]>
Commit | Line | Data |
---|---|---|
79664715 | 1 | #!/usr/bin/env sh |
6c3430b6 | 2 | # Here is the script to deploy the cert to your cpanel using the cpanel API. |
a577c721 | 3 | # Uses command line uapi. --user option is needed only if run as root. |
79664715 | 4 | # Returns 0 when success. |
d987d61e | 5 | # |
b44ba0d2 DT |
6 | # Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic |
7 | # detection of deployment targets through UAPI (if not set, defaults below are used.) | |
8 | # - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode. | |
9 | # - NOMATCH : 'true' to allow deployment to sites that do not match the certificate. | |
10 | # - INCLUDE : Comma-separated list - sites must match this field. | |
11 | # - EXCLUDE : Comma-separated list - sites must NOT match this field. | |
12 | # INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*' | |
13 | # | |
d987d61e SK |
14 | # Please note that I am no longer using Github. If you want to report an issue |
15 | # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/ | |
16 | # | |
17 | # Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com> | |
18 | # Public domain, 2017-2018 | |
b44ba0d2 DT |
19 | # |
20 | # export DEPLOY_CPANEL_USER=myusername | |
21 | # export DEPLOY_CPANEL_AUTO_ENABLED='true' | |
22 | # export DEPLOY_CPANEL_AUTO_NOMATCH='false' | |
23 | # export DEPLOY_CPANEL_AUTO_INCLUDE='*' | |
24 | # export DEPLOY_CPANEL_AUTO_EXCLUDE='' | |
04e0f87c | 25 | |
26 | ######## Public functions ##################### | |
27 | ||
28 | #domain keyfile certfile cafile fullchain | |
48e9006c | 29 | cpanel_uapi_deploy() { |
04e0f87c | 30 | _cdomain="$1" |
31 | _ckey="$2" | |
32 | _ccert="$3" | |
33 | _cca="$4" | |
34 | _cfullchain="$5" | |
35 | ||
b44ba0d2 DT |
36 | # re-declare vars inherited from acme.sh but not passed to make ShellCheck happy |
37 | : "${Le_Alt:=""}" | |
38 | ||
04e0f87c | 39 | _debug _cdomain "$_cdomain" |
40 | _debug _ckey "$_ckey" | |
41 | _debug _ccert "$_ccert" | |
42 | _debug _cca "$_cca" | |
43 | _debug _cfullchain "$_cfullchain" | |
44 | ||
48e9006c | 45 | if ! _exists uapi; then |
46 | _err "The command uapi is not found." | |
47 | return 1 | |
48 | fi | |
b44ba0d2 DT |
49 | |
50 | # declare useful constants | |
51 | uapi_error_response='status: 0' | |
52 | ||
6c3430b6 | 53 | # read cert and key files and urlencode both |
9c545059 | 54 | _cert=$(_url_encode <"$_ccert") |
55 | _key=$(_url_encode <"$_ckey") | |
6c3430b6 | 56 | |
b44ba0d2 DT |
57 | _debug2 _cert "$_cert" |
58 | _debug2 _key "$_key" | |
6c3430b6 | 59 | |
79664715 | 60 | if [ "$(id -u)" = 0 ]; then |
b44ba0d2 DT |
61 | _getdeployconf DEPLOY_CPANEL_USER |
62 | # fallback to _readdomainconf for old installs | |
63 | if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then | |
48e9006c | 64 | _err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username" |
a2d6daae | 65 | return 1 |
48e9006c | 66 | fi |
b44ba0d2 DT |
67 | _debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" |
68 | _savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" | |
69 | ||
70 | _uapi_user="$DEPLOY_CPANEL_USER" | |
79664715 | 71 | fi |
b44ba0d2 DT |
72 | |
73 | # Load all AUTO envars and set defaults - see above for usage | |
74 | __cpanel_initautoparam ENABLED 'true' | |
75 | __cpanel_initautoparam NOMATCH 'false' | |
76 | __cpanel_initautoparam INCLUDE '*' | |
77 | __cpanel_initautoparam EXCLUDE '' | |
78 | ||
79 | # Auto mode | |
80 | if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then | |
81 | # call API for site config | |
82 | _response=$(uapi DomainInfo list_domains) | |
83 | # exit if error in response | |
84 | if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then | |
85 | _err "Error in deploying certificate - cannot retrieve sitelist:" | |
86 | _err "\n$_response" | |
87 | return 1 | |
88 | fi | |
89 | ||
90 | # parse response to create site list | |
91 | sitelist=$(__cpanel_parse_response "$_response") | |
92 | _debug "UAPI sites found: $sitelist" | |
93 | ||
94 | # filter sitelist using configured domains | |
95 | # skip if NOMATCH is "true" | |
96 | if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then | |
97 | _debug "DEPLOY_CPANEL_AUTO_NOMATCH is true" | |
98 | _info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate" | |
99 | else | |
100 | _debug "DEPLOY_CPANEL_AUTO_NOMATCH is false" | |
101 | d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")" | |
