From b07ef223ee21651b3943302820aff24d1b9d7b4e Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 3 Feb 2019 16:18:42 +0100 Subject: [PATCH 01/14] feat: add support for MyDevil.net --- README.md | 1 + deploy/README.md | 10 +++++ deploy/mydevil.sh | 56 +++++++++++++++++++++++++ dnsapi/README.md | 24 +++++++++++ dnsapi/dns_mydevil.sh | 98 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 189 insertions(+) create mode 100755 deploy/mydevil.sh create mode 100755 dnsapi/dns_mydevil.sh diff --git a/README.md b/README.md index 90a648d5f4..aeeca5f4f8 100644 --- a/README.md +++ b/README.md @@ -351,6 +351,7 @@ You don't have to do anything manually! 1. PointDNS API (https://pointhq.com/) 1. Active24.cz API (https://www.active24.cz/) 1. do.de API (https://www.do.de/) +1. MyDevil.net (https://www.mydevil.net/) And: diff --git a/deploy/README.md b/deploy/README.md index 091e9febf7..939865b301 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -381,3 +381,13 @@ you want to update: $ export QINIU_CDN_DOMAIN="cdn.example.com" $ acme.sh --deploy -d example.com --deploy-hook qiniu ``` + +## 14. Deploy your certificate on MyDevil.net + +Once you have acme.sh installed and certificate issued (see info in [DNS API](../dnsapi/README.md)), you can install it by following command: + +```sh +acme.sh --deploy --deploy-hook mydevil -d example.com +``` + +That will remove old certificate and install new one. diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh new file mode 100755 index 0000000000..0a061aec01 --- /dev/null +++ b/deploy/mydevil.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +# MyDevil.net API (2019-02-03) +# +# MyDevil.net already supports automatic Let's Encrypt certificates, +# except for wildcard domains. +# +# This script depends on `devil dns` that MyDevil.net provides, +# which means that it works only on server side. +# +# Author: Marcin Konicki +# +######## Public functions ##################### + +# Usage: mydevil_deploy domain keyfile certfile cafile fullchain +mydevil_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + local ip=$(mydevil_get_ip $_cdomain) + + if [ -z "$ip" ] ; then + _err "Could not find IP for domain $_cdomain." + return 1 + fi + + # Delete old certificate first + _info "Removing old certificate for $_cdomain at $ip" + devil ssl www del "$ip" "$_cdomain" + + # Add new certificate + _info "Adding new certificate for $_cdomain at $ip" + devil ssl www add "$ip" "$_cfullchain" "$_ckey" "$_cdomain" || return 1 + + return 0 +} + +#################### Private functions below ################################## + +# Usage: ip=$(mydevil_get_ip domain.com) +# echo $ip +mydevil_get_ip() { + local domain=$1 + + devil dns list "$domain" | awk '{print $3"\t"$7}' | grep "^A$(printf '\t')" | awk '{print $2}' || return 1 + return 0 +} diff --git a/dnsapi/README.md b/dnsapi/README.md index 4f9b4100c2..955e36c581 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -1172,6 +1172,30 @@ acme.sh --issue --dns dns_doapi -d example.com -d *.example.com The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +## 61. Use MyDevil.net + +Make sure that you can execute own binaries: + +```sh +devil binexec on +``` + +Install acme.sh somewhere on your mydevil host account, probably in your home directory. +Once it is installed, add it to your bin directory (and make sure it exists first): + +```sh +mkdir ~/bin +ln -s /path/to/installed/directory/of/.acme.sh/acme.sh ~/bin/acme.sh +``` + +To issue a new certificate, run: + +```sh +acme.sh --issue --dns dns_mydevil -d example.com -d *.example.com +``` + +After certificate is ready, you can install it with [deploy command](../deploy/README.md). + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh new file mode 100755 index 0000000000..6cdc42d870 --- /dev/null +++ b/dnsapi/dns_mydevil.