debug MIAB_Server \"$MIAB_Server\"\n\n #check if MIAB environemt vars set and quit if not\n if [ -z \"$MIAB_Username\" ] || [ -z \"$MIAB_Password\" ] || [ -z \"$MIAB_Server\" ]; then\n _err \"You didn't specify one or more of MIAB_Username, MIAB_Password or MIAB_Server.\"\n _err \"Please check these environment variables and try again.\"\n return 1\n fi\n\n #save the credentials to the account conf file.\n _saveaccountconf_mutable MIAB_Username \"$MIAB_Username\"\n _saveaccountconf_mutable MIAB_Password \"$MIAB_Password\"\n _saveaccountconf_mutable MIAB_Server \"$MIAB_Server\"\n return 0\n}\n\n#Useage: _miab_rest \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\" \"custom/_acme-challenge.www.domain.com/txt \"POST\"\n#Returns: \"updated DNS: domain.com\"\n#rest interface MIAB dns\n_miab_rest() {\n _data=\"$1\"\n _api_path=\"$2\"\n _httpmethod=\"$3\"\n\n #encode username and password for basic authentication\n _credentials=\"$(printf \"%s\" \"$MIAB_Username:$MIAB_Password\" | _base64)\"\n export _H1=\"Authorization: Basic $_credentials\"\n _url=\"https://${MIAB_Server}/admin/dns/${_api_path}\"\n\n _debug2 _data \"$_data\"\n _debug _api_path \"$_api_path\"\n _debug2 _url \"$_url\"\n _debug2 _credentails \"$_credentials\"\n _debug _httpmethod \"$_httpmethod\"\n\n if [ \"$_httpmethod\" = \"GET\" ]; then\n response=\"$(_get \"$_url\")\"\n else\n response=\"$(_post \"$_data\" \"$_url\" \"\" \"$_httpmethod\")\"\n fi\n\n _retcode=\"$?\"\n\n if [ \"$_retcode\" != \"0\" ]; then\n _err \"MIAB REST authentication failed on $_httpmethod\"\n return 1\n fi\n\n _debug response \"$response\"\n return 0\n}\n\n#Usage: _is_json \"\\[\\n \"mydomain.com\"\\n]\"\n#Reurns \"\\[\\n \"mydomain.com\"\\n]\"\n#returns the string if it begins and ends with square braces\n_is_json() {\n _str=\"$(echo \"$1\" | _normalizeJson)\"\n echo \"$_str\" | grep '^\\[.*\\]$' >/dev/null 2>&1\n}\n"
},
{
"path": "dnsapi/dns_mijnhost.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_mijnhost_info='mijn.host\nSite: mijn.host\nDocs: https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mijnhost\nOptions:\n MIJNHOST_API_KEY API Key\nIssues: github.com/acmesh-official/acme.sh/issues/6177\nAuthor: @peterv99\n'\n\n######## Public functions ######################\nMIJNHOST_API=\"https://mijn.host/api/v2\"\n\n# Add TXT record for domain verification\ndns_mijnhost_add() {\n fulldomain=$1\n txtvalue=$2\n\n MIJNHOST_API_KEY=\"${MIJNHOST_API_KEY:-$(_readaccountconf_mutable MIJNHOST_API_KEY)}\"\n if [ -z \"$MIJNHOST_API_KEY\" ]; then\n MIJNHOST_API_KEY=\"\"\n _err \"You haven't specified your mijn-host API key yet.\"\n _err \"Please add MIJNHOST_API_KEY to the env.\"\n return 1\n fi\n\n # Save the API key for future use\n _saveaccountconf_mutable MIJNHOST_API_KEY \"$MIJNHOST_API_KEY\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _debug2 _sub_domain \"$_sub_domain\"\n _debug2 _domain \"$_domain\"\n _debug \"Adding DNS record\" \"${fulldomain}.\"\n\n # Construct the API URL\n api_url=\"$MIJNHOST_API/domains/$_domain/dns\"\n\n # Getting previous records\n _mijnhost_rest GET \"$api_url\" \"\"\n\n if [ \"$_code\" != \"200\" ]; then\n _err \"Error getting current DNS enties ($_code)\"\n return 1\n fi\n\n records=$(echo \"$response\" | _egrep_o '\"records\":\\[.*\\]' | sed 's/\"records\"://')\n\n _debug2 \"Current records\" \"$records\"\n\n # Build the payload for the API\n data=\"{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$fulldomain.\\\",\\\"value\\\":\\\"$txtvalue\\\",\\\"ttl\\\":300}\"\n\n _debug2 \"Record to add\" \"$data\"\n\n # Updating the records\n updated_records=$(echo \"$records\" | sed -E \"s/\\]( *$)/,$data\\]/\")\n\n _debug2 \"Updated records\" \"$updated_records\"\n\n # data\n data=\"{\\\"records\\\": $updated_records}\"\n\n _mijnhost_rest PUT \"$api_url\" \"$data\"\n\n if [ \"$_code\" = \"200\" ]; then\n _info \"DNS record succesfully added.\"\n return 0\n else\n _err \"Error adding DNS record ($_code).\"\n return 1\n fi\n}\n\n# Remove TXT record after verification\ndns_mijnhost_rm() {\n fulldomain=$1\n txtvalue=$2\n\n MIJNHOST_API_KEY=\"${MIJNHOST_API_KEY:-$(_readaccountconf_mutable MIJNHOST_API_KEY)}\"\n if [ -z \"$MIJNHOST_API_KEY\" ]; then\n MIJNHOST_API_KEY=\"\"\n _err \"You haven't specified your mijn-host API key yet.\"\n _err \"Please add MIJNHOST_API_KEY to the env.\"\n return 1\n fi\n\n _debug \"Detecting root zone for\" \"${fulldomain}.\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _debug \"Removing DNS record for TXT value\" \"${txtvalue}.\"\n\n # Construct the API URL\n api_url=\"$MIJNHOST_API/domains/$_domain/dns\"\n\n # Get current records\n _mijnhost_rest GET \"$api_url\" \"\"\n\n if [ \"$_code\" != \"200\" ]; then\n _err \"Error getting current DNS enties ($_code)\"\n return 1\n fi\n\n _debug2 \"Get current records response:\" \"$response\"\n\n records=$(echo \"$response\" | _egrep_o '\"records\":\\[.*\\]' | sed 's/\"records\"://')\n\n _debug2 \"Current records:\" \"$records\"\n\n updated_records=$(echo \"$records\" | sed -E \"s/\\{[^}]*\\\"value\\\":\\\"$txtvalue\\\"[^}]*\\},?//g\" | sed 's/,]/]/g')\n\n _debug2 \"Updated records:\" \"$updated_records\"\n\n # Build the new payload\n data=\"{\\\"records\\\": $updated_records}\"\n\n # Use the _put method to update the records\n _mijnhost_rest PUT \"$api_url\" \"$data\"\n\n if [ \"$_code\" = \"200\" ]; then\n _info \"DNS record removed successfully.\"\n return 0\n else\n _err \"Error removing DNS record ($_code).\"\n return 1\n fi\n}\n\n# Helper function to detect the root zone\n_get_root() {\n domain=$1\n\n # Get current records\n _debug \"Getting current domains\"\n _mijnhost_rest GET \"$MIJNHOST_API/domains\" \"\"\n\n if [ \"$_code\" != \"200\" ]; then\n _err \"error getting current domains ($_code)\"\n return 1\n fi\n\n # Extract root domains from response\n rootDomains=$(echo \"$response\" | _egrep_o '\"domain\":\"[^\"]*\"' | sed -E 's/\"domain\":\"([^\"]*)\"/\\1/')\n _debug \"Root domains:\" \"$rootDomains\"\n\n for rootDomain in $rootDomains; do\n if _contains \"$domain\" \"$rootDomain\"; then\n _domain=\"$rootDomain\"\n _sub_domain=$(echo \"$domain\" | sed \"s/.$rootDomain//g\")\n _debug \"Found root domain\" \"$_domain\" \"and subdomain\" \"$_sub_domain\" \"for\" \"$domain\"\n return 0\n fi\n done\n return 1\n}\n\n# Helper function for rest calls\n_mijnhost_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n\n MAX_REQUEST_RETRY_TIMES=15\n _request_retry_times=0\n _retry_sleep=5 #Initial sleep time in seconds.\n\n while [ \"${_request_retry_times}\" -lt \"$MAX_REQUEST_RETRY_TIMES\" ]; do\n _debug2 _request_retry_times \"$_request_retry_times\"\n export _H1=\"API-Key: $MIJNHOST_API_KEY\"\n export _H2=\"Content-Type: application/json\"\n # clear headers from previous request to avoid getting wrong http code on timeouts\n : >\"$HTTP_HEADER\"\n _debug \"$ep\"\n if [ \"$m\" != \"GET\" ]; then\n _debug2 \"data $data\"\n response=\"$(_post \"$data\" \"$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$ep\")\"\n fi\n _ret=\"$?\"\n _debug2 \"response $response\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n if [ \"$_code\" = \"401\" ]; then\n # we have an invalid API token, maybe it is expired?\n _err \"Access denied. Invalid API token.\"\n return 1\n fi\n\n if [ \"$_ret\" != \"0\" ] || [ -z \"$_code\" ] || [ \"$_code\" = \"400\" ] || _contains \"$response\" \"DNS records not managed by mijn.host\"; then #Sometimes API errors out\n _request_retry_times=\"$(_math \"$_request_retry_times\" + 1)\"\n _info \"REST call error $_code retrying $ep in ${_retry_sleep}s\"\n _sleep \"$_retry_sleep\"\n _retry_sleep=\"$(_math \"$_retry_sleep\" \\* 2)\"\n continue\n fi\n break\n done\n if [ \"$_request_retry_times\" = \"$MAX_REQUEST_RETRY_TIMES\" ]; then\n _err \"Error mijn.host API call was retried $MAX_REQUEST_RETRY_TIMES times.\"\n _err \"Calling $ep failed.\"\n return 1\n fi\n response=\"$(echo \"$response\" | _normalizeJson)\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_misaka.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_misaka_info='Misaka.io\nSite: Misaka.io\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_misaka\nOptions:\n Misaka_Key API Key\nAuthor: \n'\n\nMisaka_Api=\"https://dnsapi.misaka.io/dns\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_misaka_add() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$Misaka_Key\" ]; then\n Misaka_Key=\"\"\n _err \"You didn't specify misaka.io dns api key yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf Misaka_Key \"$Misaka_Key\"\n\n _debug \"checking root zone [$fulldomain]\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _misaka_rest GET \"zones/${_domain}/recordsets?search=${_sub_domain}\"\n\n if ! _contains \"$response\" \"\\\"results\\\":\"; then\n _err \"Error\"\n return 1\n fi\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"name\\\":\\\"$_sub_domain\\\",[^{]*\\\"type\\\":\\\"TXT\\\"\" | wc -l | tr -d \" \")\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Adding record\"\n\n if _misaka_rest POST \"zones/${_domain}/recordsets/${_sub_domain}/TXT\" \"{\\\"records\\\":[{\\\"value\\\":\\\"\\\\\\\"$txtvalue\\\\\\\"\\\"}],\\\"filters\\\":[],\\\"ttl\\\":1}\"; then\n _debug response \"$response\"\n if _contains \"$response\" \"$_sub_domain\"; then\n _info \"Added\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n else\n _info \"Updating record\"\n\n _misaka_rest PUT \"zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true\" \"{\\\"records\\\": [{\\\"value\\\": \\\"\\\\\\\"$txtvalue\\\\\\\"\\\"}],\\\"ttl\\\":1}\"\n if [ \"$?\" = \"0\" ] && _contains \"$response\" \"$_sub_domain\"; then\n _info \"Updated!\"\n #todo: check if the record takes effect\n return 0\n fi\n _err \"Update error\"\n return 1\n fi\n\n}\n\n#fulldomain\ndns_misaka_rm() {\n fulldomain=$1\n txtvalue=$2\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _misaka_rest GET \"zones/${_domain}/recordsets?search=${_sub_domain}\"\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"name\\\":\\\"$_sub_domain\\\",[^{]*\\\"type\\\":\\\"TXT\\\"\" | wc -l | tr -d \" \")\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n if ! _misaka_rest DELETE \"zones/${_domain}/recordsets/${_sub_domain}/TXT\"; then\n _err \"Delete record error.\"\n return 1\n fi\n _contains \"$response\" \"\"\n fi\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n if ! _misaka_rest GET \"zones?limit=1000\"; then\n return 1\n fi\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_misaka_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"User-Agent: acme.sh/$VER misaka-dns-acmesh/20191213\"\n export _H3=\"Authorization: Token $Misaka_Key\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$Misaka_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$Misaka_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_myapi.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_myapi_info='Custom API Example\n A sample custom DNS API script description.\nDomains: example.com example.net\nSite: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_myapi\nOptions:\n MYAPI_Token API Token. Get API Token from https://example.com/api/\n MYAPI_Variable2 Option 2. Default \"default value\".\n MYAPI_Variable2 Option 3. Optional.\nIssues: github.com/acmesh-official/acme.sh\nAuthor: Neil Pang \n'\n\n#This file name is \"dns_myapi.sh\"\n#So, here must be a method dns_myapi_add()\n#Which will be called by acme.sh to add the txt record to your api system.\n#returns 0 means success, otherwise error.\n\n######## Public functions #####################\n\n# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_myapi_add() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using myapi\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _err \"Not implemented!\"\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_myapi_rm() {\n fulldomain=$1\n txtvalue=$2\n _info \"Using myapi\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n}\n\n#################### Private functions below ##################################\n"
},
{
"path": "dnsapi/dns_mydevil.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_mydevil_info='MyDevil.net\n MyDevil.net already supports automatic Lets Encrypt certificates,\n except for wildcard domains.\n This script depends on devil command that MyDevil.net provides,\n which means that it works only on server side.\nSite: MyDevil.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydevil\nIssues: github.com/acmesh-official/acme.sh/issues/2079\nAuthor: Marcin Konicki \n'\n\n######## Public functions #####################\n\n#Usage: dns_mydevil_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_mydevil_add() {\n fulldomain=$1\n txtvalue=$2\n domain=\"\"\n\n if ! _exists \"devil\"; then\n _err \"Could not find 'devil' command.\"\n return 1\n fi\n\n _info \"Using mydevil\"\n\n domain=$(mydevil_get_domain \"$fulldomain\")\n if [ -z \"$domain\" ]; then\n _err \"Invalid domain name: could not find root domain of $fulldomain.\"\n return 1\n fi\n\n # No need to check if record name exists, `devil` always adds new record.\n # In worst case scenario, we end up with multiple identical records.\n\n _info \"Adding $fulldomain record for domain $domain\"\n if devil dns add \"$domain\" \"$fulldomain\" TXT \"$txtvalue\"; then\n _info \"Successfully added TXT record, ready for validation.\"\n return 0\n else\n _err \"Unable to add DNS record.\"\n return 1\n fi\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_mydevil_rm() {\n fulldomain=$1\n txtvalue=$2\n domain=\"\"\n\n if ! _exists \"devil\"; then\n _err \"Could not find 'devil' command.\"\n return 1\n fi\n\n _info \"Using mydevil\"\n\n domain=$(mydevil_get_domain \"$fulldomain\")\n if [ -z \"$domain\" ]; then\n _err \"Invalid domain name: could not find root domain of $fulldomain.\"\n return 1\n fi\n\n # catch one or more numbers\n num='[0-9][0-9]*'\n # catch one or more whitespace\n w=$(printf '[\\t ][\\t ]*')\n # catch anything, except newline\n any='.*'\n # filter to make sure we do not delete other records\n validRecords=\"^${num}${w}${fulldomain}${w}TXT${w}${any}${txtvalue}$\"\n for id in $(devil dns list \"$domain\" | tail -n+2 | grep \"${validRecords}\" | cut -w -s -f 1); do\n _info \"Removing record $id from domain $domain\"\n echo \"y\" | devil dns del \"$domain\" \"$id\" || _err \"Could not remove DNS record.\"\n done\n}\n\n#################### Private functions below ##################################\n\n# Usage: domain=$(mydevil_get_domain \"_acme-challenge.www.domain.com\" || _err \"Invalid domain name\")\n# echo $domain\nmydevil_get_domain() {\n fulldomain=$1\n domain=\"\"\n\n for domain in $(devil dns list | cut -w -s -f 1 | tail -n+2); do\n _debug \"Checking domain: $domain\"\n if _endswith \"$fulldomain\" \"$domain\"; then\n _debug \"Fulldomain '$fulldomain' matches '$domain'\"\n printf -- \"%s\" \"$domain\"\n return 0\n fi\n done\n\n return 1\n}\n"
},
{