102 | d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')" | |
103 | sitelist="$(echo "$sitelist" | grep -ix "$d")" | |
104 | _debug2 "Matched UAPI sites: $sitelist" | |
105 | fi | |
106 | ||
107 | # filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE | |
108 | _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE" | |
109 | sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")" | |
110 | _debug2 "Remaining sites: $sitelist" | |
111 | ||
112 | # filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE | |
113 | _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE" | |
114 | sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")" | |
115 | _debug2 "Remaining sites: $sitelist" | |
116 | ||
117 | # counter for success / failure check | |
118 | successes=0 | |
119 | if [ -n "$sitelist" ]; then | |
120 | sitetotal="$(echo "$sitelist" | wc -l)" | |
121 | _debug "$sitetotal sites to deploy" | |
122 | else | |
123 | sitetotal=0 | |
124 | _debug "No sites to deploy" | |
125 | fi | |
126 | ||
127 | # for each site: call uapi to publish cert and log result. Only return failure if all fail | |
128 | for site in $sitelist; do | |
129 | # call uapi to publish cert, check response for errors and log them. | |
130 | if [ -n "$_uapi_user" ]; then | |
131 | _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key") | |
132 | else | |
133 | _response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key") | |
134 | fi | |
135 | if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then | |
136 | _err "Error in deploying certificate to $site:" | |
137 | _err "$_response" | |
138 | else | |
139 | successes=$((successes + 1)) | |
140 | _debug "$_response" | |
141 | _info "Succcessfully deployed to $site" | |
142 | fi | |
143 | done | |
144 | ||
145 | # Raise error if all updates fail | |
146 | if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then | |
147 | _err "Could not deploy to any of $sitetotal sites via UAPI" | |
148 | _debug "successes: $successes, sitetotal: $sitetotal" | |
149 | return 1 | |
150 | fi | |
151 | ||
152 | _info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI" | |
153 | return 0 | |
154 | else | |
155 | # "classic" mode - will only try to deploy to the primary domain; will not check UAPI first | |
156 | if [ -n "$_uapi_user" ]; then | |
157 | _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") | |
158 | else | |
159 | _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") | |
160 | fi | |
161 | ||
162 | if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then | |
163 | _err "Error in deploying certificate:" | |
164 | _err "$_response" | |
165 | return 1 | |
166 | fi | |
167 | ||
168 | _debug response "$_response" | |
169 | _info "Certificate successfully deployed" | |
170 | return 0 | |
6c3430b6 | 171 | fi |
b44ba0d2 DT |
172 | } |
173 | ||
174 | ######## Private functions ##################### | |
175 | ||
e02f07d3 | 176 | # Internal utility to process YML from UAPI - looks at main_domain, sub_domains, addon domains and parked domains |
b44ba0d2 DT |
177 | #[response] |
178 | __cpanel_parse_response() { | |
179 | if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi | |
180 | ||
181 | echo "$resp" | | |
182 | sed -En \ | |
183 | -e 's/\r$//' \ | |
184 | -e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \ | |
185 | -e 's/^( *)- (.*)/\1,-,\2/p' | | |
186 | awk -F, '{ | |
187 | level = length($1)/2; | |
188 | section[level] = $2; | |
189 | for (i in section) {if (i > level) {delete section[i]}} | |
190 | if (length($3) > 0) { | |
191 | prefix=""; | |
192 | for (i=0; i < level; i++) | |
193 | { prefix = (prefix)(section[i])("/") } | |
194 | printf("%s%s=%s\n", prefix, $2, $3); | |
195 | } | |
196 | }' | | |
e02f07d3 | 197 | sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-|addon_domains\/-|parked_domains\/-)=(.*)$/\2/p' |
b44ba0d2 DT |
198 | } |
199 | ||
200 | # Load parameter by prefix+name - fallback to default if not set, and save to config | |
201 | #pname pdefault | |
202 | __cpanel_initautoparam() { | |
203 | pname="$1" | |
204 | pdefault="$2" | |
205 | pkey="DEPLOY_CPANEL_AUTO_$pname" | |
04e0f87c | 206 | |
b44ba0d2 DT |
207 | _getdeployconf "$pkey" |
208 | [ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\"" | |
209 | _debug2 "$pkey" "$(eval echo "\"\$$pkey\"")" | |
210 | _savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")" | |
04e0f87c | 211 | } |