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +# MyDevil.net API (2019-02-03) +# +# MyDevil.net already supports automatic Let's Encrypt certificates, +# except for wildcard domains. +# +# This script depends on `devil dns` that MyDevil.net provides, +# which means that it works only on server side. +# +# Author: Marcin Konicki +# +######## Public functions ##################### + +#Usage: dns_mydevil_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_mydevil_add() { + local fulldomain=$1 + local txtvalue=$2 + local domain=$(mydevil_get_domain "$fulldomain") + + _info "Using mydevil" + + if ! mydevil_check_record $fulldomain ; then + _err "Invalid record name: does not start with '_acme-challenge'." + return 1 + fi + + if [ -z "$domain" ] ; then + _err "Invalid domain name: could not find root domain of $fulldomain." + return 1 + fi + + _info "Adding $fulldomain record for domain $domain" + if devil dns add "$domain" "$fulldomain" TXT "$txtvalue" ; then + _info "Successfully added TXT record, ready for validation." + return 0 + else + _err "Unable to add DNS record." + return 1 + fi +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_mydevil_rm() { + local fulldomain=$1 + local txtvalue=$2 + local domain=$(mydevil_get_domain "$fulldomain") + + _info "Using mydevil" + + if ! mydevil_check_record $fulldomain ; then + _err "Invalid record name: does not start with '_acme-challenge'." + return 1 + fi + + if [ -z "$domain" ] ; then + _err "Invalid domain name: could not find root domain of $fulldomain." + return 1 + fi + + for id in `devil dns list "$domain" | grep "$fulldomain" | awk '{print $1}'` ; do + _info "Removing record $id from domain $domain" + devil dns del "$domain" "$id" || _err "Could not remove DNS record." + done +} + +#################### Private functions below ################################## + +# Usage: mydevil_check_record "_acme-challenge.www.domain.com" || _err "Invalid record name" +mydevil_check_record() { + local record=$1 + + case "$record" in + "_acme-challenge."*) + return 0 + ;; + *) + return 1 + ;; + esac +} + +# Usage: domain=$(mydevil_get_domain "_acme-challenge.www.domain.com" || _err "Invalid domain name") +# echo $domain +mydevil_get_domain() { + local fulldomain=$1 + local domain="" + + for domain in `devil dns list | grep . | awk '{if(NR>1)print $1}'` ; do + if _endswith "$fulldomain" "$domain" ; then + printf -- "%s" "$domain" + return 0 + fi + done + + return 1 +} From eea3a3c555db18a69eb795fa6f8fb9e0f6bd403c Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 3 Feb 2019 16:22:03 +0100 Subject: [PATCH 02/14] docs: update MyDEvil.net interlinks --- deploy/README.md | 4 ++-- dnsapi/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/README.md b/deploy/README.md index 939865b301..f290756a4d 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -382,9 +382,9 @@ $ export QINIU_CDN_DOMAIN="cdn.example.com" $ acme.sh --deploy -d example.com --deploy-hook qiniu ``` -## 14. Deploy your certificate on MyDevil.net +## 14. Deploy your cert on MyDevil.net -Once you have acme.sh installed and certificate issued (see info in [DNS API](../dnsapi/README.md)), you can install it by following command: +Once you have acme.sh installed and certificate issued (see info in [DNS API](../dnsapi/README.md#61-use-mydevilnet)), you can install it by following command: ```sh acme.sh --deploy --deploy-hook mydevil -d example.com diff --git a/dnsapi/README.md b/dnsapi/README.md index 955e36c581..ebc6db465e 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -1194,7 +1194,7 @@ To issue a new certificate, run: acme.sh --issue --dns dns_mydevil -d example.com -d *.example.com ``` -After certificate is ready, you