"path": "dnsapi/dns_mydnsjp.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_mydnsjp_info='MyDNS.JP\nSite: MyDNS.JP\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydnsjp\nOptions:\n MYDNSJP_MasterID Master ID\n MYDNSJP_Password Password\nAuthor: @tkmsst\n'\n\n######## Public functions #####################\n\n# Export MyDNS.JP MasterID and Password in following variables...\n# MYDNSJP_MasterID=MasterID\n# MYDNSJP_Password=Password\n\nMYDNSJP_API=\"https://www.mydns.jp\"\n\n#Usage: dns_mydnsjp_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_mydnsjp_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Using mydnsjp\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n # Load the credentials from the account conf file\n MYDNSJP_MasterID=\"${MYDNSJP_MasterID:-$(_readaccountconf_mutable MYDNSJP_MasterID)}\"\n MYDNSJP_Password=\"${MYDNSJP_Password:-$(_readaccountconf_mutable MYDNSJP_Password)}\"\n if [ -z \"$MYDNSJP_MasterID\" ] || [ -z \"$MYDNSJP_Password\" ]; then\n MYDNSJP_MasterID=\"\"\n MYDNSJP_Password=\"\"\n _err \"You don't specify mydnsjp api MasterID and Password yet.\"\n _err \"Please export as MYDNSJP_MasterID / MYDNSJP_Password and try again.\"\n return 1\n fi\n\n # Save the credentials to the account conf file\n _saveaccountconf_mutable MYDNSJP_MasterID \"$MYDNSJP_MasterID\"\n _saveaccountconf_mutable MYDNSJP_Password \"$MYDNSJP_Password\"\n\n _debug \"First detect the root zone.\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if _mydnsjp_api \"REGIST\" \"$_domain\" \"$txtvalue\"; then\n if printf -- \"%s\" \"$response\" | grep \"OK.\" >/dev/null; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n\n return 1\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_mydnsjp_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"Removing TXT record\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n # Load the credentials from the account conf file\n MYDNSJP_MasterID=\"${MYDNSJP_MasterID:-$(_readaccountconf_mutable MYDNSJP_MasterID)}\"\n MYDNSJP_Password=\"${MYDNSJP_Password:-$(_readaccountconf_mutable MYDNSJP_Password)}\"\n if [ -z \"$MYDNSJP_MasterID\" ] || [ -z \"$MYDNSJP_Password\" ]; then\n MYDNSJP_MasterID=\"\"\n MYDNSJP_Password=\"\"\n _err \"You don't specify mydnsjp api MasterID and Password yet.\"\n _err \"Please export as MYDNSJP_MasterID / MYDNSJP_Password and try again.\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n if _mydnsjp_api \"DELETE\" \"$_domain\" \"$txtvalue\"; then\n if printf -- \"%s\" \"$response\" | grep \"OK.\" >/dev/null; then\n _info \"Deleted, OK\"\n return 0\n else\n _err \"Delete txt record error.\"\n return 1\n fi\n fi\n _err \"Delete txt record error.\"\n\n return 1\n}\n\n#################### Private functions below ##################################\n# _acme-challenge.www.domain.com\n# returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n fulldomain=$1\n i=2\n p=1\n\n # Get the root domain\n _mydnsjp_retrieve_domain\n if [ \"$?\" != \"0\" ]; then\n # not valid\n return 1\n fi\n\n while true; do\n _domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f \"$i\"-100)\n\n if [ -z \"$_domain\" ]; then\n # not valid\n return 1\n fi\n\n if [ \"$_domain\" = \"$_root_domain\" ]; then\n _sub_domain=$(printf \"%s\" \"$fulldomain\" | cut -d . -f 1-\"$p\")\n return 0\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n done\n\n return 1\n}\n\n# Retrieve the root domain\n# returns 0 success\n_mydnsjp_retrieve_domain() {\n _debug \"Login to MyDNS.JP\"\n\n response=\"$(_post \"MENU=100&masterid=$MYDNSJP_MasterID&masterpwd=$MYDNSJP_Password\" \"$MYDNSJP_API/members/\")\"\n cookie=\"$(grep -i '^set-cookie:' \"$HTTP_HEADER\" | _head_n 1 | cut -d \" \" -f 2)\"\n\n # If cookies is not empty then logon successful\n if [ -z \"$cookie\" ]; then\n _err \"Fail to get a cookie.\"\n return 1\n fi\n\n _root_domain=$(echo \"$response\" | grep \"DNSINFO\\[domainname\\]\" | sed 's/^.*value=\"\\([^\"]*\\)\".*/\\1/')\n\n _debug _root_domain \"$_root_domain\"\n\n if [ -z \"$_root_domain\" ]; then\n _err \"Fail to get the root domain.\"\n return 1\n fi\n\n return 0\n}\n\n_mydnsjp_api() {\n cmd=$1\n domain=$2\n txtvalue=$3\n\n # Base64 encode the credentials\n credentials=$(printf \"%s:%s\" \"$MYDNSJP_MasterID\" \"$MYDNSJP_Password\" | _base64)\n\n # Construct the HTTP Authorization header\n export _H1=\"Content-Type: application/x-www-form-urlencoded\"\n export _H2=\"Authorization: Basic ${credentials}\"\n\n response=\"$(_post \"CERTBOT_DOMAIN=$domain&CERTBOT_VALIDATION=$txtvalue&EDIT_CMD=$cmd\" \"$MYDNSJP_API/directedit.html\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $domain\"\n return 1\n fi\n\n _debug2 response \"$response\"\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_mythic_beasts.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_mythic_beasts_info='Mythic-Beasts.com\nSite: Mythic-Beasts.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mythic_beasts\nOptions:\n MB_AK API Key\n MB_AS API Secret\nIssues: github.com/acmesh-official/acme.sh/issues/3848\n'\n# Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication\n# To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com\n# Cannot retest once cert is issued\n# OAuth2 tokens only valid for 300 seconds so we do not store\n# NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com)\n\n# Test OAuth2 credentials\n#MB_AK=\"aaaaaaaaaaaaaaaa\"\n#MB_AS=\"bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb\"\n\n# URLs\nMB_API='https://api.mythic-beasts.com/dns/v2/zones'\nMB_AUTH='https://auth.mythic-beasts.com/login'\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_mythic_beasts_add() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"MYTHIC BEASTS Adding record $fulldomain = $txtvalue\"\n if ! _initAuth; then\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n\n # method path body_data\n if _mb_rest POST \"$_domain/records/$_sub_domain/TXT\" \"$txtvalue\"; then\n\n if _contains \"$response\" \"1 records added\"; then\n _info \"Added, verifying...\"\n # Max 120 seconds to publish\n for i in $(seq 1 6); do\n # Retry on error\n if ! _mb_rest GET \"$_domain/records/$_sub_domain/TXT?verify\"; then\n _sleep 20\n else\n _info \"Record published!\"\n return 0\n fi\n done\n\n else\n _err \"\\n$response\"\n fi\n\n fi\n _err \"Add txt record error.\"\n return 1\n}\n\n#Usage: rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_mythic_beasts_rm() {\n fulldomain=$1\n txtvalue=$2\n\n _info \"MYTHIC BEASTS Removing record $fulldomain = $txtvalue\"\n if ! _initAuth; then\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n return 1\n fi\n\n # method path body_data\n if _mb_rest DELETE \"$_domain/records/$_sub_domain/TXT\" \"$txtvalue\"; then\n _info \"Record removed\"\n return 0\n fi\n _err \"Remove txt record error.\"\n return 1\n}\n\n#################### Private functions below ##################################\n\n#Possible formats:\n# _acme-challenge.www.example.com\n# _acme-challenge.example.com\n# _acme-challenge.example.co.uk\n# _acme-challenge.www.example.co.uk\n# _acme-challenge.sub1.sub2.www.example.co.uk\n# sub1.sub2.example.co.uk\n# example.com\n# example.co.uk\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=1\n p=1\n\n _debug \"Detect the root zone\"\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n _err \"Domain exhausted\"\n return 1\n fi\n\n # Use the status errors to find the domain, continue on 403 Access denied\n # method path body_data\n _mb_rest GET \"$h/records\"\n ret=\"$?\"\n if [ \"$ret\" -eq 0 ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n return 0\n elif [ \"$ret\" -eq 1 ]; then\n return 1\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n\n if [ \"$i\" -gt 50 ]; then\n break\n fi\n done\n _err \"Domain too long\"\n return 1\n}\n\n_initAuth() {\n MB_AK=\"${MB_AK:-$(_readaccountconf_mutable MB_AK)}\"\n MB_AS=\"${MB_AS:-$(_readaccountconf_mutable MB_AS)}\"\n\n if [ -z \"$MB_AK\" ] || [ -z \"$MB_AS\" ]; then\n MB_AK=\"\"\n MB_AS=\"\"\n _err \"Please specify an OAuth2 Key & Secret\"\n return 1\n fi\n\n _saveaccountconf_mutable MB_AK \"$MB_AK\"\n _saveaccountconf_mutable MB_AS \"$MB_AS\"\n\n if ! _oauth2; then\n return 1\n fi\n\n _info \"Checking authentication\"\n _secure_debug access_token \"$MB_TK\"\n _sleep 1\n\n # GET a list of zones\n # method path body_data\n if ! _mb_rest GET \"\"; then\n _err \"The token is invalid\"\n return 1\n fi\n _info \"Token OK\"\n return 0\n}\n\n# Github appears to use an outbound proxy for requests which means subsequent requests may not have the same\n# source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail\n# authentication. This is a work around using an undocumented MB API to obtain a token not tied to an\n# IP just for the github tests.\n_oauth2() {\n if [ \"$GITHUB_ACTIONS\" = \"true\" ]; then\n _oauth2_github\n else\n _oauth2_std\n fi\n return $?\n}\n\n_oauth2_std() {\n # HTTP Basic Authentication\n _H1=\"Authorization: Basic $(echo \"$MB_AK:$MB_AS\" | _base64)\"\n _H2=\"Accepts: application/json\"\n export _H1 _H2\n body=\"grant_type=client_credentials\"\n\n _info \"Getting OAuth2 token...\"\n # body url [needbase64] [POST|PUT|DELETE] [ContentType]\n response=\"$(_post \"$body\" \"$MB_AUTH\" \"\" \"POST\" \"application/x-www-form-urlencoded\")\"\n if _contains \"$response\" \"\\\"token_type\\\":\\\"bearer\\\"\"; then\n MB_TK=\"$(echo \"$response\" | _egrep_o \"access_token\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d '\"')\"\n if [ -z \"$MB_TK\" ]; then\n _err \"Unable to get access_token\"\n _err \"\\n$response\"\n return 1\n fi\n else\n _err \"OAuth2 token_type not Bearer\"\n _err \"\\n$response\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n\n_oauth2_github() {\n _H1=\"Accepts: application/json\"\n export _H1\n body=\"{\\\"login\\\":{\\\"handle\\\":\\\"$MB_AK\\\",\\\"pass\\\":\\\"$MB_AS\\\",\\\"floating\\\":1}}\"\n\n _info \"Getting Floating token...\"\n # body url [needbase64] [POST|PUT|DELETE] [ContentType]\n response=\"$(_post \"$body\" \"$MB_AUTH\" \"\" \"POST\" \"application/json\")\"\n MB_TK=\"$(echo \"$response\" | _egrep_o \"\\\"token\\\":\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d '\"')\"\n if [ -z \"$MB_TK\" ]; then\n _err \"Unable to get token\"\n _err \"\\n$response\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n\n# method path body_data\n_mb_rest() {\n # URL encoded body for single API operations\n m=\"$1\"\n ep=\"$2\"\n data=\"$3\"\n\n if [ -z \"$ep\" ]; then\n _mb_url=\"$MB_API\"\n else\n _mb_url=\"$MB_API/$ep\"\n fi\n\n _H1=\"Authorization: Bearer $MB_TK\"\n _H2=\"Accepts: application/json\"\n export _H1 _H2\n if [ \"$data\" ] || [ \"$m\" = \"POST\" ] || [ \"$m\" = \"PUT\" ] || [ \"$m\" = \"DELETE\" ]; then\n # body url [needbase64] [POST|PUT|DELETE] [ContentType]\n response=\"$(_post \"data=$data\" \"$_mb_url\" \"\" \"$m\" \"application/x-www-form-urlencoded\")\"\n else\n response=\"$(_get \"$_mb_url\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"Request error\"\n return 1\n fi\n\n header=\"$(cat \"$HTTP_HEADER\")\"\n status=\"$(echo \"$header\" | _egrep_o \"^HTTP[^ ]* .*$\" | cut -d \" \" -f 2-100 | tr -d \"\\f\\n\")\"\n code=\"$(echo \"$status\" | _egrep_o \"^[0-9]*\")\"\n if [ \"$code\" -ge 400 ] || _contains \"$response\" \"\\\"error\\\"\" || _contains \"$response\" \"invalid_client\"; then\n _err \"error $status\"\n _err \"\\n$response\"\n _debug \"\\n$header\"\n return 2\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_namecheap.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_namecheap_info='NameCheap.com\nSite: NameCheap.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namecheap\nOptions:\n NAMECHEAP_API_KEY API Key\n NAMECHEAP_USERNAME Username\n NAMECHEAP_SOURCEIP Source IP\nIssues: github.com/acmesh-official/acme.sh/issues/2107\n'\n\n# Namecheap API\n# https://www.namecheap.com/support/api/intro.aspx\n# Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise.\n\n######## Public functions #####################\n\nNAMECHEAP_API=\"https://api.namecheap.com/xml.response\"\n\n#Usage: dns_namecheap_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_namecheap_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _namecheap_check_config; then\n _err \"$error\"\n return 1\n fi\n\n if ! _namecheap_set_publicip; then\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _debug domain \"$_domain\"\n _debug sub_domain \"$_sub_domain\"\n\n _set_namecheap_TXT \"$_domain\" \"$_sub_domain\" \"$txtvalue\"\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_namecheap_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _namecheap_set_publicip; then\n return 1\n fi\n\n if ! _namecheap_check_config; then\n _err \"$error\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _debug domain \"$_domain\"\n _debug sub_domain \"$_sub_domain\"\n\n _del_namecheap_TXT \"$_domain\" \"$_sub_domain\" \"$txtvalue\"\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n fulldomain=$1\n\n if ! _get_root_by_getList \"$fulldomain\"; then\n _debug \"Failed domain lookup via domains.getList api call. Trying domain lookup via domains.dns.getHosts api.\"\n # The above \"getList\" api will only return hosts *owned* by the calling user. However, if the calling\n # user is not the owner, but still has administrative rights, we must query the getHosts api directly.\n # See this comment and the official namecheap response: https://disq.us/p/1q6v9x9\n if ! _get_root_by_getHosts \"$fulldomain\"; then\n return 1\n fi\n fi\n\n return 0\n}\n\n_get_root_by_getList() {\n domain=$1\n\n if ! _namecheap_post \"namecheap.domains.getList\"; then\n _err \"$error\"\n return 1\n fi\n\n i=2\n p=1\n\n while true; do\n\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n if ! _contains \"$h\" \"\\\\.\"; then\n #not valid\n return 1\n fi\n\n if ! _contains \"$response\" \"$h\"; then\n _debug \"$h not found\"\n else\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=\"$i\"\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_get_root_by_getHosts() {\n i=100\n p=99\n\n while [ \"$p\" -ne 0 ]; do\n\n h=$(printf \"%s\" \"$1\" | cut -d . -f \"$i\"-100)\n if [ -n \"$h\" ]; then\n if _contains \"$h\" \"\\\\.\"; then\n _debug h \"$h\"\n if _namecheap_set_tld_sld \"$h\"; then\n _sub_domain=$(printf \"%s\" \"$1\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n else\n _debug \"$h not found\"\n fi\n fi\n fi\n i=\"$p\"\n p=$(_math \"$p\" - 1)\n done\n return 1\n}\n\n_namecheap_set_publicip() {\n\n if [ -z \"$NAMECHEAP_SOURCEIP\" ]; then\n _err \"No Source IP specified for Namecheap API.\"\n _err \"Use your public ip address or an url to retrieve it (e.g. https://ifconfig.co/ip) and export it as NAMECHEAP_SOURCEIP\"\n return 1\n else\n _saveaccountconf NAMECHEAP_SOURCEIP \"$NAMECHEAP_SOURCEIP\"\n _debug sourceip \"$NAMECHEAP_SOURCEIP\"\n\n ip=$(echo \"$NAMECHEAP_SOURCEIP\" | _egrep_o '[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}')\n addr=$(echo \"$NAMECHEAP_SOURCEIP\" | _egrep_o '(http|https):\\/\\/.*')\n\n _debug2 ip \"$ip\"\n _debug2 addr \"$addr\"\n\n if [ -n \"$ip\" ]; then\n _publicip=\"$ip\"\n elif [ -n \"$addr\" ]; then\n _publicip=$(_get \"$addr\")\n else\n _err \"No Source IP specified for Namecheap API.