2 # Here is the script to deploy the cert to your cpanel using the cpanel API.
3 # Uses command line uapi. --user option is needed only if run as root.
4 # Returns 0 when success.
6 # Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic
7 # detection of deployment targets through UAPI (if not set, defaults below are used.)
8 # - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode.
9 # - NOMATCH : 'true' to allow deployment to sites that do not match the certificate.
10 # - INCLUDE : Comma-separated list - sites must match this field.
11 # - EXCLUDE : Comma-separated list - sites must NOT match this field.
12 # INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*'
14 # Please note that I am no longer using Github. If you want to report an issue
15 # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
17 # Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
18 # Public domain, 2017-2018
20 # export DEPLOY_CPANEL_USER=myusername
21 # export DEPLOY_CPANEL_AUTO_ENABLED='true'
22 # export DEPLOY_CPANEL_AUTO_NOMATCH='false'
23 # export DEPLOY_CPANEL_AUTO_INCLUDE='*'
24 # export DEPLOY_CPANEL_AUTO_EXCLUDE=''
26 ######## Public functions #####################
28 #domain keyfile certfile cafile fullchain
29 cpanel_uapi_deploy
() {
36 # re-declare vars inherited from acme.sh but not passed to make ShellCheck happy
39 _debug _cdomain
"$_cdomain"
41 _debug _ccert
"$_ccert"
43 _debug _cfullchain
"$_cfullchain"
45 if ! _exists uapi
; then
46 _err
"The command uapi is not found."
50 # declare useful constants
51 uapi_error_response
='status: 0'
53 # read cert and key files and urlencode both
54 _cert
=$
(_url_encode
<"$_ccert")
55 _key
=$
(_url_encode
<"$_ckey")
57 _debug2 _cert
"$_cert"
60 if [ "$(id -u)" = 0 ]; then
61 _getdeployconf DEPLOY_CPANEL_USER
62 # fallback to _readdomainconf for old installs
63 if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then
64 _err
"It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
67 _debug DEPLOY_CPANEL_USER
"$DEPLOY_CPANEL_USER"
68 _savedeployconf DEPLOY_CPANEL_USER
"$DEPLOY_CPANEL_USER"
70 _uapi_user
="$DEPLOY_CPANEL_USER"
73 # Load all AUTO envars and set defaults - see above for usage
74 __cpanel_initautoparam ENABLED
'true'
75 __cpanel_initautoparam NOMATCH
'false'
76 __cpanel_initautoparam INCLUDE
'*'
77 __cpanel_initautoparam EXCLUDE
''
80 if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then
81 # call API for site config
82 _response
=$
(uapi DomainInfo list_domains
)
83 # exit if error in response
84 if [ -z "$_response" ] ||
[ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
85 _err
"Error in deploying certificate - cannot retrieve sitelist:"
90 # parse response to create site list
91 sitelist
=$
(__cpanel_parse_response
"$_response")
92 _debug
"UAPI sites found: $sitelist"
94 # filter sitelist using configured domains
95 # skip if NOMATCH is "true"
96 if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then
97 _debug
"DEPLOY_CPANEL_AUTO_NOMATCH is true"
98 _info
"UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate"
100 _debug
"DEPLOY_CPANEL_AUTO_NOMATCH is false"
101 d
="$(echo "${Le_Alt}," | sed -e "s
/^
$_cdomain,//" -e "s
/,$_cdomain,/,/")"
102 d
="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')"
103 sitelist
="$(echo "$sitelist" | grep -ix "$d")"
104 _debug2
"Matched UAPI sites: $sitelist"
107 # filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE
108 _info
"Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE"
109 sitelist
="$(echo "$sitelist" | grep -ix "$
(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" |
tr ',' '\n' |
sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
110 _debug2
"Remaining sites: $sitelist"
112 # filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE
113 _info
"Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE"
114 sitelist
="$(echo "$sitelist" | grep -vix "$
(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" |
tr ',' '\n' |
sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
115 _debug2
"Remaining sites: $sitelist"
117 # counter for success / failure check
119 if [ -n "$sitelist" ]; then
120 sitetotal
="$(echo "$sitelist" | wc -l)"
121 _debug
"$sitetotal sites to deploy"
124 _debug
"No sites to deploy"
127 # for each site: call uapi to publish cert and log result. Only return failure if all fail
128 for site
in $sitelist; do
129 # call uapi to publish cert, check response for errors and log them.
130 if [ -n "$_uapi_user" ]; then
131 _response
=$
(uapi
--user="$_uapi_user" SSL install_ssl domain
="$site" cert
="$_cert" key
="$_key")
133 _response
=$
(uapi SSL install_ssl domain
="$site" cert
="$_cert" key
="$_key")
135 if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
136 _err
"Error in deploying certificate to $site:"
139 successes
=$
((successes
+ 1))
141 _info
"Succcessfully deployed to $site"
145 # Raise error if all updates fail
146 if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then
147 _err
"Could not deploy to any of $sitetotal sites via UAPI"
148 _debug
"successes: $successes, sitetotal: $sitetotal"
152 _info
"Successfully deployed certificate to $successes of $sitetotal sites via UAPI"
155 # "classic" mode - will only try to deploy to the primary domain; will not check UAPI first
156 if [ -n "$_uapi_user" ]; then
157 _response
=$
(uapi
--user="$_uapi_user" SSL install_ssl domain
="$_cdomain" cert
="$_cert" key
="$_key")
159 _response
=$
(uapi SSL install_ssl domain
="$_cdomain" cert
="$_cert" key
="$_key")
162 if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
163 _err
"Error in deploying certificate:"
168 _debug response
"$_response"
169 _info
"Certificate successfully deployed"
174 ######## Private functions #####################
176 # Internal utility to process YML from UAPI - only looks at main_domain, sub_domains and addon domains
178 __cpanel_parse_response
() {
179 if [ $# -gt 0 ]; then resp
="$*"; else resp
="$(cat)"; fi
184 -e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \
185 -e 's/^( *)- (.*)/\1,-,\2/p' |
187 level = length($1)/2;
189 for (i in section) {if (i > level) {delete section[i]}}
190 if (length($3) > 0) {
192 for (i=0; i < level; i++)
193 { prefix = (prefix)(section[i])("/") }
194 printf("%s%s=%s\n", prefix, $2, $3);
197 sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-|addon_domains\/-)=(.*)$/\2/p'
200 # Load parameter by prefix+name - fallback to default if not set, and save to config
202 __cpanel_initautoparam
() {
205 pkey
="DEPLOY_CPANEL_AUTO_$pname"
207 _getdeployconf
"$pkey"
208 [ -n "$(eval echo "\"\$
$pkey\"")" ] ||
eval "$pkey=\"$pdefault\""
209 _debug2
"$pkey" "$(eval echo "\"\$
$pkey\"")"
210 _savedeployconf
"$pkey" "$(eval echo "\"\$
$pkey\"")"