can install it with [deploy command](../deploy/README.md). +After certificate is ready, you can install it with [deploy command](../deploy/README.md#14-deploy-your-cert-on-mydevilnet). # Use custom API From 1983913ed1d9b0ee108247d871ef9e9f273d211e Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 3 Feb 2019 16:27:46 +0100 Subject: [PATCH 03/14] docs: some more info about handling changing IP (just in case) on MyDevil.net --- dnsapi/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index ebc6db465e..a8fe08f5f2 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -1181,13 +1181,15 @@ devil binexec on ``` Install acme.sh somewhere on your mydevil host account, probably in your home directory. -Once it is installed, add it to your bin directory (and make sure it exists first): +Once it is installed, add it to your `~/bin` directory (and make sure it exists first): ```sh mkdir ~/bin ln -s /path/to/installed/directory/of/.acme.sh/acme.sh ~/bin/acme.sh ``` +If you're not using private IP and depend on default IP provided by host, you may want to edit `crontab` too, and make sure that `acme.sh --cron` is run also after reboot (you can find out how to do that on their wiki pages). + To issue a new certificate, run: ```sh From 3bb70229195765a216e85bef4827ddbaeb097095 Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 3 Feb 2019 16:51:14 +0100 Subject: [PATCH 04/14] style: restyle MyDevil.net scripts to pass ShellCheck.net validation --- deploy/mydevil.sh | 14 +++++++------- dnsapi/dns_mydevil.sh | 14 ++++++++------ 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index 0a061aec01..5fd0b7b988 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -14,11 +14,12 @@ # Usage: mydevil_deploy domain keyfile certfile cafile fullchain mydevil_deploy() { - _cdomain="$1" - _ckey="$2" - _ccert="$3" - _cca="$4" - _cfullchain="$5" + local _cdomain="$1" + local _ckey="$2" + local _ccert="$3" + local _cca="$4" + local _cfullchain="$5" + local ip="" _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" @@ -26,8 +27,7 @@ mydevil_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - local ip=$(mydevil_get_ip $_cdomain) - + ip=$(mydevil_get_ip "$_cdomain") if [ -z "$ip" ] ; then _err "Could not find IP for domain $_cdomain." return 1 diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 6cdc42d870..35cfe7678a 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -16,11 +16,12 @@ dns_mydevil_add() { local fulldomain=$1 local txtvalue=$2 - local domain=$(mydevil_get_domain "$fulldomain") + local domain="" _info "Using mydevil" - if ! mydevil_check_record $fulldomain ; then + domain=$(mydevil_get_domain "$fulldomain") + if ! mydevil_check_record "$fulldomain" ; then _err "Invalid record name: does not start with '_acme-challenge'." return 1 fi @@ -45,11 +46,12 @@ dns_mydevil_add() { dns_mydevil_rm() { local fulldomain=$1 local txtvalue=$2 - local domain=$(mydevil_get_domain "$fulldomain") + local domain="" _info "Using mydevil" - if ! mydevil_check_record $fulldomain ; then + domain=$(mydevil_get_domain "$fulldomain") + if ! mydevil_check_record "$fulldomain" ; then _err "Invalid record name: does not start with '_acme-challenge'." return 1 fi @@ -59,7 +61,7 @@ dns_mydevil_rm() { return 1 fi - for id in `devil dns list "$domain" | grep "$fulldomain" | awk '{print $1}'` ; do + for id in $(devil dns list "$domain" | grep "$fulldomain" | awk '{print $1}') ; do _info "Removing record $id from domain $domain" devil dns del "$domain" "$id" || _err "Could not remove DNS record." done @@ -87,7 +89,7 @@ mydevil_get_domain() { local fulldomain=$1 local domain="" - for domain in `devil dns list | grep . | awk '{if(NR>1)print $1}'` ; do + for domain in $(devil dns list | grep . | awk '{if(NR>1)print $1}') ; do