\"\n _err \"Use your public ip address or an url to retrieve it (e.g. https://ifconfig.co/ip) and export it as NAMECHEAP_SOURCEIP\"\n return 1\n fi\n fi\n\n _debug publicip \"$_publicip\"\n\n return 0\n}\n\n_namecheap_post() {\n command=$1\n data=\"ApiUser=${NAMECHEAP_USERNAME}&ApiKey=${NAMECHEAP_API_KEY}&ClientIp=${_publicip}&UserName=${NAMECHEAP_USERNAME}&Command=${command}\"\n _debug2 \"_namecheap_post data\" \"$data\"\n response=\"$(_post \"$data\" \"$NAMECHEAP_API\" \"\" \"POST\")\"\n _debug2 response \"$response\"\n\n if _contains \"$response\" \"Status=\\\"ERROR\\\"\" >/dev/null; then\n error=$(echo \"$response\" | _egrep_o \">.*<\\\\/Error>\" | cut -d '<' -f 1 | tr -d '>')\n _err \"error $error\"\n return 1\n fi\n\n return 0\n}\n\n_namecheap_parse_host() {\n _host=$1\n _debug _host \"$_host\"\n\n _hostid=$(echo \"$_host\" | _egrep_o ' HostId=\"[^\"]*' | cut -d '\"' -f 2)\n _hostname=$(echo \"$_host\" | _egrep_o ' Name=\"[^\"]*' | cut -d '\"' -f 2)\n _hosttype=$(echo \"$_host\" | _egrep_o ' Type=\"[^\"]*' | cut -d '\"' -f 2)\n _hostaddress=$(echo \"$_host\" | _egrep_o ' Address=\"[^\"]*' | cut -d '\"' -f 2 | _xml_decode)\n _hostmxpref=$(echo \"$_host\" | _egrep_o ' MXPref=\"[^\"]*' | cut -d '\"' -f 2)\n _hostttl=$(echo \"$_host\" | _egrep_o ' TTL=\"[^\"]*' | cut -d '\"' -f 2)\n\n _debug hostid \"$_hostid\"\n _debug hostname \"$_hostname\"\n _debug hosttype \"$_hosttype\"\n _debug hostaddress \"$_hostaddress\"\n _debug hostmxpref \"$_hostmxpref\"\n _debug hostttl \"$_hostttl\"\n}\n\n_namecheap_check_config() {\n\n if [ -z \"$NAMECHEAP_API_KEY\" ]; then\n _err \"No API key specified for Namecheap API.\"\n _err \"Create your key and export it as NAMECHEAP_API_KEY\"\n return 1\n fi\n\n if [ -z \"$NAMECHEAP_USERNAME\" ]; then\n _err \"No username key specified for Namecheap API.\"\n _err \"Create your key and export it as NAMECHEAP_USERNAME\"\n return 1\n fi\n\n _saveaccountconf NAMECHEAP_API_KEY \"$NAMECHEAP_API_KEY\"\n _saveaccountconf NAMECHEAP_USERNAME \"$NAMECHEAP_USERNAME\"\n\n return 0\n}\n\n_set_namecheap_TXT() {\n subdomain=$2\n txt=$3\n\n if ! _namecheap_set_tld_sld \"$1\"; then\n return 1\n fi\n\n request=\"namecheap.domains.dns.getHosts&SLD=${_sld}&TLD=${_tld}\"\n\n if ! _namecheap_post \"$request\"; then\n _err \"$error\"\n return 1\n fi\n\n hosts=$(echo \"$response\" | _egrep_o ']*')\n _debug hosts \"$hosts\"\n\n if [ -z \"$hosts\" ]; then\n _err \"Hosts not found\"\n return 1\n fi\n\n _namecheap_reset_hostList\n\n while read -r host; do\n if _contains \"$host\" \"]*')\n _debug hosts \"$hosts\"\n\n if [ -z \"$hosts\" ]; then\n _err \"Hosts not found\"\n return 1\n fi\n\n _namecheap_reset_hostList\n\n found=0\n\n while read -r host; do\n if _contains \"$host\" \"300\")\n if [ \"$retcode\" ]; then\n _info \"Successfully added TXT record, ready for validation.\"\n return 0\n else\n _err \"Unable to add the DNS record.\"\n return 1\n fi\n fi\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_namesilo_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Unable to find domain specified.\"\n return 1\n fi\n\n # Get the record id.\n if _namesilo_rest GET \"dnsListRecords?version=1&type=xml&key=$Namesilo_Key&domain=$_domain\"; then\n retcode=$(printf \"%s\\n\" \"$response\" | _egrep_o \"
300\")\n if [ \"$retcode\" ]; then\n _record_id=$(echo \"$response\" | _egrep_o \"([^<]*)TXT$fulldomain\" | _egrep_o \"([^<]*)\" | sed -r \"s/([^<]*)<\\/record_id>/\\1/\" | tail -n 1)\n _debug _record_id \"$_record_id\"\n if [ \"$_record_id\" ]; then\n _info \"Successfully retrieved the record id for ACME challenge.\"\n else\n _info \"Empty record id, it seems no such record.\"\n return 0\n fi\n else\n _err \"Unable to retrieve the record id.\"\n return 1\n fi\n fi\n\n # Remove the DNS record using record id.\n if _namesilo_rest GET \"dnsDeleteRecord?version=1&type=xml&key=$Namesilo_Key&domain=$_domain&rrid=$_record_id\"; then\n retcode=$(printf \"%s\\n\" \"$response\" | _egrep_o \"300\")\n if [ \"$retcode\" ]; then\n _info \"Successfully removed the TXT record.\"\n return 0\n else\n _err \"Unable to remove the DNS record.\"\n return 1\n fi\n fi\n}\n\n#################### Private functions below ##################################\n\n# _acme-challenge.www.domain.com\n# returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n\n if ! _namesilo_rest GET \"listDomains?version=1&type=xml&key=$Namesilo_Key\"; then\n return 1\n fi\n\n # Need to exclude the last field (tld)\n numfields=$(echo \"$domain\" | _egrep_o \"\\.\" | wc -l)\n while [ \"$i\" -le \"$numfields\" ]; do\n host=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug host \"$host\"\n if [ -z \"$host\" ]; then\n return 1\n fi\n\n if _contains \"$response\" \">$host\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$host\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_namesilo_rest() {\n method=$1\n param=$2\n data=$3\n\n if [ \"$method\" != \"GET\" ]; then\n response=\"$(_post \"$data\" \"$Namesilo_API/$param\" \"\" \"$method\")\"\n else\n response=\"$(_get \"$Namesilo_API/$param\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $param\"\n return 1\n fi\n\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_nanelo.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nanelo_info='Nanelo.com\nSite: Nanelo.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nanelo\nOptions:\n NANELO_TOKEN API Token\nIssues: github.com/acmesh-official/acme.sh/issues/4519\n'\n\nNANELO_API=\"https://api.nanelo.com/v1/\"\n\n######## Public functions #####################\n\n# Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_nanelo_add() {\n fulldomain=$1\n txtvalue=$2\n\n NANELO_TOKEN=\"${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}\"\n if [ -z \"$NANELO_TOKEN\" ]; then\n NANELO_TOKEN=\"\"\n _err \"You didn't configure a Nanelo API Key yet.\"\n _err \"Please set NANELO_TOKEN and try again.\"\n _err \"Login to Nanelo.com and go to Settings > API Keys to get a Key\"\n return 1\n fi\n _saveaccountconf_mutable NANELO_TOKEN \"$NANELO_TOKEN\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding TXT record to ${fulldomain}\"\n response=\"$(_post \"\" \"$NANELO_API$NANELO_TOKEN/dns/addrecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}\" \"\" \"\" \"\")\"\n if _contains \"${response}\" 'success'; then\n return 0\n fi\n _err \"Could not create resource record, please check the logs\"\n _err \"${response}\"\n return 1\n}\n\ndns_nanelo_rm() {\n fulldomain=$1\n txtvalue=$2\n\n NANELO_TOKEN=\"${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}\"\n if [ -z \"$NANELO_TOKEN\" ]; then\n NANELO_TOKEN=\"\"\n _err \"You didn't configure a Nanelo API Key yet.\"\n _err \"Please set NANELO_TOKEN and try again.\"\n _err \"Login to Nanelo.com and go to Settings > API Keys to get a Key\"\n return 1\n fi\n _saveaccountconf_mutable NANELO_TOKEN \"$NANELO_TOKEN\"\n\n _debug \"First, let's detect the root zone:\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Deleting resource record $fulldomain\"\n response=\"$(_post \"\" \"$NANELO_API$NANELO_TOKEN/dns/deleterecord?domain=${_domain}&type=TXT&ttl=60&name=${_sub_domain}&value=${txtvalue}\" \"\" \"\" \"\")\"\n if _contains \"${response}\" 'success'; then\n return 0\n fi\n _err \"Could not delete resource record, please check the logs\"\n _err \"${response}\"\n return 1\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n\n_get_root() {\n fulldomain=$1\n\n # Fetch all zones from Nanelo\n response=\"$(_get \"$NANELO_API$NANELO_TOKEN/dns/getzones\")\" || return 1\n\n # Extract \"zones\" array into space-separated list\n zones=$(echo \"$response\" |\n tr -d ' \\n' |\n sed -n 's/.*\"zones\":\\[\\([^]]*\\)\\].*/\\1/p' |\n tr -d '\"' |\n tr , ' ')\n _debug zones \"$zones\"\n\n bestzone=\"\"\n for z in $zones; do\n case \"$fulldomain\" in\n *.\"$z\" | \"$z\")\n if [ ${#z} -gt ${#bestzone} ]; then\n bestzone=$z\n fi\n ;;\n esac\n done\n\n if [ -z \"$bestzone\" ]; then\n _err \"No matching zone found for $fulldomain\"\n return 1\n fi\n\n _domain=\"$bestzone\"\n _sub_domain=$(printf \"%s\" \"$fulldomain\" | sed \"s/\\\\.$_domain\\$//\")\n\n return 0\n}\n"
},
{
"path": "dnsapi/dns_nederhost.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nederhost_info='NederHost.nl\nSite: NederHost.nl\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nederhost\nOptions:\n NederHost_Key API Key\nIssues: github.com/acmesh-official/acme.sh/issues/2089\n'\n\nNederHost_Api=\"https://api.nederhost.nl/dns/v1\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_nederhost_add() {\n fulldomain=$1\n txtvalue=$2\n\n NederHost_Key=\"${NederHost_Key:-$(_readaccountconf_mutable NederHost_Key)}\"\n if [ -z \"$NederHost_Key\" ]; then\n NederHost_Key=\"\"\n _err \"You didn't specify a NederHost api key.\"\n _err \"You can get yours from https://www.nederhost.nl/mijn_nederhost\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable NederHost_Key \"$NederHost_Key\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _info \"Adding record\"\n if _nederhost_rest PATCH \"zones/$_domain/records/$fulldomain/TXT\" \"[{\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":60}]\"; then\n if _contains \"$response\" \"$fulldomain\"; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n\n}\n\n#fulldomain txtvalue\ndns_nederhost_rm() {\n fulldomain=$1\n txtvalue=$2\n\n NederHost_Key=\"${NederHost_Key:-$(_readaccountconf_mutable NederHost_Key)}\"\n if [ -z \"$NederHost_Key\" ]; then\n NederHost_Key=\"\"\n _err \"You didn't specify a NederHost api key.\"\n _err \"You can get yours from https://www.nederhost.nl/mijn_nederhost\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Removing txt record\"\n _nederhost_rest DELETE \"zones/${_domain}/records/$fulldomain/TXT?content=$txtvalue\"\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n _domain=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _debug _domain \"$_domain\"\n if [ -z \"$_domain\" ]; then\n #not valid\n return 1\n fi\n\n if _nederhost_rest GET \"zones/${_domain}\"; then\n if [ \"${_code}\" = \"204\" ]; then\n return 0\n fi\n else\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_nederhost_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Authorization: Bearer $NederHost_Key\"\n export _H2=\"Content-Type: application/json\"\n\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$NederHost_Api/$ep\" \"\" \"$m\")\"\n\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n _debug \"http response code $_code\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_neodigit.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_neodigit_info='Neodigit.net\nSite: Neodigit.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_neodigit\nOptions:\n NEODIGIT_API_TOKEN API Token\nAuthor: Adrian Almenar\n'\n\nNEODIGIT_API_URL=\"https://api.neodigit.net/v1\"\n#\n######## Public functions #####################\n\n# Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_neodigit_add() {\n fulldomain=$1\n txtvalue=$2\n\n NEODIGIT_API_TOKEN=\"${NEODIGIT_API_TOKEN:-$(_readaccountconf_mutable NEODIGIT_API_TOKEN)}\"\n if [ -z \"$NEODIGIT_API_TOKEN\" ]; then\n NEODIGIT_API_TOKEN=\"\"\n _err \"You haven't specified a Token api key.\"\n _err \"Please create the key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable NEODIGIT_API_TOKEN \"$NEODIGIT_API_TOKEN\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _debug domain \"$_domain\"\n _debug sub_domain \"$_sub_domain\"\n\n _debug \"Getting txt records\"\n _neo_rest GET \"dns/zones/${_domain_id}/records?type=TXT&name=$fulldomain\"\n\n _debug _code \"$_code\"\n\n if [ \"$_code\" != \"200\" ]; then\n _err \"error retrieving data!\"\n return 1\n fi\n\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n _debug domain \"$_domain\"\n _debug sub_domain \"$_sub_domain\"\n\n _info \"Adding record\"\n if _neo_rest POST \"dns/zones/$_domain_id/records\" \"{\\\"record\\\":{\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":60}}\"; then\n if printf -- \"%s\" \"$response\" | grep \"$_sub_domain\" >/dev/null; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n}\n\n#fulldomain txtvalue\ndns_neodigit_rm() {\n fulldomain=$1\n txtvalue=$2\n\n NEODIGIT_API_TOKEN=\"${NEODIGIT_API_TOKEN:-$(_readaccountconf_mutable NEODIGIT_API_TOKEN)}\"\n if [ -z \"$NEODIGIT_API_TOKEN\" ]; then\n NEODIGIT_API_TOKEN=\"\"\n _err \"You haven't specified a Token api key.\"\n _err \"Please create the key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable NEODIGIT_API_TOKEN \"$NEODIGIT_API_TOKEN\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _neo_rest GET \"dns/zones/${_domain_id}/records?type=TXT&name=$fulldomain&content=$txtvalue\"\n\n if [ \"$_code\" != \"200\" ]; then\n _err \"error retrieving data!\"\n return 1\n fi\n\n record_id=$(echo \"$response\" | _egrep_o \"\\\"id\\\":\\s*[0-9]+\" | _head_n 1 | cut -d: -f2 | cut -d, -f1)\n _debug \"record_id\" \"$record_id\"\n if [ -z \"$record_id\" ]; then\n _err \"Can not get record id to remove.\"\n return 1\n fi\n if ! _neo_rest DELETE \"dns/zones/$_domain_id/records/$record_id\"; then\n _err \"Delete record error.\"\n return 1\n fi\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=dasfdsafsadg5ythd\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _neo_rest GET \"dns/zones?name=$h\"; then\n return 1\n fi\n\n _debug p \"$p\"\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _domain_id=$(echo \"$response\" | _egrep_o \"\\\"id\\\":\\s*[0-9]+\" | _head_n 1 | cut -d: -f2 | cut -d, -f1)\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_neo_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"X-TCPanel-Token: $NEODIGIT_API_TOKEN\"\n export _H2=\"Content-Type: application/json\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$NEODIGIT_API_URL/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$NEODIGIT_API_URL/$ep\")\"\n fi\n\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_netcup.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_netcup_info='netcup.eu\nDomains: netcup.de netcup.net\nSite: netcup.eu/\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_netcup\nOptions:\n NC_Apikey API Key\n NC_Apipw API Password\n NC_CID Customer Number\nAuthor: linux-insideDE\n'\n\nNC_Apikey=\"${NC_Apikey:-$(_readaccountconf_mutable NC_Apikey)}\"\nNC_Apipw=\"${NC_Apipw:-$(_readaccountconf_mutable NC_Apipw)}\"\nNC_CID=\"${NC_CID:-$(_readaccountconf_mutable NC_CID)}\"\nend=\"https://ccp.netcup.net/run/webservice/servers/endpoint.php?JSON\"\nclient=\"\"\n\ndns_netcup_add() {\n _debug NC_Apikey \"$NC_Apikey\"\n _login\n if [ \"$NC_Apikey\" = \"\" ] || [ \"$NC_Apipw\" = \"\" ] || [ \"$NC_CID\" = \"\" ]; then\n _err \"No Credentials given\"\n return 1\n fi\n _saveaccountconf_mutable NC_Apikey \"$NC_Apikey\"\n _saveaccountconf_mutable NC_Apipw \"$NC_Apipw\"\n _saveaccountconf_mutable NC_CID \"$NC_CID\"\n fulldomain=$1\n txtvalue=$2\n domain=\"\"\n exit=$(echo \"$fulldomain\" | tr -dc '.' | wc -c)\n exit=$(_math \"$exit\" + 1)\n i=$exit\n\n while\n [ \"$exit\" -gt 0 ]\n do\n tmp=$(echo \"$fulldomain\" | cut -d'.' -f\"$exit\")\n if [ \"$(_math \"$i\" - \"$exit\")\" -eq 0 ]; then\n domain=\"$tmp\"\n else\n domain=\"$tmp.$domain\"\n fi\n if [ \"$(_math \"$i\" - \"$exit\")\" -ge 1 ]; then\n msg=$(_post \"{\\\"action\\\": \\\"updateDnsRecords\\\", \\\"param\\\": {\\\"apikey\\\": \\\"$NC_Apikey\\\", \\\"apisessionid\\\": \\\"$sid\\\", \\\"customernumber\\\": \\\"$NC_CID\\\",\\\"clientrequestid\\\": \\\"$client\\\" , \\\"domainname\\\": \\\"$domain\\\", \\\"dnsrecordset\\\": { \\\"dnsrecords\\\": [ {\\\"id\\\": \\\"\\\", \\\"hostname\\\": \\\"$fulldomain.