[mirror_acme.sh.git] / dnsapi / dns_acmeproxy.sh

#!/usr/bin/env sh

## Acmeproxy DNS provider to be used with acmeproxy (https://github.com/mdbraber/acmeproxy)
## API integration by Maarten den Braber
##
## Report any bugs via https://github.com/mdbraber/acme.sh

dns_acmeproxy_add() {
  fulldomain="${1}"
  txtvalue="${2}"
  action="present"

  _debug "Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'"
  _acmeproxy_request "$fulldomain" "$txtvalue" "$action"
}

dns_acmeproxy_rm() {
  fulldomain="${1}"
  txtvalue="${2}"
  action="cleanup"

  _debug "Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'"
  _acmeproxy_request "$fulldomain" "$txtvalue" "$action"
}

_acmeproxy_request() {

  ## Nothing to see here, just some housekeeping
  fulldomain=$1
  txtvalue=$2
  action=$3

  _info "Using acmeproxy"
  _debug fulldomain "$fulldomain"
  _debug txtvalue "$txtvalue"

  ACMEPROXY_ENDPOINT="${ACMEPROXY_ENDPOINT:-$(_readaccountconf_mutable ACMEPROXY_ENDPOINT)}"
  ACMEPROXY_USERNAME="${ACMEPROXY_USERNAME:-$(_readaccountconf_mutable ACMEPROXY_USERNAME)}"
  ACMEPROXY_PASSWORD="${ACMEPROXY_PASSWORD:-$(_readaccountconf_mutable ACMEPROXY_PASSWORD)}"

  ## Check for the endpoint
  if [ -z "$ACMEPROXY_ENDPOINT" ]; then
    ACMEPROXY_ENDPOINT=""
    _err "You didn't specify the endpoint"
    _err "Please set them via 'export ACMEPROXY_ENDPOINT=https://ip:port' and try again."
    return 1
  fi

  ## Save the credentials to the account file
  _saveaccountconf_mutable ACMEPROXY_ENDPOINT "$ACMEPROXY_ENDPOINT"
  _saveaccountconf_mutable ACMEPROXY_USERNAME "$ACMEPROXY_USERNAME"
  _saveaccountconf_mutable ACMEPROXY_PASSWORD "$ACMEPROXY_PASSWORD"

  if [ -z "$ACMEPROXY_USERNAME" ] || [ -z "$ACMEPROXY_PASSWORD" ]; then
    _info "ACMEPROXY_USERNAME and/or ACMEPROXY_PASSWORD not set - using without client authentication! Make sure you're using server authentication (e.g. IP-based)"
    export _H1="Accept: application/json"
    export _H2="Content-Type: application/json"
  else
    ## Base64 encode the credentials
    credentials=$(printf "%b" "$ACMEPROXY_USERNAME:$ACMEPROXY_PASSWORD" | _base64)

    ## Construct the HTTP Authorization header
    export _H1="Authorization: Basic $credentials"
    export _H2="Accept: application/json"
    export _H3="Content-Type: application/json"
  fi

  ## Add the challenge record to the acmeproxy grid member
  response="$(_post "{\"fqdn\": \"$fulldomain.\", \"value\": \"$txtvalue\"}" "$ACMEPROXY_ENDPOINT/$action" "" "POST")"

  ## Let's see if we get something intelligible back from the unit
  if echo "$response" | grep "\"$txtvalue\"" >/dev/null; then
    _info "Successfully updated the txt record"
    return 0
  else
    _err "Error encountered during record addition"
    _err "$response"
    return 1
  fi