if _endswith "$fulldomain" "$domain" ; then printf -- "%s" "$domain" return 0 From 84a1e1840f7d0570a1455f321c37a6afefdcdc66 Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 3 Feb 2019 22:56:43 +0100 Subject: [PATCH 05/14] style: fix style errors reported by shfmt --- deploy/mydevil.sh | 2 +- dnsapi/dns_mydevil.sh | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index 5fd0b7b988..0d0704696d 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -28,7 +28,7 @@ mydevil_deploy() { _debug _cfullchain "$_cfullchain" ip=$(mydevil_get_ip "$_cdomain") - if [ -z "$ip" ] ; then + if [ -z "$ip" ]; then _err "Could not find IP for domain $_cdomain." return 1 fi diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 35cfe7678a..397ae4815d 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -21,18 +21,18 @@ dns_mydevil_add() { _info "Using mydevil" domain=$(mydevil_get_domain "$fulldomain") - if ! mydevil_check_record "$fulldomain" ; then + if ! mydevil_check_record "$fulldomain"; then _err "Invalid record name: does not start with '_acme-challenge'." return 1 fi - if [ -z "$domain" ] ; then + if [ -z "$domain" ]; then _err "Invalid domain name: could not find root domain of $fulldomain." return 1 fi _info "Adding $fulldomain record for domain $domain" - if devil dns add "$domain" "$fulldomain" TXT "$txtvalue" ; then + if devil dns add "$domain" "$fulldomain" TXT "$txtvalue"; then _info "Successfully added TXT record, ready for validation." return 0 else @@ -51,17 +51,17 @@ dns_mydevil_rm() { _info "Using mydevil" domain=$(mydevil_get_domain "$fulldomain") - if ! mydevil_check_record "$fulldomain" ; then + if ! mydevil_check_record "$fulldomain"; then _err "Invalid record name: does not start with '_acme-challenge'." return 1 fi - if [ -z "$domain" ] ; then + if [ -z "$domain" ]; then _err "Invalid domain name: could not find root domain of $fulldomain." return 1 fi - for id in $(devil dns list "$domain" | grep "$fulldomain" | awk '{print $1}') ; do + for id in $(devil dns list "$domain" | grep "$fulldomain" | awk '{print $1}'); do _info "Removing record $id from domain $domain" devil dns del "$domain" "$id" || _err "Could not remove DNS record." done @@ -89,8 +89,8 @@ mydevil_get_domain() { local fulldomain=$1 local domain="" - for domain in $(devil dns list | grep . | awk '{if(NR>1)print $1}') ; do - if _endswith "$fulldomain" "$domain" ; then + for domain in $(devil dns list | grep . | awk '{if(NR>1)print $1}'); do + if _endswith "$fulldomain" "$domain"; then printf -- "%s" "$domain" return 0 fi From b2cb73c875e63d3f094a7a2104e0b129257f239a Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 3 Feb 2019 22:59:27 +0100 Subject: [PATCH 06/14] style: fix 2 more errors reported by shfmt --- dnsapi/dns_mydevil.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 397ae4815d..66064dffb3 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -26,7 +26,7 @@ dns_mydevil_add() { return 1 fi - if [ -z "$domain" ]; then + if [ -z "$domain" ]; then _err "Invalid domain name: could not find root domain of $fulldomain." return 1 fi @@ -56,7 +56,7 @@ dns_mydevil_rm() { return 1 fi - if [ -z "$domain" ]; then + if [ -z "$domain" ]; then _err "Invalid domain name: could not find root domain of $fulldomain." return 1 fi From 3fa6fb57310788bc2d9ae1821863b07f88e3bf1e Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Mon, 11 Feb 2019 17:02:18 +0100 Subject: [PATCH 07/14] fix: do not use `local` keyword as requested by @Neilpang --- deploy/mydevil.sh | 16 +++++++--------- dnsapi/dns_mydevil.sh | 20 +++++++++----------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index 0d0704696d..ef31b04bd3 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -14,12 +14,12 @@ # Usage: mydevil_deploy domain keyfile certfile