\\\", \\\"type\\\": \\\"TXT\\\", \\\"priority\\\": \\\"\\\", \\\"destination\\\": \\\"$txtvalue\\\", \\\"deleterecord\\\": \\\"false\\\", \\\"state\\\": \\\"yes\\\"} ]}}}\" \"$end\" \"\" \"POST\")\n _debug \"$msg\"\n if [ \"$(_getfield \"$msg\" \"5\" | sed 's/\"statuscode\"://g')\" != 5028 ]; then\n if [ \"$(_getfield \"$msg\" \"4\" | sed s/\\\"status\\\":\\\"//g | sed s/\\\"//g)\" != \"success\" ]; then\n _err \"$msg\"\n return 1\n else\n break\n fi\n fi\n fi\n exit=$(_math \"$exit\" - 1)\n done\n logout\n}\n\ndns_netcup_rm() {\n _login\n fulldomain=$1\n txtvalue=$2\n\n domain=\"\"\n exit=$(echo \"$fulldomain\" | tr -dc '.' | wc -c)\n exit=$(_math \"$exit\" + 1)\n i=$exit\n rec=\"\"\n\n while\n [ \"$exit\" -gt 0 ]\n do\n tmp=$(echo \"$fulldomain\" | cut -d'.' -f\"$exit\")\n if [ \"$(_math \"$i\" - \"$exit\")\" -eq 0 ]; then\n domain=\"$tmp\"\n else\n domain=\"$tmp.$domain\"\n fi\n if [ \"$(_math \"$i\" - \"$exit\")\" -ge 1 ]; then\n msg=$(_post \"{\\\"action\\\": \\\"infoDnsRecords\\\", \\\"param\\\": {\\\"apikey\\\": \\\"$NC_Apikey\\\", \\\"apisessionid\\\": \\\"$sid\\\", \\\"customernumber\\\": \\\"$NC_CID\\\", \\\"domainname\\\": \\\"$domain\\\"}}\" \"$end\" \"\" \"POST\")\n rec=$(echo \"$msg\" | sed 's/\\[//g' | sed 's/\\]//g' | sed 's/{\\\"serverrequestid\\\".*\\\"dnsrecords\\\"://g' | sed 's/},{/};{/g' | sed 's/{//g' | sed 's/}//g')\n _debug \"$msg\"\n if [ \"$(_getfield \"$msg\" \"5\" | sed 's/\"statuscode\"://g')\" != 5028 ]; then\n if [ \"$(_getfield \"$msg\" \"4\" | sed s/\\\"status\\\":\\\"//g | sed s/\\\"//g)\" != \"success\" ]; then\n _err \"$msg\"\n return 1\n else\n break\n fi\n fi\n fi\n exit=$(_math \"$exit\" - 1)\n done\n\n ida=0000\n idv=0001\n ids=0000000000\n i=1\n while\n [ \"$i\" -ne 0 ]\n do\n specrec=$(_getfield \"$rec\" \"$i\" \";\")\n idv=\"$ida\"\n ida=$(_getfield \"$specrec\" \"1\" \",\" | sed 's/\\\"id\\\":\\\"//g' | sed 's/\\\"//g')\n txtv=$(_getfield \"$specrec\" \"5\" \",\" | sed 's/\\\"destination\\\":\\\"//g' | sed 's/\\\"//g')\n i=$(_math \"$i\" + 1)\n if [ \"$txtvalue\" = \"$txtv\" ]; then\n i=0\n ids=\"$ida\"\n fi\n if [ \"$ida\" = \"$idv\" ]; then\n i=0\n fi\n done\n msg=$(_post \"{\\\"action\\\": \\\"updateDnsRecords\\\", \\\"param\\\": {\\\"apikey\\\": \\\"$NC_Apikey\\\", \\\"apisessionid\\\": \\\"$sid\\\", \\\"customernumber\\\": \\\"$NC_CID\\\",\\\"clientrequestid\\\": \\\"$client\\\" , \\\"domainname\\\": \\\"$domain\\\", \\\"dnsrecordset\\\": { \\\"dnsrecords\\\": [ {\\\"id\\\": \\\"$ids\\\", \\\"hostname\\\": \\\"$fulldomain.\\\", \\\"type\\\": \\\"TXT\\\", \\\"priority\\\": \\\"\\\", \\\"destination\\\": \\\"$txtvalue\\\", \\\"deleterecord\\\": \\\"TRUE\\\", \\\"state\\\": \\\"yes\\\"} ]}}}\" \"$end\" \"\" \"POST\")\n _debug \"$msg\"\n if [ \"$(_getfield \"$msg\" \"4\" | sed s/\\\"status\\\":\\\"//g | sed s/\\\"//g)\" != \"success\" ]; then\n _err \"$msg\"\n return 1\n fi\n logout\n}\n\n_login() {\n tmp=$(_post \"{\\\"action\\\": \\\"login\\\", \\\"param\\\": {\\\"apikey\\\": \\\"$NC_Apikey\\\", \\\"apipassword\\\": \\\"$NC_Apipw\\\", \\\"customernumber\\\": \\\"$NC_CID\\\"}}\" \"$end\" \"\" \"POST\")\n sid=$(echo \"$tmp\" | tr '{}' '\\n' | grep apisessionid | cut -d '\"' -f 4)\n _debug \"$tmp\"\n if [ \"$(_getfield \"$tmp\" \"4\" | sed s/\\\"status\\\":\\\"//g | sed s/\\\"//g)\" != \"success\" ]; then\n _err \"$tmp\"\n return 1\n fi\n}\nlogout() {\n tmp=$(_post \"{\\\"action\\\": \\\"logout\\\", \\\"param\\\": {\\\"apikey\\\": \\\"$NC_Apikey\\\", \\\"apisessionid\\\": \\\"$sid\\\", \\\"customernumber\\\": \\\"$NC_CID\\\"}}\" \"$end\" \"\" \"POST\")\n _debug \"$tmp\"\n if [ \"$(_getfield \"$tmp\" \"4\" | sed s/\\\"status\\\":\\\"//g | sed s/\\\"//g)\" != \"success\" ]; then\n _err \"$tmp\"\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_netlify.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_netlify_info='Netlify.com\nSite: Netlify.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_netlify\nOptions:\n NETLIFY_ACCESS_TOKEN API Token\nIssues: github.com/acmesh-official/acme.sh/issues/3088\n'\n\nNETLIFY_HOST=\"api.netlify.com/api/v1/\"\nNETLIFY_URL=\"https://$NETLIFY_HOST\"\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_netlify_add() {\n fulldomain=$1\n txtvalue=$2\n\n NETLIFY_ACCESS_TOKEN=\"${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}\"\n\n if [ -z \"$NETLIFY_ACCESS_TOKEN\" ]; then\n NETLIFY_ACCESS_TOKEN=\"\"\n _err \"Please specify your Netlify Access Token and try again.\"\n return 1\n else\n _saveaccountconf_mutable NETLIFY_ACCESS_TOKEN \"$NETLIFY_ACCESS_TOKEN\"\n fi\n\n _info \"Using Netlify\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n dnsRecordURI=\"dns_zones/$_domain_id/dns_records\"\n\n body=\"{\\\"type\\\":\\\"TXT\\\", \\\"hostname\\\":\\\"$_sub_domain\\\", \\\"value\\\":\\\"$txtvalue\\\", \\\"ttl\\\":\\\"10\\\"}\"\n\n _netlify_rest POST \"$dnsRecordURI\" \"$body\" \"$NETLIFY_ACCESS_TOKEN\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n if [ \"$_code\" = \"200\" ] || [ \"$_code\" = '201' ]; then\n _info \"validation value added\"\n return 0\n else\n _err \"error adding validation value ($_code)\"\n return 1\n fi\n\n}\n\n#Usage: dns_myapi_rm _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\n#Remove the txt record after validation.\ndns_netlify_rm() {\n _info \"Using Netlify\"\n txtdomain=\"$1\"\n txt=\"$2\"\n _debug txtdomain \"$txtdomain\"\n _debug txt \"$txt\"\n\n NETLIFY_ACCESS_TOKEN=\"${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}\"\n\n if ! _get_root \"$txtdomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n dnsRecordURI=\"dns_zones/$_domain_id/dns_records\"\n\n _netlify_rest GET \"$dnsRecordURI\" \"\" \"$NETLIFY_ACCESS_TOKEN\"\n\n _record_id=$(echo \"$response\" | _egrep_o \"\\\"type\\\":\\\"TXT\\\",[^\\}]*\\\"value\\\":\\\"$txt\\\"\" | head -n 1 | _egrep_o \"\\\"id\\\":\\\"[^\\\"\\}]*\\\"\" | cut -d : -f 2 | tr -d \\\")\n _debug _record_id \"$_record_id\"\n if [ \"$_record_id\" ]; then\n _netlify_rest DELETE \"$dnsRecordURI/$_record_id\" \"\" \"$NETLIFY_ACCESS_TOKEN\"\n _code=\"$(grep \"^HTTP\" \"$HTTP_HEADER\" | _tail_n 1 | cut -d \" \" -f 2 | tr -d \"\\\\r\\\\n\")\"\n if [ \"$_code\" = \"200\" ] || [ \"$_code\" = '204' ]; then\n _info \"validation value removed\"\n return 0\n else\n _err \"error removing validation value ($_code)\"\n return 1\n fi\n fi\n return 1\n}\n\n#################### Private functions below ##################################\n\n_get_root() {\n domain=$1\n accesstoken=$2\n i=1\n p=1\n\n _netlify_rest GET \"dns_zones\" \"\" \"$accesstoken\"\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug2 \"Checking domain: $h\"\n if [ -z \"$h\" ]; then\n #not valid\n _err \"Invalid domain\"\n return 1\n fi\n\n if _contains \"$response\" \"\\\"name\\\":\\\"$h\\\"\" >/dev/null; then\n _domain_id=$(echo \"$response\" | _egrep_o \"\\\"[^\\\"]*\\\",\\\"name\\\":\\\"$h\\\"\" | cut -d , -f 1 | tr -d \\\")\n if [ \"$_domain_id\" ]; then\n if [ \"$i\" = 1 ]; then\n #create the record at the domain apex (@) if only the domain name was provided as --domain-alias\n _sub_domain=\"@\"\n else\n _sub_domain=$(echo \"$domain\" | cut -d . -f 1-\"$p\")\n fi\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_netlify_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n token_trimmed=$(echo \"$NETLIFY_ACCESS_TOKEN\" | tr -d '\"')\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Authorization: Bearer $token_trimmed\"\n\n : >\"$HTTP_HEADER\"\n\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$NETLIFY_URL$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$NETLIFY_URL$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_nic.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nic_info='nic.ru\nSite: nic.ru\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nic\nOptions:\n NIC_ClientID Client ID\n NIC_ClientSecret Client Secret\n NIC_Username Username\n NIC_Password Password\nIssues: github.com/acmesh-official/acme.sh/issues/2547\n'\n\nNIC_Api=\"https://api.nic.ru\"\n\ndns_nic_add() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n\n if ! _nic_get_authtoken save; then\n _err \"get NIC auth token failed\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug _service \"$_service\"\n\n _info \"Adding record\"\n if ! _nic_rest PUT \"services/$_service/zones/$_domain/records\" \"$_sub_domainTXT$txtvalue\"; then\n _err \"Add TXT record error\"\n return 1\n fi\n\n if ! _nic_rest POST \"services/$_service/zones/$_domain/commit\" \"\"; then\n return 1\n fi\n _info \"Added, OK\"\n}\n\ndns_nic_rm() {\n fulldomain=\"${1}\"\n txtvalue=\"${2}\"\n\n if ! _nic_get_authtoken; then\n _err \"get NIC auth token failed\"\n return 1\n fi\n\n if ! _get_root \"$fulldomain\"; then\n _err \"Invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug _service \"$_service\"\n\n if ! _nic_rest GET \"services/$_service/zones/$_domain/records\"; then\n _err \"Get records error\"\n return 1\n fi\n\n _domain_id=$(printf \"%s\" \"$response\" | grep \"$_sub_domain\" | grep -- \"$txtvalue\" | sed -r \"s/.*\"; then\n error=$(printf \"%s\" \"$response\" | grep \"error code\" | sed -r \"s/.*(.*)<\\/error>/\\1/g\")\n _err \"Error: $error\"\n return 1\n fi\n\n if ! _contains \"$response\" \"success\"; then\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_njalla.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_njalla_info='Njalla\nSite: Njal.la\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_njalla\nOptions:\n NJALLA_Token API Token\nIssues: github.com/acmesh-official/acme.sh/issues/2913\n'\n\nNJALLA_Api=\"https://njal.la/api/1/\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_njalla_add() {\n fulldomain=$1\n txtvalue=$2\n\n NJALLA_Token=\"${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}\"\n\n if [ \"$NJALLA_Token\" ]; then\n _saveaccountconf_mutable NJALLA_Token \"$NJALLA_Token\"\n else\n NJALLA_Token=\"\"\n _err \"You didn't specify a Njalla api token yet.\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so\n # we can not use updating anymore.\n # count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"count\\\":[^,]*\" | cut -d : -f 2)\n # _debug count \"$count\"\n # if [ \"$count\" = \"0\" ]; then\n _info \"Adding record\"\n if _njalla_rest \"{\\\"method\\\":\\\"add-record\\\",\\\"params\\\":{\\\"domain\\\":\\\"$_domain\\\",\\\"type\\\":\\\"TXT\\\",\\\"name\\\":\\\"$_sub_domain\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"ttl\\\":120}}\"; then\n if _contains \"$response\" \"$txtvalue\"; then\n _info \"Added, OK\"\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n return 1\n\n}\n\n#fulldomain txtvalue\ndns_njalla_rm() {\n fulldomain=$1\n txtvalue=$2\n\n NJALLA_Token=\"${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}\"\n\n if [ \"$NJALLA_Token\" ]; then\n _saveaccountconf_mutable NJALLA_Token \"$NJALLA_Token\"\n else\n NJALLA_Token=\"\"\n _err \"You didn't specify a Njalla api token yet.\"\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting records for domain\"\n if ! _njalla_rest \"{\\\"method\\\":\\\"list-records\\\",\\\"params\\\":{\\\"domain\\\":\\\"${_domain}\\\"}}\"; then\n return 1\n fi\n\n if ! echo \"$response\" | tr -d \" \" | grep \"\\\"id\\\":\" >/dev/null; then\n _err \"Error: $response\"\n return 1\n fi\n\n records=$(echo \"$response\" | _egrep_o \"\\\"records\\\":\\s?\\[(.*)\\]\\}\" | _egrep_o \"\\[.*\\]\" | _egrep_o \"\\{[^\\{\\}]*\\\"id\\\":[^\\{\\}]*\\}\")\n count=$(echo \"$records\" | wc -l)\n _debug count \"$count\"\n\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n echo \"$records\" | while read -r record; do\n record_name=$(echo \"$record\" | _egrep_o \"\\\"name\\\":\\s?\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \" \" | tr -d \\\")\n record_content=$(echo \"$record\" | _egrep_o \"\\\"content\\\":\\s?\\\"[^\\\"]*\\\"\" | cut -d : -f 2 | tr -d \" \" | tr -d \\\")\n record_id=$(echo \"$record\" | _egrep_o \"\\\"id\\\":\\s?[0-9]+\" | cut -d : -f 2 | tr -d \" \" | tr -d \\\")\n if [ \"$_sub_domain\" = \"$record_name\" ]; then\n if [ \"$txtvalue\" = \"$record_content\" ]; then\n _debug \"record_id\" \"$record_id\"\n if ! _njalla_rest \"{\\\"method\\\":\\\"remove-record\\\",\\\"params\\\":{\\\"domain\\\":\\\"${_domain}\\\",\\\"id\\\":${record_id}}}\"; then\n _err \"Delete record error.\"\n return 1\n fi\n echo \"$response\" | tr -d \" \" | grep \"\\\"result\\\"\" >/dev/null\n fi\n fi\n done\n fi\n\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=1\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if ! _njalla_rest \"{\\\"method\\\":\\\"get-domain\\\",\\\"params\\\":{\\\"domain\\\":\\\"${h}\\\"}}\"; then\n return 1\n fi\n\n if _contains \"$response\" \"\\\"$h\\\"\"; then\n _domain_returned=$(echo \"$response\" | _egrep_o \"\\{\\\"name\\\": *\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \\\" | tr -d \" \")\n if [ \"$_domain_returned\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_njalla_rest() {\n data=\"$1\"\n\n token_trimmed=$(echo \"$NJALLA_Token\" | tr -d '\"')\n\n export _H1=\"Content-Type: application/json\"\n export _H2=\"Accept: application/json\"\n export _H3=\"Authorization: Njalla $token_trimmed\"\n\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$NJALLA_Api\" \"\" \"POST\")\"\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $data\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_nm.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nm_info='NameMaster.de\nSite: NameMaster.de\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nm\nOptions:\n NM_user API Username\n NM_sha256 API Password as SHA256 hash\nAuthor: Thilo Gass \n'\n\n#-- dns_nm_add() - Add TXT record --------------------------------------\n# Usage: dns_nm_add _acme-challenge.subdomain.domain.com \"XyZ123...\"\n\nnamemaster_api=\"https://namemaster.de/api/api.php\"\n\ndns_nm_add() {\n fulldomain=$1\n txt_value=$2\n _info \"Using DNS-01 namemaster hook\"\n\n NM_user=\"${NM_user:-$(_readaccountconf_mutable NM_user)}\"\n NM_sha256=\"${NM_sha256:-$(_readaccountconf_mutable NM_sha256)}\"\n if [ -z \"$NM_user\" ] || [ -z \"$NM_sha256\" ]; then\n NM_user=\"\"\n NM_sha256=\"\"\n _err \"No auth details provided. Please set user credentials using the \\$NM_user and \\$NM_sha256 environment variables.\"\n return 1\n fi\n #save the api user and sha256 password to the account conf file.\n _debug \"Save user and hash\"\n _saveaccountconf_mutable NM_user \"$NM_user\"\n _saveaccountconf_mutable NM_sha256 \"$NM_sha256\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\" \"$fulldomain\"\n return 1\n fi\n\n _info \"die Zone lautet:\" \"$zone\"\n\n get=\"$namemaster_api?User=$NM_user&Password=$NM_sha256&Antwort=csv&Typ=ACME&zone=$zone&hostname=$fulldomain&TXT=$txt_value&Action=Auto&Lifetime=3600\"\n\n if ! erg=\"$(_get \"$get\")\"; then\n _err \"error Adding $fulldomain TXT: $txt_value\"\n return 1\n fi\n\n if _contains \"$erg\" \"Success\"; then\n _info \"Success, TXT Added, OK\"\n else\n _err \"error Adding $fulldomain TXT: $txt_value erg: $erg\"\n return 1\n fi\n\n _debug \"ok Auto $fulldomain TXT: $txt_value erg: $erg\"\n return 0\n}\n\ndns_nm_rm() {\n\n fulldomain=$1\n txtvalue=$2\n _info \"TXT enrty in $fulldomain is deleted automatically\"\n _debug fulldomain \"$fulldomain\"\n _debug txtvalue \"$txtvalue\"\n\n}\n\n_get_root() {\n\n domain=$1\n\n get=\"$namemaster_api?User=$NM_user&Password=$NM_sha256&Typ=acme&hostname=$domain&Action=getzone&antwort=csv\"\n\n if ! zone=\"$(_get \"$get\")\"; then\n _err \"error getting Zone\"\n return 1\n else\n if _contains \"$zone\" \"hostname not found\"; then\n return 1\n fi\n fi\n\n}\n"
