]> git.proxmox.com Git - mirror_acme.sh.git/blob - deploy/cpanel_uapi.sh
projects / mirror_acme.sh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Updated comment to reflect the change to function
[mirror_acme.sh.git] / deploy / cpanel_uapi.sh
1 #!/usr/bin/env sh
2 # Here is the script to deploy the cert to your cpanel using the cpanel API.
3 # Uses command line uapi. --user option is needed only if run as root.
4 # Returns 0 when success.
5 #
6 # Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic
7 # detection of deployment targets through UAPI (if not set, defaults below are used.)
8 # - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode.
9 # - NOMATCH : 'true' to allow deployment to sites that do not match the certificate.
10 # - INCLUDE : Comma-separated list - sites must match this field.
11 # - EXCLUDE : Comma-separated list - sites must NOT match this field.
12 # INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*'
13 #
14 # Please note that I am no longer using Github. If you want to report an issue
15 # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
16 #
17 # Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
18 # Public domain, 2017-2018
19 #
20 # export DEPLOY_CPANEL_USER=myusername
21 # export DEPLOY_CPANEL_AUTO_ENABLED='true'
22 # export DEPLOY_CPANEL_AUTO_NOMATCH='false'
23 # export DEPLOY_CPANEL_AUTO_INCLUDE='*'
24 # export DEPLOY_CPANEL_AUTO_EXCLUDE=''
25
26 ######## Public functions #####################
27
28 #domain keyfile certfile cafile fullchain
29 cpanel_uapi_deploy() {
30 _cdomain="$1"
31 _ckey="$2"
32 _ccert="$3"
33 _cca="$4"
34 _cfullchain="$5"
35
36 # re-declare vars inherited from acme.sh but not passed to make ShellCheck happy
37 : "${Le_Alt:=""}"
38
39 _debug _cdomain "$_cdomain"
40 _debug _ckey "$_ckey"
41 _debug _ccert "$_ccert"
42 _debug _cca "$_cca"
43 _debug _cfullchain "$_cfullchain"
44
45 if ! _exists uapi; then
46 _err "The command uapi is not found."
47 return 1
48 fi
49
50 # declare useful constants
51 uapi_error_response='status: 0'
52
53 # read cert and key files and urlencode both
54 _cert=$(_url_encode <"$_ccert")
55 _key=$(_url_encode <"$_ckey")
56
57 _debug2 _cert "$_cert"
58 _debug2 _key "$_key"
59
60 if [ "$(id -u)" = 0 ]; then
61 _getdeployconf DEPLOY_CPANEL_USER
62 # fallback to _readdomainconf for old installs
63 if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then
64 _err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
65 return 1
66 fi
67 _debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
68 _savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
69
70 _uapi_user="$DEPLOY_CPANEL_USER"
71 fi
72
73 # Load all AUTO envars and set defaults - see above for usage
74 __cpanel_initautoparam ENABLED 'true'
75 __cpanel_initautoparam NOMATCH 'false'
76 __cpanel_initautoparam INCLUDE '*'
77 __cpanel_initautoparam EXCLUDE ''
78
79 # Auto mode
80 if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then
81 # call API for site config
82 _response=$(uapi DomainInfo list_domains)
83 # exit if error in response
84 if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
85 _err "Error in deploying certificate - cannot retrieve sitelist:"
86 _err "\n$_response"
87 return 1
88 fi
89
90 # parse response to create site list
91 sitelist=$(__cpanel_parse_response "$_response")
92 _debug "UAPI sites found: $sitelist"
93
94 # filter sitelist using configured domains
95 # skip if NOMATCH is "true"
96 if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then
97 _debug "DEPLOY_CPANEL_AUTO_NOMATCH is true"
98 _info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate"
99 else
100 _debug "DEPLOY_CPANEL_AUTO_NOMATCH is false"
101 d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")"
102 d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')"
103 sitelist="$(echo "$sitelist" | grep -ix "$d")"
104 _debug2 "Matched UAPI sites: $sitelist"
105 fi
106
107 # filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE
108 _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE"
109 sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
110 _debug2 "Remaining sites: $sitelist"
111
112 # filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE
113 _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE"
114 sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
115 _debug2 "Remaining sites: $sitelist"
116
117 # counter for success / failure check
118 successes=0
119 if [ -n "$sitelist" ]; then
120 sitetotal="$(echo "$sitelist" | wc -l)"
121 _debug "$sitetotal sites to deploy"
122 else
123 sitetotal=0
124 _debug "No sites to deploy"
125 fi
126
127 # for each site: call uapi to publish cert and log result. Only return failure if all fail
128 for site in $sitelist; do
129 # call uapi to publish cert, check response for errors and log them.
130 if [ -n "$_uapi_user" ]; then
131 _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key")
132 else
133 _response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key")
134 fi
135 if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
136 _err "Error in deploying certificate to $site:"
137 _err "$_response"
138 else
139 successes=$((successes + 1))
140 _debug "$_response"
141 _info "Succcessfully deployed to $site"
142 fi
143 done
144
145 # Raise error if all updates fail
146 if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then
147 _err "Could not deploy to any of $sitetotal sites via UAPI"
148 _debug "successes: $successes, sitetotal: $sitetotal"
149 return 1
150 fi
151
152 _info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI"
153 return 0
154 else
155 # "classic" mode - will only try to deploy to the primary domain; will not check UAPI first
156 if [ -n "$_uapi_user" ]; then
157 _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
158 else
159 _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
160 fi
161
162 if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
163 _err "Error in deploying certificate:"
164 _err "$_response"
165 return 1
166 fi
167
168 _debug response "$_response"
169 _info "Certificate successfully deployed"
170 return 0
171 fi
172 }
173
174 ######## Private functions #####################
175
176 # Internal utility to process YML from UAPI - only looks at main_domain, sub_domains and addon domains
177 #[response]
178 __cpanel_parse_response() {
179 if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi
180
181 echo "$resp" |
182 sed -En \
183 -e 's/\r$//' \
184 -e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \
185 -e 's/^( *)- (.*)/\1,-,\2/p' |
186 awk -F, '{
187 level = length($1)/2;
188 section[level] = $2;
189 for (i in section) {if (i > level) {delete section[i]}}
190 if (length($3) > 0) {
191 prefix="";
192 for (i=0; i < level; i++)
193 { prefix = (prefix)(section[i])("/") }
194 printf("%s%s=%s\n", prefix, $2, $3);
195 }
196 }' |
197 sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-|addon_domains\/-)=(.*)$/\2/p'
198 }
199
200 # Load parameter by prefix+name - fallback to default if not set, and save to config
201 #pname pdefault
202 __cpanel_initautoparam() {
203 pname="$1"
204 pdefault="$2"
205 pkey="DEPLOY_CPANEL_AUTO_$pname"
206
207 _getdeployconf "$pkey"
208 [ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\""
209 _debug2 "$pkey" "$(eval echo "\"\$$pkey\"")"
210 _savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")"
211 }
acme.sh DNS challenge mirror