4 #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
6 #CF_Email="xxxx@sss.com"
12 CF_Api
="https://api.cloudflare.com/client/v4"
14 ######## Public functions #####################
16 #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
21 CF_Token
="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
22 CF_Account_ID
="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
23 CF_Zone_ID
="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
24 CF_Key
="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
25 CF_Email
="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
27 if [ "$CF_Token" ]; then
28 _saveaccountconf_mutable CF_Token
"$CF_Token"
29 _saveaccountconf_mutable CF_Account_ID
"$CF_Account_ID"
30 _saveaccountconf_mutable CF_Zone_ID
"$CF_Zone_ID"
32 if [ -z "$CF_Key" ] ||
[ -z "$CF_Email" ]; then
35 _err
"You didn't specify a Cloudflare api key and email yet."
36 _err
"You can get yours from here https://dash.cloudflare.com/profile."
40 if ! _contains
"$CF_Email" "@"; then
41 _err
"It seems that the CF_Email=$CF_Email is not a valid email address."
42 _err
"Please check and retry."
45 #save the api key and email to the account conf file.
46 _saveaccountconf_mutable CF_Key
"$CF_Key"
47 _saveaccountconf_mutable CF_Email
"$CF_Email"
50 _debug
"First detect the root zone"
51 if ! _get_root
"$fulldomain"; then
55 _debug _domain_id
"$_domain_id"
56 _debug _sub_domain
"$_sub_domain"
57 _debug _domain
"$_domain"
59 _debug
"Getting txt records"
60 _cf_rest GET
"zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
62 if ! printf "%s" "$response" |
grep \"success
\":true
>/dev
/null
; then
67 # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
68 # we can not use updating anymore.
69 # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
70 # _debug count "$count"
71 # if [ "$count" = "0" ]; then
73 if _cf_rest POST
"zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
74 if _contains
"$response" "$txtvalue"; then
77 elif _contains
"$response" "The record already exists"; then
78 _info
"Already exists, OK"
81 _err
"Add txt record error."
85 _err
"Add txt record error."
95 CF_Token
="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
96 CF_Account_ID
="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
97 CF_Zone_ID
="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
98 CF_Key
="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
99 CF_Email
="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
101 _debug
"First detect the root zone"
102 if ! _get_root
"$fulldomain"; then
103 _err
"invalid domain"
106 _debug _domain_id
"$_domain_id"
107 _debug _sub_domain
"$_sub_domain"
108 _debug _domain
"$_domain"
110 _debug
"Getting txt records"
111 _cf_rest GET
"zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
113 if ! printf "%s" "$response" |
grep \"success
\":true
>/dev
/null
; then
114 _err
"Error: $response"
118 count
=$
(printf "%s\n" "$response" | _egrep_o
"\"count\":[^,]*" | cut
-d : -f 2)
119 _debug count
"$count"
120 if [ "$count" = "0" ]; then
121 _info
"Don't need to remove."
123 record_id
=$
(printf "%s\n" "$response" | _egrep_o
"\"id\":\"[^\"]*\"" | cut
-d : -f 2 |
tr -d \" |
head -n 1)
124 _debug
"record_id" "$record_id"
125 if [ -z "$record_id" ]; then
126 _err
"Can not get record id to remove."
129 if ! _cf_rest DELETE
"zones/$_domain_id/dns_records/$record_id"; then
130 _err
"Delete record error."
133 _contains
"$response" '"success":true'
138 #################### Private functions below ##################################
139 #_acme-challenge.www.domain.com
141 # _sub_domain=_acme-challenge.www
143 # _domain_id=sdjkglgdfewsdfg
149 # Use Zone ID directly if provided
150 if [ "$CF_Zone_ID" ]; then
151 if ! _cf_rest GET
"zones/$CF_Zone_ID"; then
154 if _contains
"$response" '"success":true'; then
155 _domain
=$
(printf "%s\n" "$response" | _egrep_o
"\"name\":\"[^\"]*\"" | cut
-d : -f 2 |
tr -d \" |
head -n 1)
156 if [ "$_domain" ]; then
157 _cutlength
=$
((${#domain} - ${#_domain} - 1))
158 _sub_domain
=$
(printf "%s" "$domain" | cut
-c "1-$_cutlength")
159 _domain_id
=$CF_Zone_ID
171 h
=$
(printf "%s" "$domain" | cut
-d .
-f $i-100)
178 if [ "$CF_Account_ID" ]; then
179 if ! _cf_rest GET
"zones?name=$h&account.id=$CF_Account_ID"; then
183 if ! _cf_rest GET
"zones?name=$h"; then
188 if _contains
"$response" "\"name\":\"$h\"" || _contains
"$response" '"total_count":1'; then
189 _domain_id
=$
(echo "$response" | _egrep_o
"\[.\"id\":\"[^\"]*\"" | _head_n
1 | cut
-d : -f 2 |
tr -d \")
190 if [ "$_domain_id" ]; then
191 _sub_domain
=$
(printf "%s" "$domain" | cut
-d .
-f 1-$p)
209 email_trimmed
=$
(echo "$CF_Email" |
tr -d '"')
210 key_trimmed
=$
(echo "$CF_Key" |
tr -d '"')
211 token_trimmed
=$
(echo "$CF_Token" |
tr -d '"')
213 export _H1
="Content-Type: application/json"
214 if [ "$token_trimmed" ]; then
215 export _H2
="Authorization: Bearer $token_trimmed"
217 export _H2
="X-Auth-Email: $email_trimmed"
218 export _H3
="X-Auth-Key: $key_trimmed"
221 if [ "$m" != "GET" ]; then
223 response
="$(_post "$data" "$CF_Api/$ep" "" "$m")"
225 response
="$(_get "$CF_Api/$ep")"
228 if [ "$?" != "0" ]; then
232 _debug2 response
"$response"