}

####################  Private functions below ##################################
Commit	Line	Data
b8f4fa35 MB	1	#!/usr/bin/env sh
b8f4fa35 MB	2
3c933158	3	## Acmeproxy DNS provider to be used with acmeproxy (https://github.com/mdbraber/acmeproxy)
68142c98	4	## API integration by Maarten den Braber
b8f4fa35	5	##
68142c98	6	## Report any bugs via https://github.com/mdbraber/acme.sh
b8f4fa35 MB	7
	8	dns_acmeproxy_add() {
	9	fulldomain="${1}"
	10	txtvalue="${2}"
	11	action="present"
	12
	13	_debug "Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'"
585ef998	14	_acmeproxy_request "$fulldomain" "$txtvalue" "$action"
b8f4fa35 MB	15	}
	16
	17	dns_acmeproxy_rm() {
	18	fulldomain="${1}"
	19	txtvalue="${2}"
	20	action="cleanup"
	21
	22	_debug "Calling: _acmeproxy_request() '${fulldomain}' '${txtvalue}' '${action}'"
585ef998	23	_acmeproxy_request "$fulldomain" "$txtvalue" "$action"
b8f4fa35 MB	24	}
	25
	26	_acmeproxy_request() {
	27
	28	## Nothing to see here, just some housekeeping
	29	fulldomain=$1
	30	txtvalue=$2
	31	action=$3
	32
	33	_info "Using acmeproxy"
	34	_debug fulldomain "$fulldomain"
	35	_debug txtvalue "$txtvalue"
	36
	37	ACMEPROXY_ENDPOINT="${ACMEPROXY_ENDPOINT:-$(_readaccountconf_mutable ACMEPROXY_ENDPOINT)}"
	38	ACMEPROXY_USERNAME="${ACMEPROXY_USERNAME:-$(_readaccountconf_mutable ACMEPROXY_USERNAME)}"
	39	ACMEPROXY_PASSWORD="${ACMEPROXY_PASSWORD:-$(_readaccountconf_mutable ACMEPROXY_PASSWORD)}"
	40
	41	## Check for the endpoint
585ef998	42	if [ -z "$ACMEPROXY_ENDPOINT" ]; then
b8f4fa35 MB	43	ACMEPROXY_ENDPOINT=""
	44	_err "You didn't specify the endpoint"
	45	_err "Please set them via 'export ACMEPROXY_ENDPOINT=https://ip:port' and try again."
	46	return 1
	47	fi
	48
b8f4fa35 MB	49	## Save the credentials to the account file
	50	_saveaccountconf_mutable ACMEPROXY_ENDPOINT "$ACMEPROXY_ENDPOINT"
	51	_saveaccountconf_mutable ACMEPROXY_USERNAME "$ACMEPROXY_USERNAME"
	52	_saveaccountconf_mutable ACMEPROXY_PASSWORD "$ACMEPROXY_PASSWORD"
	53
5e165819 MB	54	if [ -z "$ACMEPROXY_USERNAME" ] \|\| [ -z "$ACMEPROXY_PASSWORD" ]; then
	55	_info "ACMEPROXY_USERNAME and/or ACMEPROXY_PASSWORD not set - using without client authentication! Make sure you're using server authentication (e.g. IP-based)"
	56	export _H1="Accept: application/json"
	57	export _H2="Content-Type: application/json"
	58	else
	59	## Base64 encode the credentials
	60	credentials=$(printf "%b" "$ACMEPROXY_USERNAME:$ACMEPROXY_PASSWORD" \| _base64)
b8f4fa35	61
5e165819 MB	62	## Construct the HTTP Authorization header
	63	export _H1="Authorization: Basic $credentials"
	64	export _H2="Accept: application/json"
	65	export _H3="Content-Type: application/json"
	66	fi
b8f4fa35 MB	67
	68	## Add the challenge record to the acmeproxy grid member
	69	response="$(_post "{\"fqdn\": \"$fulldomain.\", \"value\": \"$txtvalue\"}" "$ACMEPROXY_ENDPOINT/$action" "" "POST")"
	70
	71	## Let's see if we get something intelligible back from the unit
585ef998	72	if echo "$response" \| grep "\"$txtvalue\"" >/dev/null; then
c297aff9	73	_info "Successfully updated the txt record"
b8f4fa35 MB	74	return 0
	75	else
	76	_err "Error encountered during record addition"
	77	_err "$response"
	78	return 1
	79	fi
	80
	81	}
	82
	83	#################### Private functions below ##################################