},
{
"path": "dnsapi/dns_nsd.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nsd_info='NLnetLabs NSD Server\nSite: github.com/NLnetLabs/nsd\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#nsd\nOptions:\n Nsd_ZoneFile Zone File path. E.g. \"/etc/nsd/zones/example.com.zone\"\n Nsd_Command Command. E.g. \"sudo nsd-control reload\"\nIssues: github.com/acmesh-official/acme.sh/issues/2245\n'\n\n# args: fulldomain txtvalue\ndns_nsd_add() {\n fulldomain=$1\n txtvalue=$2\n ttlvalue=300\n\n Nsd_ZoneFile=\"${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}\"\n Nsd_Command=\"${Nsd_Command:-$(_readdomainconf Nsd_Command)}\"\n\n # Arg checks\n if [ -z \"$Nsd_ZoneFile\" ] || [ -z \"$Nsd_Command\" ]; then\n Nsd_ZoneFile=\"\"\n Nsd_Command=\"\"\n _err \"Specify ENV vars Nsd_ZoneFile and Nsd_Command\"\n return 1\n fi\n\n if [ ! -f \"$Nsd_ZoneFile\" ]; then\n Nsd_ZoneFile=\"\"\n Nsd_Command=\"\"\n _err \"No such file: $Nsd_ZoneFile\"\n return 1\n fi\n\n _savedomainconf Nsd_ZoneFile \"$Nsd_ZoneFile\"\n _savedomainconf Nsd_Command \"$Nsd_Command\"\n\n echo \"$fulldomain. $ttlvalue IN TXT \\\"$txtvalue\\\"\" >>\"$Nsd_ZoneFile\"\n _info \"Added TXT record for $fulldomain\"\n _debug \"Running $Nsd_Command\"\n if eval \"$Nsd_Command\"; then\n _info \"Successfully updated the zone\"\n return 0\n else\n _err \"Problem updating the zone\"\n return 1\n fi\n}\n\n# args: fulldomain txtvalue\ndns_nsd_rm() {\n fulldomain=$1\n txtvalue=$2\n ttlvalue=300\n\n Nsd_ZoneFile=\"${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}\"\n Nsd_Command=\"${Nsd_Command:-$(_readdomainconf Nsd_Command)}\"\n\n _sed_i \"/$fulldomain. $ttlvalue IN TXT \\\"$txtvalue\\\"/d\" \"$Nsd_ZoneFile\"\n _info \"Removed TXT record for $fulldomain\"\n _debug \"Running $Nsd_Command\"\n if eval \"$Nsd_Command\"; then\n _info \"Successfully reloaded NSD \"\n return 0\n else\n _err \"Problem reloading NSD\"\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_nsone.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nsone_info='ns1.com\nDomains: ns1.net\nSite: ns1.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsone\nOptions:\n NS1_Key API Key\nAuthor: \n'\n\nNS1_Api=\"https://api.nsone.net/v1\"\n\n######## Public functions #####################\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_nsone_add() {\n fulldomain=$1\n txtvalue=$2\n\n if [ -z \"$NS1_Key\" ]; then\n NS1_Key=\"\"\n _err \"You didn't specify nsone dns api key yet.\"\n _err \"Please create you key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf NS1_Key \"$NS1_Key\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _nsone_rest GET \"zones/${_domain}\"\n\n if ! _contains \"$response\" \"\\\"records\\\":\"; then\n _err \"Error\"\n return 1\n fi\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"domain\\\":\\\"$fulldomain\\\",[^{]*\\\"type\\\":\\\"TXT\\\"\" | wc -l | tr -d \" \")\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Adding record\"\n\n if _nsone_rest PUT \"zones/$_domain/$fulldomain/TXT\" \"{\\\"answers\\\":[{\\\"answer\\\":[\\\"$txtvalue\\\"]}],\\\"type\\\":\\\"TXT\\\",\\\"domain\\\":\\\"$fulldomain\\\",\\\"zone\\\":\\\"$_domain\\\",\\\"ttl\\\":0}\"; then\n if _contains \"$response\" \"$fulldomain\"; then\n _info \"Added\"\n #todo: check if the record takes effect\n return 0\n else\n _err \"Add txt record error.\"\n return 1\n fi\n fi\n _err \"Add txt record error.\"\n else\n _info \"Updating record\"\n prev_txt=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"domain\\\":\\\"$fulldomain\\\",\\\"short_answers\\\":\\[\\\"[^,]*\\]\" | _head_n 1 | cut -d: -f3 | cut -d, -f1)\n _debug \"prev_txt\" \"$prev_txt\"\n\n _nsone_rest POST \"zones/$_domain/$fulldomain/TXT\" \"{\\\"answers\\\": [{\\\"answer\\\": [\\\"$txtvalue\\\"]},{\\\"answer\\\": $prev_txt}],\\\"type\\\": \\\"TXT\\\",\\\"domain\\\":\\\"$fulldomain\\\",\\\"zone\\\": \\\"$_domain\\\",\\\"ttl\\\":0}\"\n if [ \"$?\" = \"0\" ] && _contains \"$response\" \"$fulldomain\"; then\n _info \"Updated!\"\n #todo: check if the record takes effect\n return 0\n fi\n _err \"Update error\"\n return 1\n fi\n\n}\n\n#fulldomain\ndns_nsone_rm() {\n fulldomain=$1\n txtvalue=$2\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n\n _debug \"Getting txt records\"\n _nsone_rest GET \"zones/${_domain}/$fulldomain/TXT\"\n\n count=$(printf \"%s\\n\" \"$response\" | _egrep_o \"\\\"domain\\\":\\\"$fulldomain\\\",.*\\\"type\\\":\\\"TXT\\\"\" | wc -l | tr -d \" \")\n _debug count \"$count\"\n if [ \"$count\" = \"0\" ]; then\n _info \"Don't need to remove.\"\n else\n if ! _nsone_rest DELETE \"zones/${_domain}/$fulldomain/TXT\"; then\n _err \"Delete record error.\"\n return 1\n fi\n _contains \"$response\" \"\"\n fi\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_id=sdjkglgdfewsdfg\n_get_root() {\n domain=$1\n i=2\n p=1\n if ! _nsone_rest GET \"zones\"; then\n return 1\n fi\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n if _contains \"$response\" \"\\\"zone\\\":\\\"$h\\\"\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n}\n\n_nsone_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"X-NSONE-Key: $NS1_Key\"\n if [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$NS1_Api/$ep\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$NS1_Api/$ep\")\"\n fi\n\n if [ \"$?\" != \"0\" ]; then\n _err \"error $ep\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_nsupdate.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_nsupdate_info='nsupdate RFC 2136 DynDNS client\nSite: bind9.readthedocs.io/en/v9.18.19/manpages.html#nsupdate-dynamic-dns-update-utility\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsupdate\nOptions:\n NSUPDATE_SERVER Server hostname. Default: \"localhost\".\n NSUPDATE_SERVER_PORT Server port. Default: \"53\".\n NSUPDATE_KEY File path to TSIG key. Default: \"\". Optional.\n NSUPDATE_ZONE Domain zone to update. Optional.\n'\n\n######## Public functions #####################\n\n#Usage: dns_nsupdate_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_nsupdate_add() {\n fulldomain=$1\n txtvalue=$2\n NSUPDATE_SERVER=\"${NSUPDATE_SERVER:-$(_readaccountconf_mutable NSUPDATE_SERVER)}\"\n NSUPDATE_SERVER_PORT=\"${NSUPDATE_SERVER_PORT:-$(_readaccountconf_mutable NSUPDATE_SERVER_PORT)}\"\n NSUPDATE_KEY=\"${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}\"\n NSUPDATE_ZONE=\"${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}\"\n NSUPDATE_OPT=\"${NSUPDATE_OPT:-$(_readaccountconf_mutable NSUPDATE_OPT)}\"\n\n # save the dns server and key to the account conf file.\n _saveaccountconf_mutable NSUPDATE_SERVER \"${NSUPDATE_SERVER}\"\n _saveaccountconf_mutable NSUPDATE_SERVER_PORT \"${NSUPDATE_SERVER_PORT}\"\n _saveaccountconf_mutable NSUPDATE_KEY \"${NSUPDATE_KEY}\"\n _saveaccountconf_mutable NSUPDATE_ZONE \"${NSUPDATE_ZONE}\"\n _saveaccountconf_mutable NSUPDATE_OPT \"${NSUPDATE_OPT}\"\n\n [ -n \"${NSUPDATE_SERVER}\" ] || NSUPDATE_SERVER=\"localhost\"\n [ -n \"${NSUPDATE_SERVER_PORT}\" ] || NSUPDATE_SERVER_PORT=53\n [ -n \"${NSUPDATE_KEY}\" ] || NSUPDATE_KEY=\"\"\n [ -n \"${NSUPDATE_OPT}\" ] || NSUPDATE_OPT=\"\"\n\n NSUPDATE_SERVER_LIST=$(printf \"%s\" \"$NSUPDATE_SERVER\" | tr ',' ' ')\n\n _info \"adding ${fulldomain}. 60 in txt \\\"${txtvalue}\\\"\"\n [ -n \"$DEBUG\" ] && [ \"$DEBUG\" -ge \"$DEBUG_LEVEL_1\" ] && nsdebug=\"-d\"\n [ -n \"$DEBUG\" ] && [ \"$DEBUG\" -ge \"$DEBUG_LEVEL_2\" ] && nsdebug=\"-D\"\n\n for NS_SERVER in $NSUPDATE_SERVER_LIST; do\n _info \"Updating DNS server: $NS_SERVER\"\n\n if [ -z \"${NSUPDATE_ZONE}\" ]; then\n #shellcheck disable=SC2086\n if [ -z \"${NSUPDATE_KEY}\" ]; then\n nsupdate $nsdebug $NSUPDATE_OPT <\n'\n\n# Endpoints:\n# - https://portal.nexcess.net (default)\n# - https://core.thermo.io\n# - https://my.futurehosting.com\n#\n# Note: If you do not have an API token, one can be generated at one\n# of the following URLs:\n# - https://portal.nexcess.net/api-token\n# - https://core.thermo.io/api-token\n# - https://my.futurehosting.com/api-token\n\nNW_API_VERSION=\"0\"\n\n# dns_nw_add() - Add TXT record\n# Usage: dns_nw_add _acme-challenge.subdomain.domain.com \"XyZ123...\"\ndns_nw_add() {\n host=\"${1}\"\n txtvalue=\"${2}\"\n\n _debug host \"${host}\"\n _debug txtvalue \"${txtvalue}\"\n\n if ! _check_nw_api_creds; then\n return 1\n fi\n\n _info \"Using NocWorx (${NW_API_ENDPOINT})\"\n _debug \"Calling: dns_nw_add() '${host}' '${txtvalue}'\"\n\n _debug \"Detecting root zone\"\n if ! _get_root \"${host}\"; then\n _err \"Zone for domain does not exist.\"\n return 1\n fi\n _debug _zone_id \"${_zone_id}\"\n _debug _sub_domain \"${_sub_domain}\"\n _debug _domain \"${_domain}\"\n\n _post_data=\"{\\\"zone_id\\\": \\\"${_zone_id}\\\", \\\"type\\\": \\\"TXT\\\", \\\"host\\\": \\\"${host}\\\", \\\"target\\\": \\\"${txtvalue}\\\", \\\"ttl\\\": \\\"300\\\"}\"\n\n if _rest POST \"dns-record\" \"${_post_data}\" && [ -n \"${response}\" ]; then\n _record_id=$(printf \"%s\\n\" \"${response}\" | _egrep_o \"\\\"record_id\\\": *[0-9]+\" | cut -d : -f 2 | tr -d \" \" | _head_n 1)\n _debug _record_id \"${_record_id}\"\n\n if [ -z \"$_record_id\" ]; then\n _err \"Error adding the TXT record.\"\n return 1\n fi\n\n _info \"TXT record successfully added.\"\n return 0\n fi\n\n return 1\n}\n\n# dns_nw_rm() - Remove TXT record\n# Usage: dns_nw_rm _acme-challenge.subdomain.domain.com \"XyZ123...\"\ndns_nw_rm() {\n host=\"${1}\"\n txtvalue=\"${2}\"\n\n _debug host \"${host}\"\n _debug txtvalue \"${txtvalue}\"\n\n if ! _check_nw_api_creds; then\n return 1\n fi\n\n _info \"Using NocWorx (${NW_API_ENDPOINT})\"\n _debug \"Calling: dns_nw_rm() '${host}'\"\n\n _debug \"Detecting root zone\"\n if ! _get_root \"${host}\"; then\n _err \"Zone for domain does not exist.\"\n return 1\n fi\n _debug _zone_id \"${_zone_id}\"\n _debug _sub_domain \"${_sub_domain}\"\n _debug _domain \"${_domain}\"\n\n _parameters=\"?zone_id=${_zone_id}\"\n\n if _rest GET \"dns-record\" \"${_parameters}\" && [ -n \"${response}\" ]; then\n response=\"$(echo \"${response}\" | tr -d \"\\n\" | sed 's/^\\[\\(.*\\)\\]$/\\1/' | sed -e 's/{\"record_id\":/|\"record_id\":/g' | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n _debug response \"${response}\"\n\n record=\"$(echo \"${response}\" | _egrep_o \"{.*\\\"host\\\": *\\\"${_sub_domain}\\\", *\\\"target\\\": *\\\"${txtvalue}\\\".*}\")\"\n _debug record \"${record}\"\n\n if [ \"${record}\" ]; then\n _record_id=$(printf \"%s\\n\" \"${record}\" | _egrep_o \"\\\"record_id\\\": *[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"${_record_id}\" ]; then\n _debug _record_id \"${_record_id}\"\n\n _rest DELETE \"dns-record/${_record_id}\"\n\n _info \"TXT record successfully deleted.\"\n return 0\n fi\n\n return 1\n fi\n\n return 0\n fi\n\n return 1\n}\n\n_check_nw_api_creds() {\n NW_API_TOKEN=\"${NW_API_TOKEN:-$(_readaccountconf_mutable NW_API_TOKEN)}\"\n NW_API_ENDPOINT=\"${NW_API_ENDPOINT:-$(_readaccountconf_mutable NW_API_ENDPOINT)}\"\n\n if [ -z \"${NW_API_ENDPOINT}\" ]; then\n NW_API_ENDPOINT=\"https://portal.nexcess.net\"\n fi\n\n if [ -z \"${NW_API_TOKEN}\" ]; then\n _err \"You have not defined your NW_API_TOKEN.\"\n _err \"Please create your token and try again.\"\n _err \"If you need to generate a new token, please visit one of the following URLs:\"\n _err \" - https://portal.nexcess.net/api-token\"\n _err \" - https://core.thermo.io/api-token\"\n _err \" - https://my.futurehosting.com/api-token\"\n\n return 1\n fi\n\n _saveaccountconf_mutable NW_API_TOKEN \"${NW_API_TOKEN}\"\n _saveaccountconf_mutable NW_API_ENDPOINT \"${NW_API_ENDPOINT}\"\n}\n\n_get_root() {\n domain=\"${1}\"\n i=2\n p=1\n\n if _rest GET \"dns-zone\"; then\n response=\"$(echo \"${response}\" | tr -d \"\\n\" | sed 's/^\\[\\(.*\\)\\]$/\\1/' | sed -e 's/{\"zone_id\":/|\"zone_id\":/g' | sed 's/|/&{/g' | tr \"|\" \"\\n\")\"\n\n _debug response \"${response}\"\n while true; do\n h=$(printf \"%s\" \"${domain}\" | cut -d . -f \"$i\"-100)\n _debug h \"${h}\"\n if [ -z \"${h}\" ]; then\n #not valid\n return 1\n fi\n\n hostedzone=\"$(echo \"${response}\" | _egrep_o \"{.*\\\"domain\\\": *\\\"${h}\\\".*}\")\"\n if [ \"${hostedzone}\" ]; then\n _zone_id=$(printf \"%s\\n\" \"${hostedzone}\" | _egrep_o \"\\\"zone_id\\\": *[0-9]+\" | _head_n 1 | cut -d : -f 2 | tr -d \\ )\n if [ \"${_zone_id}\" ]; then\n _sub_domain=$(printf \"%s\" \"${domain}\" | cut -d . -f 1-\"${p}\")\n _domain=\"${h}\"\n return 0\n fi\n return 1\n fi\n p=$i\n i=$(_math \"${i}\" + 1)\n done\n fi\n return 1\n}\n\n_rest() {\n method=\"${1}\"\n ep=\"/${2}\"\n data=\"${3}\"\n\n _debug method \"${method}\"\n _debug ep \"${ep}\"\n\n export _H1=\"Accept: application/json\"\n export _H2=\"Content-Type: application/json\"\n export _H3=\"Api-Version: ${NW_API_VERSION}\"\n export _H4=\"User-Agent: NW-ACME-CLIENT\"\n export _H5=\"Authorization: Bearer ${NW_API_TOKEN}\"\n\n if [ \"${method}\" != \"GET\" ]; then\n _debug data \"${data}\"\n response=\"$(_post \"${data}\" \"${NW_API_ENDPOINT}${ep}\" \"\" \"${method}\")\"\n else\n response=\"$(_get \"${NW_API_ENDPOINT}${ep}${data}\")\"\n fi\n\n if [ \"${?}\" != \"0\" ]; then\n _err \"error ${ep}\"\n return 1\n fi\n _debug2 response \"${response}\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_oci.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_oci_info='Oracle Cloud Infrastructure (OCI)\n If OCI CLI configuration file ~/.oci/config has a DEFAULT profile then it will be used.\nSite: Cloud.Oracle.com\nDocs: github.com/acmesh-official/acme.sh/wiki/How-to-use-Oracle-Cloud-Infrastructure-DNS\nOptions:\n OCI_CLI_TENANCY OCID of tenancy that contains the target DNS zone. Optional.\n OCI_CLI_USER OCID of user with permission to add/remove records from zones. Optional.\n OCI_CLI_REGION Should point to the tenancy home region. Optional.\n OCI_CLI_KEY_FILE Path to private API signing key file in PEM format. Optional.\n OCI_CLI_KEY The private API signing key in PEM format. Optional.\nIssues: github.com/acmesh-official/acme.sh/issues/3540\nAuthor: Avi Miller \n'\n\n# Copyright (c) 2021, Oracle and/or its affiliates\n#\n# The plugin will automatically use the default profile from an OCI SDK and CLI\n# configuration file, if it exists.\n#\n# Alternatively, set the following environment variables:\n# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone\n# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones\n# - OCI_CLI_REGION : Should point to the tenancy home region\n#\n# One of the following two variables is required:\n# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or\n# - OCI_CLI_KEY : The private API signing key in PEM format\n#\n# NOTE: using an encrypted private key that needs a passphrase is not supported.