cafile fullchain mydevil_deploy() { - local _cdomain="$1" - local _ckey="$2" - local _ccert="$3" - local _cca="$4" - local _cfullchain="$5" - local ip="" + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + ip="" _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" @@ -49,8 +49,6 @@ mydevil_deploy() { # Usage: ip=$(mydevil_get_ip domain.com) # echo $ip mydevil_get_ip() { - local domain=$1 - - devil dns list "$domain" | awk '{print $3"\t"$7}' | grep "^A$(printf '\t')" | awk '{print $2}' || return 1 + devil dns list "$1" | awk '{print $3"\t"$7}' | grep "^A$(printf '\t')" | awk '{print $2}' || return 1 return 0 } diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 66064dffb3..8f8c55805f 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -14,9 +14,9 @@ #Usage: dns_mydevil_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_mydevil_add() { - local fulldomain=$1 - local txtvalue=$2 - local domain="" + fulldomain=$1 + txtvalue=$2 + domain="" _info "Using mydevil" @@ -44,9 +44,9 @@ dns_mydevil_add() { #Usage: fulldomain txtvalue #Remove the txt record after validation. dns_mydevil_rm() { - local fulldomain=$1 - local txtvalue=$2 - local domain="" + fulldomain=$1 + txtvalue=$2 + domain="" _info "Using mydevil" @@ -71,9 +71,7 @@ dns_mydevil_rm() { # Usage: mydevil_check_record "_acme-challenge.www.domain.com" || _err "Invalid record name" mydevil_check_record() { - local record=$1 - - case "$record" in + case "$1" in "_acme-challenge."*) return 0 ;; @@ -86,8 +84,8 @@ mydevil_check_record() { # Usage: domain=$(mydevil_get_domain "_acme-challenge.www.domain.com" || _err "Invalid domain name") # echo $domain mydevil_get_domain() { - local fulldomain=$1 - local domain="" + fulldomain=$1 + domain="" for domain in $(devil dns list | grep . | awk '{if(NR>1)print $1}'); do if _endswith "$fulldomain" "$domain"; then From e5475b7e3e0612540816eb3cb32ebb1dd5d4f552 Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Mon, 11 Feb 2019 17:11:58 +0100 Subject: [PATCH 08/14] fix: check if `devil` command exists, as requested by @Neilpang --- deploy/mydevil.sh | 5 +++++ dnsapi/dns_mydevil.sh | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index ef31b04bd3..73981abddf 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -27,6 +27,11 @@ mydevil_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" + if ! _exists "devil" ; then + _err "Could not find 'devil' command." + return 1 + fi + ip=$(mydevil_get_ip "$_cdomain") if [ -z "$ip" ]; then _err "Could not find IP for domain $_cdomain." diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 8f8c55805f..820233f393 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -18,6 +18,11 @@ dns_mydevil_add() { txtvalue=$2 domain="" + if ! _exists "devil" ; then + _err "Could not find 'devil' command." + return 1 + fi + _info "Using mydevil" domain=$(mydevil_get_domain "$fulldomain") @@ -48,6 +53,11 @@ dns_mydevil_rm() { txtvalue=$2 domain="" + if ! _exists "devil" ; then + _err "Could not find 'devil' command." + return 1 + fi + _info "Using mydevil" domain=$(mydevil_get_domain "$fulldomain") From 6c9bbc759d6fa76ad652364fece2f0b9f68abd5a Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sat, 16 Feb 2019 13:17:11 +0100 Subject: [PATCH 09/14] style: fix --- deploy/mydevil.sh | 2 +- dnsapi/dns_mydevil.