]> git.proxmox.com Git - mirror_acme.sh.git/blob - dnsapi/dns_cf.sh
projects / mirror_acme.sh.git / blob
? search:


cd93189f6bd10df3616fa70a5c16d6322a341295
[mirror_acme.sh.git] / dnsapi / dns_cf.sh
1 #!/usr/bin/env sh
2
3 #
4 #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
5 #
6 #CF_Email="xxxx@sss.com"
7
8 CF_Api="https://api.cloudflare.com/client/v4"
9
10 ######## Public functions #####################
11
12 #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
13 dns_cf_add() {
14 fulldomain=$1
15 txtvalue=$2
16
17 CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
18 CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
19 if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
20 CF_Key=""
21 CF_Email=""
22 _err "You didn't specify a Cloudflare api key and email yet."
23 _err "You can get yours from here https://dash.cloudflare.com/profile."
24 return 1
25 fi
26
27 if ! _contains "$CF_Email" "@"; then
28 _err "It seems that the CF_Email=$CF_Email is not a valid email address."
29 _err "Please check and retry."
30 return 1
31 fi
32
33 #save the api key and email to the account conf file.
34 _saveaccountconf_mutable CF_Key "$CF_Key"
35 _saveaccountconf_mutable CF_Email "$CF_Email"
36
37 _debug "First detect the root zone"
38 if ! _get_root "$fulldomain"; then
39 _err "invalid domain"
40 return 1
41 fi
42 _debug _domain_id "$_domain_id"
43 _debug _sub_domain "$_sub_domain"
44 _debug _domain "$_domain"
45
46 _debug "Getting txt records"
47 _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
48
49 if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
50 _err "Error"
51 return 1
52 fi
53
54 # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
55 # we can not use updating anymore.
56 # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
57 # _debug count "$count"
58 # if [ "$count" = "0" ]; then
59 _info "Adding record"
60 if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
61 if _contains "$response" "$txtvalue"; then
62 _info "Added, OK"
63 return 0
64 elif _contains "$response" "The record already exists"; then
65 _info "Already exists, OK"
66 return 0
67 else
68 _err "Add txt record error."
69 return 1
70 fi
71 fi
72 _err "Add txt record error."
73 return 1
74 # else
75 # _info "Updating record"
76 # record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
77 # _debug "record_id" "$record_id"
78 #
79 # _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
80 # if [ "$?" = "0" ]; then
81 # _info "Updated, OK"
82 # return 0
83 # fi
84 # _err "Update error"
85 # return 1
86 # fi
87
88 }
89
90 #fulldomain txtvalue
91 dns_cf_rm() {
92 fulldomain=$1
93 txtvalue=$2
94
95 CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
96 CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
97 if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
98 CF_Key=""
99 CF_Email=""
100 _err "You didn't specify a Cloudflare api key and email yet."
101 _err "You can get yours from here https://dash.cloudflare.com/profile."
102 return 1
103 fi
104
105 _debug "First detect the root zone"
106 if ! _get_root "$fulldomain"; then
107 _err "invalid domain"
108 return 1
109 fi
110 _debug _domain_id "$_domain_id"
111 _debug _sub_domain "$_sub_domain"
112 _debug _domain "$_domain"
113
114 _debug "Getting txt records"
115 _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
116
117 if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then
118 _err "Error"
119 return 1
120 fi
121
122 count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
123 _debug count "$count"
124 if [ "$count" = "0" ]; then
125 _info "Don't need to remove."
126 else
127 record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
128 _debug "record_id" "$record_id"
129 if [ -z "$record_id" ]; then
130 _err "Can not get record id to remove."
131 return 1
132 fi
133 if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
134 _err "Delete record error."
135 return 1
136 fi
137 _contains "$response" '"success":true'
138 fi
139
140 }
141
142 #################### Private functions below ##################################
143 #_acme-challenge.www.domain.com
144 #returns
145 # _sub_domain=_acme-challenge.www
146 # _domain=domain.com
147 # _domain_id=sdjkglgdfewsdfg
148 _get_root() {
149 domain=$1
150 i=1
151 p=1
152 while true; do
153 h=$(printf "%s" "$domain" | cut -d . -f $i-100)
154 _debug h "$h"
155 if [ -z "$h" ]; then
156 #not valid
157 return 1
158 fi
159
160 if ! _cf_rest GET "zones?name=$h"; then
161 return 1
162 fi
163
164 if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
165 _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
166 if [ "$_domain_id" ]; then
167 _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
168 _domain=$h
169 return 0
170 fi
171 return 1
172 fi
173 p=$i
174 i=$(_math "$i" + 1)
175 done
176 return 1
177 }
178
179 _cf_rest() {
180 m=$1
181 ep="$2"
182 data="$3"
183 _debug "$ep"
184
185 email_trimmed=$(echo $CF_Email | tr -d '"')
186 key_trimmed=$(echo $CF_Key | tr -d '"')
187
188 export _H1="X-Auth-Email: $email_trimmed"
189 export _H2="X-Auth-Key: $key_trimmed"
190 export _H3="Content-Type: application/json"
191
192 if [ "$m" != "GET" ]; then
193 _debug data "$data"
194 response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
195 else
196 response="$(_get "$CF_Api/$ep")"
197 fi
198
199 if [ "$?" != "0" ]; then
200 _err "error $ep"
201 return 1
202 fi
203 _debug2 response "$response"
204 return 0
205 }
acme.sh DNS challenge mirror