\n#\n\ndns_oci_add() {\n _fqdn=\"$1\"\n _rdata=\"$2\"\n\n if _get_oci_zone; then\n\n _add_record_body=\"{\\\"items\\\":[{\\\"domain\\\":\\\"${_sub_domain}.${_domain}\\\",\\\"rdata\\\":\\\"$_rdata\\\",\\\"rtype\\\":\\\"TXT\\\",\\\"ttl\\\": 30,\\\"operation\\\":\\\"ADD\\\"}]}\"\n response=$(_signed_request \"PATCH\" \"/20180115/zones/${_domain}/records\" \"$_add_record_body\")\n if [ \"$response\" ]; then\n _info \"Success: added TXT record for ${_sub_domain}.${_domain}.\"\n else\n _err \"Error: failed to add TXT record for ${_sub_domain}.${_domain}.\"\n _err \"Check that the user has permission to add records to this zone.\"\n return 1\n fi\n\n else\n return 1\n fi\n\n}\n\ndns_oci_rm() {\n _fqdn=\"$1\"\n _rdata=\"$2\"\n\n if _get_oci_zone; then\n\n _remove_record_body=\"{\\\"items\\\":[{\\\"domain\\\":\\\"${_sub_domain}.${_domain}\\\",\\\"rdata\\\":\\\"$_rdata\\\",\\\"rtype\\\":\\\"TXT\\\",\\\"operation\\\":\\\"REMOVE\\\"}]}\"\n response=$(_signed_request \"PATCH\" \"/20180115/zones/${_domain}/records\" \"$_remove_record_body\")\n if [ \"$response\" ]; then\n _info \"Success: removed TXT record for ${_sub_domain}.${_domain}.\"\n else\n _err \"Error: failed to remove TXT record for ${_sub_domain}.${_domain}.\"\n _err \"Check that the user has permission to remove records from this zone.\"\n return 1\n fi\n\n else\n return 1\n fi\n\n}\n\n#################### Private functions below ##################################\n_get_oci_zone() {\n\n if ! _oci_config; then\n return 1\n fi\n\n if ! _get_zone \"$_fqdn\"; then\n _err \"Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY\"\n return 1\n fi\n\n return 0\n\n}\n\n_oci_config() {\n\n _DEFAULT_OCI_CLI_CONFIG_FILE=\"$HOME/.oci/config\"\n OCI_CLI_CONFIG_FILE=\"${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}\"\n\n if [ -z \"$OCI_CLI_CONFIG_FILE\" ]; then\n OCI_CLI_CONFIG_FILE=\"$_DEFAULT_OCI_CLI_CONFIG_FILE\"\n fi\n\n if [ \"$_DEFAULT_OCI_CLI_CONFIG_FILE\" != \"$OCI_CLI_CONFIG_FILE\" ]; then\n _saveaccountconf_mutable OCI_CLI_CONFIG_FILE \"$OCI_CLI_CONFIG_FILE\"\n else\n _clearaccountconf_mutable OCI_CLI_CONFIG_FILE\n fi\n\n _DEFAULT_OCI_CLI_PROFILE=\"DEFAULT\"\n OCI_CLI_PROFILE=\"${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}\"\n if [ \"$_DEFAULT_OCI_CLI_PROFILE\" != \"$OCI_CLI_PROFILE\" ]; then\n _saveaccountconf_mutable OCI_CLI_PROFILE \"$OCI_CLI_PROFILE\"\n else\n OCI_CLI_PROFILE=\"$_DEFAULT_OCI_CLI_PROFILE\"\n _clearaccountconf_mutable OCI_CLI_PROFILE\n fi\n\n OCI_CLI_TENANCY=\"${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}\"\n if [ \"$OCI_CLI_TENANCY\" ]; then\n _saveaccountconf_mutable OCI_CLI_TENANCY \"$OCI_CLI_TENANCY\"\n elif [ -f \"$OCI_CLI_CONFIG_FILE\" ]; then\n _debug \"Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE\"\n OCI_CLI_TENANCY=\"${OCI_CLI_TENANCY:-$(_readini \"$OCI_CLI_CONFIG_FILE\" tenancy \"$OCI_CLI_PROFILE\")}\"\n fi\n\n if [ -z \"$OCI_CLI_TENANCY\" ]; then\n _err \"Error: unable to read OCI_CLI_TENANCY from config file or environment variable.\"\n return 1\n fi\n\n OCI_CLI_USER=\"${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}\"\n if [ \"$OCI_CLI_USER\" ]; then\n _saveaccountconf_mutable OCI_CLI_USER \"$OCI_CLI_USER\"\n elif [ -f \"$OCI_CLI_CONFIG_FILE\" ]; then\n _debug \"Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE\"\n OCI_CLI_USER=\"${OCI_CLI_USER:-$(_readini \"$OCI_CLI_CONFIG_FILE\" user \"$OCI_CLI_PROFILE\")}\"\n fi\n if [ -z \"$OCI_CLI_USER\" ]; then\n _err \"Error: unable to read OCI_CLI_USER from config file or environment variable.\"\n return 1\n fi\n\n OCI_CLI_REGION=\"${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}\"\n if [ \"$OCI_CLI_REGION\" ]; then\n _saveaccountconf_mutable OCI_CLI_REGION \"$OCI_CLI_REGION\"\n elif [ -f \"$OCI_CLI_CONFIG_FILE\" ]; then\n _debug \"Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE\"\n OCI_CLI_REGION=\"${OCI_CLI_REGION:-$(_readini \"$OCI_CLI_CONFIG_FILE\" region \"$OCI_CLI_PROFILE\")}\"\n fi\n if [ -z \"$OCI_CLI_REGION\" ]; then\n _err \"Error: unable to read OCI_CLI_REGION from config file or environment variable.\"\n return 1\n fi\n\n OCI_CLI_KEY=\"${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}\"\n if [ -z \"$OCI_CLI_KEY\" ]; then\n _clearaccountconf_mutable OCI_CLI_KEY\n OCI_CLI_KEY_FILE=\"${OCI_CLI_KEY_FILE:-$(_readini \"$OCI_CLI_CONFIG_FILE\" key_file \"$OCI_CLI_PROFILE\")}\"\n if [ \"$OCI_CLI_KEY_FILE\" ] && [ -f \"$OCI_CLI_KEY_FILE\" ]; then\n _debug \"Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE\"\n OCI_CLI_KEY=$(_base64 <\"$OCI_CLI_KEY_FILE\")\n _saveaccountconf_mutable OCI_CLI_KEY \"$OCI_CLI_KEY\"\n fi\n else\n _saveaccountconf_mutable OCI_CLI_KEY \"$OCI_CLI_KEY\"\n fi\n\n if [ -z \"$OCI_CLI_KEY_FILE\" ] && [ -z \"$OCI_CLI_KEY\" ]; then\n _err \"Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE.\"\n _err \"Error: unable to load private API signing key from OCI_CLI_KEY.\"\n return 1\n fi\n\n if [ \"$(printf \"%s\\n\" \"$OCI_CLI_KEY\" | wc -l)\" -eq 1 ]; then\n OCI_CLI_KEY=$(printf \"%s\" \"$OCI_CLI_KEY\" | _dbase64)\n fi\n\n return 0\n\n}\n\n# _get_zone(): retrieves the Zone name and OCID\n#\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n# _domain_ociid=ocid1.dns-zone.oc1..\n_get_zone() {\n domain=$1\n i=1\n p=1\n\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n # not valid\n return 1\n fi\n\n _domain_id=$(_signed_request \"GET\" \"/20180115/zones/$h\" \"\" \"id\")\n if [ \"$_domain_id\" ]; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=$h\n\n _debug _domain_id \"$_domain_id\"\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n return 0\n fi\n\n p=$i\n i=$(_math \"$i\" + 1)\n done\n return 1\n\n}\n\n#Usage: privatekey\n#Output MD5 fingerprint\n_fingerprint() {\n\n pkey=\"$1\"\n if [ -z \"$pkey\" ]; then\n _usage \"Usage: _fingerprint privkey\"\n return 1\n fi\n\n printf \"%s\" \"$pkey\" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' '\n\n}\n\n_signed_request() {\n\n _sig_method=\"$1\"\n _sig_target=\"$2\"\n _sig_body=\"$3\"\n _return_field=\"$4\"\n\n _key_fingerprint=$(_fingerprint \"$OCI_CLI_KEY\")\n _sig_host=\"dns.$OCI_CLI_REGION.oraclecloud.com\"\n _sig_keyId=\"$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint\"\n _sig_alg=\"rsa-sha256\"\n _sig_version=\"1\"\n _sig_now=\"$(LC_ALL=C \\date -u \"+%a, %d %h %Y %H:%M:%S GMT\")\"\n\n _request_method=$(printf %s \"$_sig_method\" | _lower_case)\n _curl_method=$(printf %s \"$_sig_method\" | _upper_case)\n\n _request_target=\"(request-target): $_request_method $_sig_target\"\n _date_header=\"date: $_sig_now\"\n _host_header=\"host: $_sig_host\"\n\n _string_to_sign=\"$_request_target\\n$_date_header\\n$_host_header\"\n _sig_headers=\"(request-target) date host\"\n\n if [ \"$_sig_body\" ]; then\n _secure_debug3 _sig_body \"$_sig_body\"\n _sig_body_sha256=\"x-content-sha256: $(printf %s \"$_sig_body\" | _digest sha256)\"\n _sig_body_type=\"content-type: application/json\"\n _sig_body_length=\"content-length: ${#_sig_body}\"\n _string_to_sign=\"$_string_to_sign\\n$_sig_body_sha256\\n$_sig_body_type\\n$_sig_body_length\"\n _sig_headers=\"$_sig_headers x-content-sha256 content-type content-length\"\n fi\n\n _tmp_file=$(_mktemp)\n if [ -f \"$_tmp_file\" ]; then\n printf '%s' \"$OCI_CLI_KEY\" >\"$_tmp_file\"\n _signature=$(printf '%b' \"$_string_to_sign\" | _sign \"$_tmp_file\" sha256 | tr -d '\\r\\n')\n rm -f \"$_tmp_file\"\n fi\n\n _signed_header=\"Authorization: Signature version=\\\"$_sig_version\\\",keyId=\\\"$_sig_keyId\\\",algorithm=\\\"$_sig_alg\\\",headers=\\\"$_sig_headers\\\",signature=\\\"$_signature\\\"\"\n _secure_debug3 _signed_header \"$_signed_header\"\n\n if [ \"$_curl_method\" = \"GET\" ]; then\n export _H1=\"$_date_header\"\n export _H2=\"$_signed_header\"\n _response=\"$(_get \"https://${_sig_host}${_sig_target}\")\"\n elif [ \"$_curl_method\" = \"PATCH\" ]; then\n export _H1=\"$_date_header\"\n # shellcheck disable=SC2090\n export _H2=\"$_sig_body_sha256\"\n export _H3=\"$_sig_body_type\"\n export _H4=\"$_sig_body_length\"\n export _H5=\"$_signed_header\"\n _response=\"$(_post \"$_sig_body\" \"https://${_sig_host}${_sig_target}\" \"\" \"PATCH\")\"\n else\n _err \"Unable to process method: $_curl_method.\"\n fi\n\n _ret=\"$?\"\n if [ \"$_return_field\" ]; then\n _response=\"$(echo \"$_response\" | sed 's/\\\\\\\"//g'))\"\n _return=$(echo \"${_response}\" | _egrep_o \"\\\"$_return_field\\\"\\\\s*:\\\\s*\\\"[^\\\"]*\\\"\" | _head_n 1 | cut -d : -f 2 | tr -d \"\\\"\")\n else\n _return=\"$_response\"\n fi\n\n printf \"%s\" \"$_return\"\n return $_ret\n\n}\n\n# file key [section]\n_readini() {\n _file=\"$1\"\n _key=\"$2\"\n _section=\"${3:-DEFAULT}\"\n\n _start_n=$(grep -n '\\['\"$_section\"']' \"$_file\" | cut -d : -f 1)\n _debug3 _start_n \"$_start_n\"\n if [ -z \"$_start_n\" ]; then\n _err \"Can not find section: $_section\"\n return 1\n fi\n\n _start_nn=$(_math \"$_start_n\" + 1)\n _debug3 \"_start_nn\" \"$_start_nn\"\n\n _left=\"$(sed -n \"${_start_nn},99999p\" \"$_file\")\"\n _debug3 _left \"$_left\"\n _end=\"$(echo \"$_left\" | grep -n \"^\\[\" | _head_n 1)\"\n _debug3 \"_end\" \"$_end\"\n if [ \"$_end\" ]; then\n _end_n=$(echo \"$_end\" | cut -d : -f 1)\n _debug3 \"_end_n\" \"$_end_n\"\n _seg_n=$(echo \"$_left\" | sed -n \"1,${_end_n}p\")\n else\n _seg_n=\"$_left\"\n fi\n\n _debug3 \"_seg_n\" \"$_seg_n\"\n _lineini=\"$(echo \"$_seg_n\" | grep \"^ *$_key *= *\")\"\n _inivalue=\"$(printf \"%b\" \"$(eval \"echo $_lineini | sed \\\"s/^ *${_key} *= *//g\\\"\")\")\"\n _debug2 _inivalue \"$_inivalue\"\n echo \"$_inivalue\"\n\n}\n"
},
{
"path": "dnsapi/dns_omglol.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_omglol_info='omg.lol\nSite: omg.lol\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_omglol\nOptions:\n OMG_ApiKey - API Key. This is accessible from the bottom of the account page at https://home.omg.lol/account\n OMG_Address - Address. This is your omg.lol address, without the preceding @ - you can see your list on your dashboard at https://home.omg.lol/dashboard\nIssues: github.com/acmesh-official/acme.sh/issues/5299\nAuthor: @Kholin \n'\n\n# See API Docs https://api.omg.lol/\n\n######## Public functions #####################\n\n#Usage: dns_myapi_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_omglol_add() {\n fulldomain=$1\n txtvalue=$2\n OMG_ApiKey=\"${OMG_ApiKey:-$(_readaccountconf_mutable OMG_ApiKey)}\"\n OMG_Address=\"${OMG_Address:-$(_readaccountconf_mutable OMG_Address)}\"\n\n # As omg.lol includes a leading @ for their addresses, pre-strip this before save\n OMG_Address=\"$(echo \"$OMG_Address\" | tr -d '@')\"\n\n _saveaccountconf_mutable OMG_ApiKey \"$OMG_ApiKey\"\n _saveaccountconf_mutable OMG_Address \"$OMG_Address\"\n\n _info \"Using omg.lol.\"\n _debug \"Function\" \"dns_omglol_add()\"\n _debug \"Full Domain Name\" \"$fulldomain\"\n _debug \"txt Record Value\" \"$txtvalue\"\n _secure_debug \"omg.lol API key\" \"$OMG_ApiKey\"\n _debug \"omg.lol Address\" \"$OMG_Address\"\n\n omg_validate \"$OMG_ApiKey\" \"$OMG_Address\" \"$fulldomain\"\n if [ 1 = $? ]; then\n return 1\n fi\n\n dnsName=$(_getDnsRecordName \"$fulldomain\" \"$OMG_Address\")\n authHeader=\"$(_createAuthHeader \"$OMG_ApiKey\")\"\n\n _debug2 \"dns_omglol_add(): Address\" \"$dnsName\"\n\n omg_add \"$OMG_Address\" \"$authHeader\" \"$dnsName\" \"$txtvalue\"\n\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_omglol_rm() {\n fulldomain=$1\n txtvalue=$2\n OMG_ApiKey=\"${OMG_ApiKey:-$(_readaccountconf_mutable OMG_ApiKey)}\"\n OMG_Address=\"${OMG_Address:-$(_readaccountconf_mutable OMG_Address)}\"\n\n # As omg.lol includes a leading @ for their addresses, strip this in case provided\n OMG_Address=\"$(echo \"$OMG_Address\" | tr -d '@')\"\n\n _info \"Using omg.lol\"\n _debug \"Function\" \"dns_omglol_rm()\"\n _debug \"Full Domain Name\" \"$fulldomain\"\n _debug \"txt Record Value\" \"$txtvalue\"\n _secure_debug \"omg.lol API key\" \"$OMG_ApiKey\"\n _debug \"omg.lol Address\" \"$OMG_Address\"\n\n omg_validate \"$OMG_ApiKey\" \"$OMG_Address\" \"$fulldomain\"\n if [ 1 = $? ]; then\n return 1\n fi\n\n dnsName=$(_getDnsRecordName \"$fulldomain\" \"$OMG_Address\")\n authHeader=\"$(_createAuthHeader \"$OMG_ApiKey\")\"\n\n omg_delete \"$OMG_Address\" \"$authHeader\" \"$dnsName\" \"$txtvalue\"\n}\n\n#################### Private functions below ##################################\n# Check that the minimum requirements are present. Close ungracefully if not\nomg_validate() {\n omg_apikey=$1\n omg_address=$2\n fulldomain=$3\n\n _debug2 \"Function\" \"dns_validate()\"\n _secure_debug2 \"omg.lol API key\" \"$omg_apikey\"\n _debug2 \"omg.lol Address\" \"$omg_address\"\n _debug2 \"Full Domain Name\" \"$fulldomain\"\n\n if [ \"\" = \"$omg_address\" ]; then\n _err \"omg.lol base address not provided. Exiting\"\n return 1\n fi\n\n if [ \"\" = \"$omg_apikey\" ]; then\n _err \"omg.lol API key not provided. Exiting\"\n return 1\n fi\n\n _endswith \"$fulldomain\" \"omg.lol\"\n if [ 1 = $? ]; then\n _err \"Domain name requested is not under omg.lol\"\n return 1\n fi\n\n _endswith \"$fulldomain\" \"$omg_address.omg.lol\"\n if [ 1 = $? ]; then\n _err \"Domain name is not a subdomain of provided omg.lol address $omg_address\"\n return 1\n fi\n\n omg_testconnect \"$omg_apikey\" \"$omg_address\"\n if [ 1 = $? ]; then\n _err \"Authentication to omg.lol for address $omg_address using provided API key failed\"\n return 1\n fi\n\n _debug \"Required environment parameters are all present and validated\"\n}\n\n# Validate that the address and API key are both correct and associated to each other\nomg_testconnect() {\n omg_apikey=$1\n omg_address=$2\n\n _debug2 \"Function\" \"omg_testconnect\"\n _secure_debug2 \"omg.lol API key\" \"$omg_apikey\"\n _debug2 \"omg.lol Address\" \"$omg_address\"\n\n authheader=\"$(_createAuthHeader \"$omg_apikey\")\"\n export _H1=\"$authheader\"\n endpoint=\"https://api.omg.lol/address/$omg_address/info\"\n _debug2 \"Endpoint for validation\" \"$endpoint\"\n\n response=$(_get \"$endpoint\" \"\" 30)\n\n _jsonResponseCheck \"$response\" \"status_code\" 200\n if [ 1 = $? ]; then\n _debug2 \"Failed to query omg.lol for $omg_address with provided API key\"\n _secure_debug2 \"API Key\" \"omg_apikey\"\n _secure_debug3 \"Raw response\" \"$response\"\n return 1\n fi\n}\n\n# Add (or modify) an entry for a new ACME query\nomg_add() {\n address=$1\n authHeader=$2\n dnsName=$3\n txtvalue=$4\n\n _info \"Creating DNS entry for $dnsName\"\n _debug2 \"omg_add()\"\n _debug2 \"omg.lol Address: \" \"$address\"\n _secure_debug2 \"omg.lol authorization header: \" \"$authHeader\"\n _debug2 \"Full Domain name:\" \"$dnsName.$address.omg.lol\"\n _debug2 \"TXT value to set:\" \"$txtvalue\"\n\n export _H1=\"$authHeader\"\n\n endpoint=\"https://api.omg.lol/address/$address/dns\"\n _debug2 \"Endpoint\" \"$endpoint\"\n\n payload='{\"type\": \"TXT\", \"name\":\"'\"$dnsName\"'\", \"data\":\"'\"$txtvalue\"'\", \"ttl\":30}'\n _debug2 \"Payload\" \"$payload\"\n\n response=$(_post \"$payload\" \"$endpoint\" \"\" \"POST\" \"application/json\")\n\n omg_validate_add \"$response\" \"$dnsName.