4 #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
6 #CF_Email="xxxx@sss.com"
12 CF_Api
="https://api.cloudflare.com/client/v4"
14 ######## Public functions #####################
16 #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
21 CF_Token
="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
22 CF_Account_ID
="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
23 CF_Zone_ID
="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
24 CF_Key
="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
25 CF_Email
="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
27 if [ "$CF_Token" ]; then
28 if [ "$CF_Zone_ID" ]; then
29 _savedomainconf CF_Token
"$CF_Token"
30 _savedomainconf CF_Account_ID
"$CF_Account_ID"
31 _savedomainconf CF_Zone_ID
"$CF_Zone_ID"
33 _saveaccountconf_mutable CF_Token
"$CF_Token"
34 _saveaccountconf_mutable CF_Account_ID
"$CF_Account_ID"
35 _clearaccountconf_mutable CF_Zone_ID
36 _clearaccountconf CF_Zone_ID
39 if [ -z "$CF_Key" ] ||
[ -z "$CF_Email" ]; then
42 _err
"You didn't specify a Cloudflare api key and email yet."
43 _err
"You can get yours from here https://dash.cloudflare.com/profile."
47 if ! _contains
"$CF_Email" "@"; then
48 _err
"It seems that the CF_Email=$CF_Email is not a valid email address."
49 _err
"Please check and retry."
52 #save the api key and email to the account conf file.
53 _saveaccountconf_mutable CF_Key
"$CF_Key"
54 _saveaccountconf_mutable CF_Email
"$CF_Email"
56 _clearaccountconf_mutable CF_Token
57 _clearaccountconf_mutable CF_Account_ID
58 _clearaccountconf_mutable CF_Zone_ID
59 _clearaccountconf CF_Token
60 _clearaccountconf CF_Account_ID
61 _clearaccountconf CF_Zone_ID
65 _debug
"First detect the root zone"
66 if ! _get_root
"$fulldomain"; then
70 _debug _domain_id
"$_domain_id"
71 _debug _sub_domain
"$_sub_domain"
72 _debug _domain
"$_domain"
74 _debug
"Getting txt records"
75 _cf_rest GET
"zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
77 if ! echo "$response" |
tr -d " " |
grep \"success
\":true
>/dev
/null
; then
82 # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
83 # we can not use updating anymore.
84 # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
85 # _debug count "$count"
86 # if [ "$count" = "0" ]; then
88 if _cf_rest POST
"zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
89 if _contains
"$response" "$txtvalue"; then
92 elif _contains
"$response" "The record already exists"; then
93 _info
"Already exists, OK"
96 _err
"Add txt record error."
100 _err
"Add txt record error."
110 CF_Token
="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
111 CF_Account_ID
="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
112 CF_Zone_ID
="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
113 CF_Key
="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
114 CF_Email
="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
116 _debug
"First detect the root zone"
117 if ! _get_root
"$fulldomain"; then
118 _err
"invalid domain"
121 _debug _domain_id
"$_domain_id"
122 _debug _sub_domain
"$_sub_domain"
123 _debug _domain
"$_domain"
125 _debug
"Getting txt records"
126 _cf_rest GET
"zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
128 if ! echo "$response" |
tr -d " " |
grep \"success
\":true
>/dev
/null
; then
129 _err
"Error: $response"
133 count
=$
(echo "$response" | _egrep_o
"\"count\": *[^,]*" | cut
-d : -f 2 |
tr -d " ")
134 _debug count
"$count"
135 if [ "$count" = "0" ]; then
136 _info
"Don't need to remove."
138 record_id
=$
(echo "$response" | _egrep_o
"\"id\": *\"[^\"]*\"" | cut
-d : -f 2 |
tr -d \" | _head_n
1 |
tr -d " ")
139 _debug
"record_id" "$record_id"
140 if [ -z "$record_id" ]; then
141 _err
"Can not get record id to remove."
144 if ! _cf_rest DELETE
"zones/$_domain_id/dns_records/$record_id"; then
145 _err
"Delete record error."
148 echo "$response" |
tr -d " " |
grep \"success
\":true
>/dev
/null
153 #################### Private functions below ##################################
154 #_acme-challenge.www.domain.com
156 # _sub_domain=_acme-challenge.www
158 # _domain_id=sdjkglgdfewsdfg
164 # Use Zone ID directly if provided
165 if [ "$CF_Zone_ID" ]; then
166 if ! _cf_rest GET
"zones/$CF_Zone_ID"; then
169 if echo "$response" |
tr -d " " |
grep \"success
\":true
>/dev
/null
; then
170 _domain
=$
(echo "$response" | _egrep_o
"\"name\": *\"[^\"]*\"" | cut
-d : -f 2 |
tr -d \" | _head_n
1 |
tr -d " ")
171 if [ "$_domain" ]; then
172 _cutlength
=$
((${#domain} - ${#_domain} - 1))
173 _sub_domain
=$
(printf "%s" "$domain" | cut
-c "1-$_cutlength")
174 _domain_id
=$CF_Zone_ID
186 h
=$
(printf "%s" "$domain" | cut
-d .
-f $i-100)
193 if [ "$CF_Account_ID" ]; then
194 if ! _cf_rest GET
"zones?name=$h&account.id=$CF_Account_ID"; then
198 if ! _cf_rest GET
"zones?name=$h"; then
203 if _contains
"$response" "\"name\":\"$h\"" || _contains
"$response" '"total_count":1'; then
204 _domain_id
=$
(echo "$response" | _egrep_o
"\[.\"id\": *\"[^\"]*\"" | _head_n
1 | cut
-d : -f 2 |
tr -d \" |
tr -d " ")
205 if [ "$_domain_id" ]; then
206 _sub_domain
=$
(printf "%s" "$domain" | cut
-d .
-f 1-$p)
224 email_trimmed
=$
(echo "$CF_Email" |
tr -d '"')
225 key_trimmed
=$
(echo "$CF_Key" |
tr -d '"')
226 token_trimmed
=$
(echo "$CF_Token" |
tr -d '"')
228 export _H1
="Content-Type: application/json"
229 if [ "$token_trimmed" ]; then
230 export _H2
="Authorization: Bearer $token_trimmed"
232 export _H2
="X-Auth-Email: $email_trimmed"
233 export _H3
="X-Auth-Key: $key_trimmed"
236 if [ "$m" != "GET" ]; then
238 response
="$(_post "$data" "$CF_Api/$ep" "" "$m")"
240 response
="$(_get "$CF_Api/$ep")"
243 if [ "$?" != "0" ]; then
247 _debug2 response
"$response"