$address\" \"$txtvalue\"\n}\n\nomg_validate_add() {\n response=$1\n name=$2\n content=$3\n\n _debug \"Validating DNS record addition\"\n _debug2 \"omg_validate_add()\"\n _debug2 \"Response\" \"$response\"\n _debug2 \"DNS Name\" \"$name\"\n _debug2 \"DNS value\" \"$content\"\n\n _jsonResponseCheck \"$response\" \"success\" \"true\"\n if [ \"1\" = \"$?\" ]; then\n _err \"Response did not report success\"\n return 1\n fi\n\n _jsonResponseCheck \"$response\" \"message\" \"Your DNS record was created successfully.\"\n if [ \"1\" = \"$?\" ]; then\n _err \"Response message did not indicate DNS record was successfully created\"\n return 1\n fi\n\n _jsonResponseCheck \"$response\" \"name\" \"$name\"\n if [ \"1\" = \"$?\" ]; then\n _err \"Response DNS Name did not match the response received\"\n return 1\n fi\n\n _jsonResponseCheck \"$response\" \"content\" \"$content\"\n if [ \"1\" = \"$?\" ]; then\n _err \"Response DNS Name did not match the response received\"\n return 1\n fi\n\n _info \"Record Created successfully\"\n return 0\n}\n\nomg_getRecords() {\n address=$1\n authHeader=$2\n dnsName=$3\n txtValue=$4\n\n _debug2 \"omg_getRecords()\"\n _debug2 \"omg.lol Address: \" \"$address\"\n _secure_debug2 \"omg.lol Auth Header: \" \"$authHeader\"\n _debug2 \"omg.lol DNS name:\" \"$dnsName\"\n _debug2 \"txt Value\" \"$txtValue\"\n\n export _H1=\"$authHeader\"\n\n endpoint=\"https://api.omg.lol/address/$address/dns\"\n _debug2 \"Endpoint\" \"$endpoint\"\n\n payload=$(_get \"$endpoint\")\n\n _debug2 \"Received Payload:\" \"$payload\"\n\n # Reformat the JSON to be more parseable\n recordID=$(echo \"$payload\" | _stripWhitespace)\n recordID=$(echo \"$recordID\" | _exposeJsonArray)\n\n # Now find the one with the right value, and caputre its ID\n recordID=$(echo \"$recordID\" | grep -- \"$txtValue\" | grep -i -- \"$dnsName.$address\")\n _getJsonElement \"$recordID\" \"id\"\n}\n\nomg_delete() {\n address=$1\n authHeader=$2\n dnsName=$3\n txtValue=$4\n\n _info \"Deleting DNS entry for $dnsName with value $txtValue\"\n _debug2 \"omg_delete()\"\n _debug2 \"omg.lol Address: \" \"$address\"\n _secure_debug2 \"omg.lol Auth Header: \" \"$authHeader\"\n _debug2 \"Full Domain name:\" \"$dnsName.$address.omg.lol\"\n _debug2 \"txt Value\" \"$txtValue\"\n\n record=$(omg_getRecords \"$address\" \"$authHeader\" \"$dnsName\" \"$txtvalue\")\n if [ \"\" = \"$record\" ]; then\n _err \"DNS record $address not found!\"\n return 1\n fi\n\n endpoint=\"https://api.omg.lol/address/$address/dns/$record\"\n _debug2 \"Endpoint\" \"$endpoint\"\n\n export _H1=\"$authHeader\"\n output=$(_post \"\" \"$endpoint\" \"\" \"DELETE\")\n\n _debug2 \"Response\" \"$output\"\n\n omg_validate_delete \"$output\"\n}\n\n# Validate the response on request to delete.\n# Confirm status is success and message indicates deletion was successful.\n# Input: Response - HTTP response received from delete request\nomg_validate_delete() {\n response=$1\n\n _info \"Validating DNS record deletion\"\n _debug2 \"omg_validate_delete()\"\n _debug2 \"Response\" \"$response\"\n\n _jsonResponseCheck \"$output\" \"success\" \"true\"\n if [ \"1\" = \"$?\" ]; then\n _err \"Response did not report success\"\n return 1\n fi\n\n _jsonResponseCheck \"$output\" \"message\" \"OK, your DNS record has been deleted.\"\n if [ \"1\" = \"$?\" ]; then\n _err \"Response message did not indicate DNS record was successfully deleted\"\n return 1\n fi\n\n _info \"Record deleted successfully\"\n return 0\n}\n\n########## Utility Functions #####################################\n# All utility functions only log at debug3\n_jsonResponseCheck() {\n response=$1\n field=$2\n correct=$3\n\n correct=$(echo \"$correct\" | _lower_case)\n\n _debug3 \"jsonResponseCheck()\"\n _debug3 \"Response to parse\" \"$response\"\n _debug3 \"Field to get response from\" \"$field\"\n _debug3 \"What is the correct response\" \"$correct\"\n\n responseValue=$(_jsonGetLastResponse \"$response\" \"$field\")\n\n if [ \"$responseValue\" != \"$correct\" ]; then\n _debug3 \"Expected: $correct\"\n _debug3 \"Actual: $responseValue\"\n return 1\n else\n _debug3 \"Matched: $responseValue\"\n fi\n return 0\n}\n\n_jsonGetLastResponse() {\n response=$1\n field=$2\n\n _debug3 \"jsonGetLastResponse()\"\n _debug3 \"Response provided\" \"$response\"\n _debug3 \"Field to get responses for\" \"$field\"\n\n responseValue=$(echo \"$response\" | grep -- \"\\\"$field\\\"\" | cut -f2 -d\":\")\n\n _debug3 \"Response lines found:\" \"$responseValue\"\n\n responseValue=$(echo \"$responseValue\" | sed 's/^ //g' | sed 's/^\"//g' | sed 's/\\\\\"//g')\n responseValue=$(echo \"$responseValue\" | sed 's/,$//g' | sed 's/\"$//g')\n responseValue=$(echo \"$responseValue\" | _lower_case)\n\n _debug3 \"Responses found\" \"$responseValue\"\n _debug3 \"Response Selected\" \"$(echo \"$responseValue\" | tail -1)\"\n\n echo \"$responseValue\" | tail -1\n}\n\n_stripWhitespace() {\n tr -d '\\n' | tr -d '\\r' | tr -d '\\t' | sed -r 's/ +/ /g' | sed 's/\\\\\"//g'\n}\n\n_exposeJsonArray() {\n sed -r 's/.*\\[//g' | tr '}' '|' | tr '{' '|' | sed 's/|, |/|/g' | tr '|' '\\n'\n}\n\n_getJsonElement() {\n content=$1\n field=$2\n\n _debug3 \"_getJsonElement()\"\n _debug3 \"Input JSON element\" \"$content\"\n _debug3 \"JSON element to isolate\" \"$field\"\n\n # With a single JSON entry to parse, convert commas to newlines puts each element on\n # its own line - which then allows us to just grep teh name, remove the key, and\n # isolate the value\n output=$(echo \"$content\" | tr ',' '\\n' | grep -- \"\\\"$field\\\":\" | sed 's/.*: //g')\n\n _debug3 \"String before unquoting: $output\"\n\n _unquoteString \"$output\"\n}\n\n_createAuthHeader() {\n apikey=$1\n\n _debug3 \"_createAuthHeader()\"\n _secure_debug3 \"Provided API Key\" \"$apikey\"\n\n authheader=\"Authorization: Bearer $apikey\"\n _secure_debug3 \"Authorization Header\" \"$authheader\"\n echo \"$authheader\"\n}\n\n_getDnsRecordName() {\n fqdn=$1\n address=$2\n\n _debug3 \"_getDnsRecordName()\"\n _debug3 \"FQDN\" \"$fqdn\"\n _debug3 \"omg.lol Address\" \"$address\"\n\n echo \"$fqdn\" | sed 's/\\.omg\\.lol//g' | sed 's/\\.'\"$address\"'$//g'\n}\n\n_unquoteString() {\n output=$1\n quotes=0\n\n _debug3 \"_unquoteString()\"\n _debug3 \"Possibly quoted string\" \"$output\"\n\n _startswith \"$output\" \"\\\"\"\n if [ $? ]; then\n quotes=$((quotes + 1))\n fi\n\n _endswith \"$output\" \"\\\"\"\n if [ $? ]; then\n quotes=$((quotes + 1))\n fi\n\n _debug3 \"Original String: $output\"\n _debug3 \"Quotes found: $quotes\"\n\n if [ $((quotes)) -gt 1 ]; then\n output=$(echo \"$output\" | sed 's/^\"//g' | sed 's/\"$//g')\n _debug3 \"Quotes removed: $output\"\n fi\n\n echo \"$output\"\n}\n"
},
{
"path": "dnsapi/dns_one.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_one_info='one.com\nSite: one.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_one\nOptions:\n ONECOM_User Username\n ONECOM_Password Password\nIssues: github.com/acmesh-official/acme.sh/issues/2103\n'\n\ndns_one_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _dns_one_login; then\n _err \"login failed\"\n return 1\n fi\n\n _debug \"detect the root domain\"\n if ! _get_root \"$fulldomain\"; then\n _err \"root domain not found\"\n return 1\n fi\n\n subdomain=\"${_sub_domain}\"\n maindomain=${_domain}\n\n _debug subdomain \"$subdomain\"\n _debug maindomain \"$maindomain\"\n\n #Check if the TXT exists\n _dns_one_getrecord \"TXT\" \"$subdomain\" \"$txtvalue\"\n if [ -n \"$id\" ]; then\n _info \"$(__green \"Txt record with the same value found. Skip adding.\")\"\n return 0\n fi\n\n _dns_one_addrecord \"TXT\" \"$subdomain\" \"$txtvalue\"\n if [ -z \"$id\" ]; then\n _err \"Add TXT record error.\"\n return 1\n else\n _info \"$(__green \"Added, OK ($id)\")\"\n return 0\n fi\n}\n\ndns_one_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _dns_one_login; then\n _err \"login failed\"\n return 1\n fi\n\n _debug \"detect the root domain\"\n if ! _get_root \"$fulldomain\"; then\n _err \"root domain not found\"\n return 1\n fi\n\n subdomain=\"${_sub_domain}\"\n maindomain=${_domain}\n\n _debug subdomain \"$subdomain\"\n _debug maindomain \"$maindomain\"\n\n #Check if the TXT exists\n _dns_one_getrecord \"TXT\" \"$subdomain\" \"$txtvalue\"\n if [ -z \"$id\" ]; then\n _err \"Txt record not found.\"\n return 1\n fi\n\n # delete entry\n if _dns_one_delrecord \"$id\"; then\n _info \"$(__green Removed, OK)\"\n return 0\n else\n _err \"Removing txt record error.\"\n return 1\n fi\n}\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=\"$1\"\n i=1\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n response=\"$(_get \"https://www.one.com/admin/api/domains/$h/dns/custom_records\")\"\n\n if ! _contains \"$response\" \"CRMRST_000302\"; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n _err \"Unable to parse this domain\"\n return 1\n}\n\n_dns_one_login() {\n\n # get credentials\n ONECOM_User=\"${ONECOM_User:-$(_readaccountconf_mutable ONECOM_User)}\"\n ONECOM_Password=\"${ONECOM_Password:-$(_readaccountconf_mutable ONECOM_Password)}\"\n if [ -z \"$ONECOM_User\" ] || [ -z \"$ONECOM_Password\" ]; then\n ONECOM_User=\"\"\n ONECOM_Password=\"\"\n _err \"You didn't specify a one.com username and password yet.\"\n _err \"Please create the key and try again.\"\n return 1\n fi\n\n #save the api key and email to the account conf file.\n _saveaccountconf_mutable ONECOM_User \"$ONECOM_User\"\n _saveaccountconf_mutable ONECOM_Password \"$ONECOM_Password\"\n\n # Login with user and password\n postdata=\"loginDomain=true\"\n postdata=\"$postdata&displayUsername=$ONECOM_User\"\n postdata=\"$postdata&username=$ONECOM_User\"\n postdata=\"$postdata&targetDomain=\"\n postdata=\"$postdata&password1=$ONECOM_Password\"\n postdata=\"$postdata&loginTarget=\"\n #_debug postdata \"$postdata\"\n\n response=\"$(_post \"$postdata\" \"https://www.one.com/admin/login.do\" \"\" \"POST\" \"application/x-www-form-urlencoded\")\"\n #_debug response \"$response\"\n\n # Get SessionID\n JSESSIONID=\"$(grep \"OneSIDCrmAdmin\" \"$HTTP_HEADER\" | grep \"^[Ss]et-[Cc]ookie:\" | _head_n 1 | _egrep_o 'OneSIDCrmAdmin=[^;]*;' | tr -d ';')\"\n _debug jsessionid \"$JSESSIONID\"\n\n if [ -z \"$JSESSIONID\" ]; then\n _err \"error sessionid cookie not found\"\n return 1\n fi\n\n export _H1=\"Cookie: ${JSESSIONID}\"\n\n return 0\n}\n\n_dns_one_getrecord() {\n type=\"$1\"\n name=\"$2\"\n value=\"$3\"\n if [ -z \"$type\" ]; then\n type=\"TXT\"\n fi\n if [ -z \"$name\" ]; then\n _err \"Record name is empty.\"\n return 1\n fi\n\n response=\"$(_get \"https://www.one.com/admin/api/domains/$maindomain/dns/custom_records\")\"\n response=\"$(echo \"$response\" | _normalizeJson)\"\n _debug response \"$response\"\n\n if [ -z \"${value}\" ]; then\n id=$(printf -- \"%s\" \"$response\" | sed -n \"s/.*{\\\"type\\\":\\\"dns_custom_records\\\",\\\"id\\\":\\\"\\([^\\\"]*\\)\\\",\\\"attributes\\\":{\\\"prefix\\\":\\\"${name}\\\",\\\"type\\\":\\\"${type}\\\",\\\"content\\\":\\\"[^\\\"]*\\\",\\\"priority\\\":0,\\\"ttl\\\":600}.*/\\1/p\")\n response=$(printf -- \"%s\" \"$response\" | sed -n \"s/.*{\\\"type\\\":\\\"dns_custom_records\\\",\\\"id\\\":\\\"[^\\\"]*\\\",\\\"attributes\\\":{\\\"prefix\\\":\\\"${name}\\\",\\\"type\\\":\\\"${type}\\\",\\\"content\\\":\\\"\\([^\\\"]*\\)\\\",\\\"priority\\\":0,\\\"ttl\\\":600}.*/\\1/p\")\n else\n id=$(printf -- \"%s\" \"$response\" | sed -n \"s/.*{\\\"type\\\":\\\"dns_custom_records\\\",\\\"id\\\":\\\"\\([^\\\"]*\\)\\\",\\\"attributes\\\":{\\\"prefix\\\":\\\"${name}\\\",\\\"type\\\":\\\"${type}\\\",\\\"content\\\":\\\"${value}\\\",\\\"priority\\\":0,\\\"ttl\\\":600}.*/\\1/p\")\n fi\n if [ -z \"$id\" ]; then\n return 1\n fi\n return 0\n}\n\n_dns_one_addrecord() {\n type=\"$1\"\n name=\"$2\"\n value=\"$3\"\n if [ -z \"$type\" ]; then\n type=\"TXT\"\n fi\n if [ -z \"$name\" ]; then\n _err \"Record name is empty.\"\n return 1\n fi\n\n postdata=\"{\\\"type\\\":\\\"dns_custom_records\\\",\\\"attributes\\\":{\\\"priority\\\":0,\\\"ttl\\\":600,\\\"type\\\":\\\"${type}\\\",\\\"prefix\\\":\\\"${name}\\\",\\\"content\\\":\\\"${value}\\\"}}\"\n _debug postdata \"$postdata\"\n response=\"$(_post \"$postdata\" \"https://www.one.com/admin/api/domains/$maindomain/dns/custom_records\" \"\" \"POST\" \"application/json\")\"\n response=\"$(echo \"$response\" | _normalizeJson)\"\n _debug response \"$response\"\n\n id=$(echo \"$response\" | sed -n \"s/{\\\"result\\\":{\\\"data\\\":{\\\"type\\\":\\\"dns_custom_records\\\",\\\"id\\\":\\\"\\([^\\\"]*\\)\\\",\\\"attributes\\\":{\\\"prefix\\\":\\\"$subdomain\\\",\\\"type\\\":\\\"TXT\\\",\\\"content\\\":\\\"$txtvalue\\\",\\\"priority\\\":0,\\\"ttl\\\":600}}},\\\"metadata\\\":null}/\\1/p\")\n\n if [ -z \"$id\" ]; then\n return 1\n else\n return 0\n fi\n}\n\n_dns_one_delrecord() {\n id=\"$1\"\n if [ -z \"$id\" ]; then\n return 1\n fi\n\n response=\"$(_post \"\" \"https://www.one.com/admin/api/domains/$maindomain/dns/custom_records/$id\" \"\" \"DELETE\" \"application/json\")\"\n response=\"$(echo \"$response\" | _normalizeJson)\"\n _debug response \"$response\"\n\n if [ \"$response\" = '{\"result\":null,\"metadata\":null}' ]; then\n return 0\n else\n return 1\n fi\n}\n"
},
{
"path": "dnsapi/dns_online.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_online_info='online.net\nDomains: scaleway.com\nSite: online.net\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_online\nOptions:\n ONLINE_API_KEY API Key\nIssues: github.com/acmesh-official/acme.sh/issues/2093\n'\n\n# Online API\n# https://console.online.net/en/api/\n\n######## Public functions #####################\n\nONLINE_API=\"https://api.online.net/api/v1\"\n\n#Usage: add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_online_add() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _online_check_config; then\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug _real_dns_version \"$_real_dns_version\"\n\n _info \"Creating temporary zone version\"\n _online_create_temporary_zone_version\n _info \"Enabling temporary zone version\"\n _online_enable_zone \"$_temporary_dns_version\"\n\n _info \"Adding record\"\n _online_create_TXT_record \"$_real_dns_version\" \"$_sub_domain\" \"$txtvalue\"\n _info \"Disabling temporary version\"\n _online_enable_zone \"$_real_dns_version\"\n _info \"Destroying temporary version\"\n _online_destroy_zone \"$_temporary_dns_version\"\n\n _info \"Record added.\"\n return 0\n}\n\n#fulldomain\ndns_online_rm() {\n fulldomain=$1\n txtvalue=$2\n\n if ! _online_check_config; then\n return 1\n fi\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _sub_domain \"$_sub_domain\"\n _debug _domain \"$_domain\"\n _debug _real_dns_version \"$_real_dns_version\"\n\n _debug \"Getting txt records\"\n if ! _online_rest GET \"domain/$_domain/version/active\"; then\n return 1\n fi\n\n rid=$(echo \"$response\" | _egrep_o \"\\\"id\\\":[0-9]+,\\\"name\\\":\\\"$_sub_domain\\\",\\\"data\\\":\\\"\\\\\\u0022$txtvalue\\\\\\u0022\\\"\" | cut -d ':' -f 2 | cut -d ',' -f 1)\n _debug rid \"$rid\"\n if [ -z \"$rid\" ]; then\n return 1\n fi\n\n _info \"Creating temporary zone version\"\n _online_create_temporary_zone_version\n _info \"Enabling temporary zone version\"\n _online_enable_zone \"$_temporary_dns_version\"\n\n _info \"Removing DNS record\"\n _online_rest DELETE \"domain/$_domain/version/$_real_dns_version/zone/$rid\"\n _info \"Disabling temporary version\"\n _online_enable_zone \"$_real_dns_version\"\n _info \"Destroying temporary version\"\n _online_destroy_zone \"$_temporary_dns_version\"\n\n return 0\n}\n\n#################### Private functions below ##################################\n\n_online_check_config() {\n ONLINE_API_KEY=\"${ONLINE_API_KEY:-$(_readaccountconf_mutable ONLINE_API_KEY)}\"\n if [ -z \"$ONLINE_API_KEY\" ]; then\n _err \"No API key specified for Online API.\"\n _err \"Create your key and export it as ONLINE_API_KEY\"\n return 1\n fi\n if ! _online_rest GET \"domain/\"; then\n _err \"Invalid API key specified for Online API.\"\n return 1\n fi\n\n _saveaccountconf_mutable ONLINE_API_KEY \"$ONLINE_API_KEY\"\n\n return 0\n}\n\n#_acme-challenge.www.domain.com\n#returns\n# _sub_domain=_acme-challenge.www\n# _domain=domain.com\n_get_root() {\n domain=$1\n i=2\n p=1\n while true; do\n h=$(printf \"%s\" \"$domain\" | cut -d . -f \"$i\"-100)\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n _online_rest GET \"domain/$h/version/active\"\n\n if ! _contains \"$response\" \"Domain not found\" >/dev/null; then\n _sub_domain=$(printf \"%s\" \"$domain\" | cut -d . -f 1-\"$p\")\n _domain=\"$h\"\n _real_dns_version=$(echo \"$response\" | _egrep_o '\"uuid_ref\":.*' | cut -d ':' -f 2 | cut -d '\"' -f 2)\n return 0\n fi\n p=$i\n i=$(_math \"$i\" + 1)\n done\n _err \"Unable to retrive DNS zone matching this domain\"\n return 1\n}\n\n# this function create a temporary zone version\n# as online.net does not allow updating an active version\n_online_create_temporary_zone_version() {\n\n _online_rest POST \"domain/$_domain/version\" \"name=acme.sh\"\n if [ \"$?\" != \"0\" ]; then\n return 1\n fi\n\n _temporary_dns_version=$(echo \"$response\" | _egrep_o '\"uuid_ref\":.*' | cut -d ':' -f 2 | cut -d '\"' -f 2)\n\n # Creating a dummy record in this temporary version, because online.net doesn't accept enabling an empty version\n _online_create_TXT_record \"$_temporary_dns_version\" \"dummy.acme.sh\" \"dummy\"\n\n return 0\n}\n\n_online_destroy_zone() {\n version_id=$1\n _online_rest DELETE \"domain/$_domain/version/$version_id\"\n\n if [ \"$?\" != \"0\" ]; then\n return 1\n fi\n return 0\n}\n\n_online_enable_zone() {\n version_id=$1\n _online_rest PATCH \"domain/$_domain/version/$version_id/enable\"\n\n if [ \"$?\" != \"0\" ]; then\n return 1\n fi\n return 0\n}\n\n_online_create_TXT_record() {\n version=$1\n txt_name=$2\n txt_value=$3\n\n _online_rest POST \"domain/$_domain/version/$version/zone\" \"type=TXT&name=$txt_name&data=%22$txt_value%22&ttl=60&priority=0\"\n\n # Note : the normal, expected response SHOULD be \"Unknown method\".\n # this happens because the API HTTP response contains a Location: header, that redirect\n # to an unknown online.net endpoint.\n if [ \"$?\" != \"0\" ] || _contains \"$response\" \"Unknown method\" || _contains \"$response\" \"\\$ref\"; then\n return 0\n else\n _err \"error $response\"\n return 1\n fi\n}\n\n_online_rest() {\n m=$1\n ep=\"$2\"\n data=\"$3\"\n _debug \"$ep\"\n _online_url=\"$ONLINE_API/$ep\"\n _debug2 _online_url \"$_online_url\"\n export _H1=\"Authorization: Bearer $ONLINE_API_KEY\"\n export _H2=\"X-Pretty-JSON: 1\"\n if [ \"$data\" ] || [ \"$m\" != \"GET\" ]; then\n _debug data \"$data\"\n response=\"$(_post \"$data\" \"$_online_url\" \"\" \"$m\")\"\n else\n response=\"$(_get \"$_online_url\")\"\n fi\n if [ \"$?\" != \"0\" ] || _contains \"$response\" \"invalid_grant\" || _contains \"$response\" \"Method not allowed\"; then\n _err \"error $response\"\n return 1\n fi\n _debug2 response \"$response\"\n return 0\n}\n"
},
{
"path": "dnsapi/dns_openprovider.sh",
"content": "#!/usr/bin/env sh\n# shellcheck disable=SC2034\ndns_openprovider_info='OpenProvider.eu\nSite: OpenProvider.eu\nDomains: OpenProvider.com\nDocs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_openprovider\nOptions:\n OPENPROVIDER_USER Username\n OPENPROVIDER_PASSWORDHASH Password hash\nIssues: github.com/acmesh-official/acme.sh/issues/2104\nAuthor: Sylvia van Os\n'\n\nOPENPROVIDER_API=\"https://api.openprovider.eu/\"\n#OPENPROVIDER_API=\"https://api.cte.openprovider.eu/\" # Test API\n\n######## Public functions #####################\n\n#Usage: dns_openprovider_add _acme-challenge.www.domain.com \"XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs\"\ndns_openprovider_add() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n OPENPROVIDER_USER=\"${OPENPROVIDER_USER:-$(_readaccountconf_mutable OPENPROVIDER_USER)}\"\n OPENPROVIDER_PASSWORDHASH=\"${OPENPROVIDER_PASSWORDHASH:-$(_readaccountconf_mutable OPENPROVIDER_PASSWORDHASH)}\"\n\n if [ -z \"$OPENPROVIDER_USER\" ] || [ -z \"$OPENPROVIDER_PASSWORDHASH\" ]; then\n _err \"You didn't specify the openprovider user and/or password hash.\"\n return 1\n fi\n\n # save the username and password to the account conf file.\n _saveaccountconf_mutable OPENPROVIDER_USER \"$OPENPROVIDER_USER\"\n _saveaccountconf_mutable OPENPROVIDER_PASSWORDHASH \"$OPENPROVIDER_PASSWORDHASH\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _domain_name \"$_domain_name\"\n _debug _domain_extension \"$_domain_extension\"\n\n _debug \"Getting current records\"\n existing_items=\"\"\n results_retrieved=0\n while true; do\n _openprovider_request \"$(printf '%s.%s%s' \"$_domain_name\" \"$_domain_extension\" \"$results_retrieved\")\"\n\n items=\"$response\"\n while true; do\n item=\"$(echo \"$items\" | _egrep_o '.*<\\/openXML>' | sed -n 's/.*\\(- .*<\\/item>\\).*/\\1/p')\"\n _debug existing_items \"$existing_items\"\n _debug results_retrieved \"$results_retrieved\"\n _debug item \"$item\"\n\n if [ -z \"$item\" ]; then\n break\n fi\n\n tmpitem=\"$(echo \"$item\" | sed 's/\\*/\\\\*/g')\"\n items=\"$(echo \"$items\" | sed \"s|${tmpitem}||\")\"\n\n results_retrieved=\"$(_math \"$results_retrieved\" + 1)\"\n new_item=\"$(echo \"$item\" | sed -n 's/.*
- .*\\(\\(.*\\)\\.'\"$_domain_name\"'\\.'\"$_domain_extension\"'<\\/name>.*\\(.*<\\/type>\\).*\\(.*<\\/value>\\).*\\(.*<\\/prio>\\).*\\(.*<\\/ttl>\\)\\).*<\\/item>.*/
- \\2<\\/name>\\3\\4\\5\\6<\\/item>/p')\"\n if [ -z \"$new_item\" ]; then\n # Domain apex\n new_item=\"$(echo \"$item\" | sed -n 's/.*
- .*\\(\\(.*\\)'\"$_domain_name\"'\\.'\"$_domain_extension\"'<\\/name>.*\\(.*<\\/type>\\).*\\(.*<\\/value>\\).*\\(.*<\\/prio>\\).*\\(.*<\\/ttl>\\)\\).*<\\/item>.*/
- \\2<\\/name>\\3\\4\\5\\6<\\/item>/p')\"\n fi\n\n if [ -z \"$(echo \"$new_item\" | _egrep_o \".*(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA)<\\/type>.*\")\" ]; then\n _debug \"not an allowed record type, skipping\" \"$new_item\"\n continue\n fi\n\n existing_items=\"$existing_items$new_item\"\n done\n\n total=\"$(echo \"$response\" | _egrep_o '.*?<\\/total>' | sed -n 's/.*\\(.*\\)<\\/total>.*/\\1/p')\"\n\n _debug total \"$total\"\n if [ \"$results_retrieved\" -eq \"$total\" ]; then\n break\n fi\n done\n\n _debug \"Creating acme record\"\n acme_record=\"$(echo \"$fulldomain\" | sed -e \"s/.$_domain_name.$_domain_extension$//\")\"\n _openprovider_request \"$(printf '%s%smaster%s
- %sTXT%s600
' \"$_domain_name\" \"$_domain_extension\" \"$existing_items\" \"$acme_record\" \"$txtvalue\")\"\n\n return 0\n}\n\n#Usage: fulldomain txtvalue\n#Remove the txt record after validation.\ndns_openprovider_rm() {\n fulldomain=\"$1\"\n txtvalue=\"$2\"\n\n OPENPROVIDER_USER=\"${OPENPROVIDER_USER:-$(_readaccountconf_mutable OPENPROVIDER_USER)}\"\n OPENPROVIDER_PASSWORDHASH=\"${OPENPROVIDER_PASSWORDHASH:-$(_readaccountconf_mutable OPENPROVIDER_PASSWORDHASH)}\"\n\n if [ -z \"$OPENPROVIDER_USER\" ] || [ -z \"$OPENPROVIDER_PASSWORDHASH\" ]; then\n _err \"You didn't specify the openprovider user and/or password hash.\"\n return 1\n fi\n\n # save the username and password to the account conf file.\n _saveaccountconf_mutable OPENPROVIDER_USER \"$OPENPROVIDER_USER\"\n _saveaccountconf_mutable OPENPROVIDER_PASSWORDHASH \"$OPENPROVIDER_PASSWORDHASH\"\n\n _debug \"First detect the root zone\"\n if ! _get_root \"$fulldomain\"; then\n _err \"invalid domain\"\n return 1\n fi\n\n _debug _domain_name \"$_domain_name\"\n _debug _domain_extension \"$_domain_extension\"\n\n _debug \"Getting current records\"\n existing_items=\"\"\n results_retrieved=0\n while true; do\n _openprovider_request \"$(printf '%s.%s%s' \"$_domain_name\" \"$_domain_extension\" \"$results_retrieved\")\"\n\n # Remove acme records from items\n items=\"$response\"\n while true; do\n item=\"$(echo \"$items\" | _egrep_o '.*<\\/openXML>' | sed -n 's/.*\\(- .*<\\/item>\\).*/\\1/p')\"\n _debug existing_items \"$existing_items\"\n _debug results_retrieved \"$results_retrieved\"\n _debug item \"$item\"\n\n if [ -z \"$item\" ]; then\n break\n fi\n\n tmpitem=\"$(echo \"$item\" | sed 's/\\*/\\\\*/g')\"\n items=\"$(echo \"$items\" | sed \"s|${tmpitem}||\")\"\n\n results_retrieved=\"$(_math \"$results_retrieved\" + 1)\"\n if ! echo \"$item\" | grep -v \"$fulldomain\"; then\n _debug \"acme record, skipping\" \"$item\"\n continue\n fi\n\n new_item=\"$(echo \"$item\" | sed -n 's/.*
- .*\\(\\(.*\\)\\.'\"$_domain_name\"'\\.'\"$_domain_extension\"'<\\/name>.*\\(.*<\\/type>\\).*\\(.*<\\/value>\\).*\\(.*<\\/prio>\\).*\\(.*<\\/ttl>\\)\\).*<\\/item>.*/
- \\2<\\/name>\\3\\4\\5\\6<\\/item>/p')\"\n\n if [ -z \"$new_item\" ]; then\n # domain apex\n new_item=\"$(echo \"$item\" | sed -n 's/.*
- .*\\(\\(.*\\)'\"$_domain_name\"'\\.'\"$_domain_extension\"'<\\/name>.*\\(.*<\\/type>\\).*\\(.*<\\/value>\\).*\\(.*<\\/prio>\\).*\\(.*<\\/ttl>\\)\\).*<\\/item>.*/
- \\2<\\/name>\\3\\4\\5\\6<\\/item>/p')\"\n fi\n\n if [ -z \"$(echo \"$new_item\" | _egrep_o \".*(A|AAAA|CNAME|MX|SPF|SRV|TXT|TLSA|SSHFP|CAA)<\\/type>.*\")\" ]; then\n _debug \"not an allowed record type, skipping\" \"$new_item\"\n continue\n fi\n\n existing_items=\"$existing_items$new_item\"\n done\n\n total=\"$(echo \"$response\" | _egrep_o '.*?<\\/total>' | sed -n 's/.*\\(.*\\)<\\/total>.*/\\1/p')\"\n\n _debug total \"$total\"\n\n if [ \"$results_retrieved\" -eq \"$total\" ]; then\n break\n fi\n done\n\n _debug \"Removing acme record\"\n _openprovider_request \"$(printf '%s%smaster%s' \"$_domain_name\" \"$_domain_extension\" \"$existing_items\")\"\n\n return 0\n}\n\n#################### Private functions below ##################################\n#_acme-challenge.www.domain.com\n#returns\n# _domain_name=domain\n# _domain_extension=com\n_get_root() {\n domain=$1\n i=2\n\n results_retrieved=0\n while true; do\n h=$(echo \"$domain\" | cut -d . -f \"$i\"-100)\n _debug h \"$h\"\n if [ -z \"$h\" ]; then\n #not valid\n return 1\n fi\n\n _openprovider_request \"$(printf '%s%s' \"$(echo \"$h\" | cut -d . -f 1)\" \"$results_retrieved\")\"\n\n items=\"$response\"\n while true; do\n item=\"$(echo \"$items\" | _egrep_o '.*<\\/openXML>' | sed -n 's/.*\\(.*<\\/domain>\\).*/\\1/p')\"\n _debug existing_items \"$existing_items\"\n _debug results_retrieved \"$results_retrieved\"\n _debug item \"$item\"\n\n if [ -z \"$item\" ]; then\n break\n fi\n\n tmpitem=\"$(echo \"$item\" | sed 's/\\*/\\\\*/g')\"\n items=\"$(echo \"$items\" | sed \"s|${tmpitem}||\")\"\n\n results_retrieved=\"$(_math \"$results_retrieved\" + 1)\"\n\n _domain_name=\"$(echo \"$item\" | sed -n 's/.*.*\\(.*\\)<\\/name>.*<\\/domain>.*/\\1/p')\"\n _domain_extension=\"$(echo \"$item\" | sed -n 's/.*.*
|
![\"FreeBSD\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg\"){kind=icon}
\n ![\"OpenBSD\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg\"){kind=icon}
\n ![\"NetBSD\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg\"){kind=icon}
\n ![\"MacOS\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg\"){kind=icon}
\n ![\"Ubuntu\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg\"){kind=icon}
\n ![\"Windows\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg\"){kind=icon}
\n ![\"Solaris\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg\"){kind=icon}
\n ![\"DragonFlyBSD\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg\"){kind=icon}
\n ![\"Omnios\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg\"){kind=icon}
\n ![\"OpenIndiana\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/OpenIndiana.yml/badge.svg\"){kind=icon}
\n ![\"Haiku\"](\"https://github.com/acmesh-official/acme.sh/actions/workflows/Haiku.yml/badge.svg\"){kind=icon}
\n![\"Shellcheck\"](\"https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg\"){kind=icon}
\n ![\"PebbleStrict\"](\"https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg\"){kind=icon}
\n ![\"DockerHub\"](\"https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg\"){kind=icon}
\n![\"Financial](\"https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors\"){kind=icon}
\n ![\"Join](\"https://badges.gitter.im/acme-sh/Lobby.svg\")
\n ![\"Docker](\"https://img.shields.io/docker/stars/neilpang/acme.sh.svg\")
\n ![\"Docker](\"https://img.shields.io/docker/pulls/neilpang/acme.sh.svg\")
\n![](\"https://opencollective.com/acmesh/contributors.svg?width=890&button=false\")
\n\n### 💰 Financial Contributors\n\nBecome a financial contributor and help us sustain our community. [[Contribute](https://opencollective.com/acmesh/contribute)]\n\n#### 👤 Individuals\n\n![](\"https://opencollective.com/acmesh/individuals.svg?width=890\")
\n\n#### 🏢 Organizations\n\nSupport this project with your organization. Your logo will show up here with a link to your website. [[Contribute](https://opencollective.com/acmesh/contribute)]\n\n![](\"https://opencollective.com/acmesh/organization/0/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/1/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/2/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/3/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/4/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/5/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/6/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/7/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/8/avatar.svg\"){kind=avatar}
\n![](\"https://opencollective.com/acmesh/organization/9/avatar.svg\"){kind=avatar}
\n\n---\n\n### 1️⃣9️⃣ License & Others\n\n📄 **License:** GPLv3\n\n⭐ Please **Star** and **Fork** this project!\n\n🐛 [Issues](https://github.com/acmesh-official/acme.sh/issues) and 🔀 [Pull Requests](https://github.com/acmesh-official/acme.sh/pulls) are welcome.\n\n---\n\n### 2️⃣0️⃣ Donate\n\n> 💝 Your donation makes **acme.sh** better!\n\n| Method | Link |\n|--------|------|\n| PayPal / Alipay(支付宝) / Wechat(微信) | [https://donate.acme.sh/](https://donate.acme.sh/) |\n\n📜 [Donate List](https://github.com/acmesh-official/acme.sh/wiki/Donate-list)\n\n---\n\n### 2️⃣1️⃣ About This Repository\n\n> [!NOTE]\n> This repository is officially maintained by ZeroSSL as part of our commitment to providing secure and reliable SSL/TLS solutions. We welcome contributions and feedback from the community! \n> For more information about our services, including free and paid SSL/TLS certificates, visit https://zerossl.com.\n> \n> All donations made through this repository go directly to the original independent maintainer (Neil Pang), not to ZeroSSL.\n![\"ZeroSSL\"](\"https://zerossl.com/assets/images/zerossl_logo.svg\"){kind=logo}
\n\t\t