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index 73981abddf..a414815eff 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -27,7 +27,7 @@ mydevil_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - if ! _exists "devil" ; then + if ! _exists "devil"; then _err "Could not find 'devil' command." return 1 fi diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 820233f393..494fbd7bd5 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -18,7 +18,7 @@ dns_mydevil_add() { txtvalue=$2 domain="" - if ! _exists "devil" ; then + if ! _exists "devil"; then _err "Could not find 'devil' command." return 1 fi @@ -53,7 +53,7 @@ dns_mydevil_rm() { txtvalue=$2 domain="" - if ! _exists "devil" ; then + if ! _exists "devil"; then _err "Could not find 'devil' command." return 1 fi From f1b678290cfd73f296a82fb14e4c6632be6ed71b Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 17 Feb 2019 16:21:30 +0100 Subject: [PATCH 10/14] fix: use `cut` and `tail` instead of `awk` --- deploy/mydevil.sh | 2 +- dnsapi/dns_mydevil.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index a414815eff..d0805b8a4d 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -54,6 +54,6 @@ mydevil_deploy() { # Usage: ip=$(mydevil_get_ip domain.com) # echo $ip mydevil_get_ip() { - devil dns list "$1" | awk '{print $3"\t"$7}' | grep "^A$(printf '\t')" | awk '{print $2}' || return 1 + devil dns list "$1" | cut -w -s -f 3,7 | grep "^A$(printf '\t')" | cut -w -s -f 2 || return 1 return 0 } diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 494fbd7bd5..e4069bec29 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -71,7 +71,7 @@ dns_mydevil_rm() { return 1 fi - for id in $(devil dns list "$domain" | grep "$fulldomain" | awk '{print $1}'); do + for id in $(devil dns list "$domain" | grep "$fulldomain" | cut -w -s -f 1); do _info "Removing record $id from domain $domain" devil dns del "$domain" "$id" || _err "Could not remove DNS record." done @@ -97,7 +97,7 @@ mydevil_get_domain() { fulldomain=$1 domain="" - for domain in $(devil dns list | grep . | awk '{if(NR>1)print $1}'); do + for domain in $(devil dns list | cut -w -s -f 1 | tail -n+2); do if _endswith "$fulldomain" "$domain"; then printf -- "%s" "$domain" return 0 From 19042f696e0c122ca304d8fda3cb5a1f4e0d565e Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 17 Feb 2019 19:29:20 +0100 Subject: [PATCH 11/14] fix: do not depend on `_acme-challenge` prefix No need to check record name when adding records. Remove only `TXT` records that match both `txtdomain` and `txtvalue`. --- dnsapi/dns_mydevil.sh | 35 ++++++++++++----------------------- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index e4069bec29..c71c3c6800 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -26,16 +26,14 @@ dns_mydevil_add() { _info "Using mydevil" domain=$(mydevil_get_domain "$fulldomain") - if ! mydevil_check_record "$fulldomain"; then - _err "Invalid record name: does not start with '_acme-challenge'." - return 1 - fi - if [ -z "$domain" ]; then _err "Invalid domain name: could not find root domain of $fulldomain." return 1 fi + # No need to check if record name exists, `devil` always adds new record. + # In worst case scenario, we end up with multiple identical records. + _info "Adding $fulldomain record for domain $domain" if devil dns add "$domain" "$fulldomain" TXT "$txtvalue"; then _info "Successfully added TXT record, ready for validation." @@ -61,17 +59,20 @@ dns_mydevil_rm() { _info "Using mydevil" domain=$(mydevil_get_domain "$fulldomain") - if ! mydevil_check_record "$fulldomain"; then - _err "Invalid record name: does not start with '_acme-challenge'." - return 1 - fi - if [ -z "$domain" ]; then _err "Invalid domain name: could not find root domain of $fulldomain." return 1 fi - for id in $(devil dns list "$domain" | grep "$fulldomain" | cut -w -s -f 1); do + # catch one or more numbers + num='[0-9][0-9]*' + # catch one or more whitespace + w=$(printf '[\t ][\t ]*') + # catch anything, except newline + any='.*' + # filter to make sure we do not delete other records + validRecords="^${num}${w}${fulldomain}${w}TXT${w}${any}${txtvalue}$" + for id in $(devil dns list "$domain" | tail -n+2 | grep "${validRecords}" | cut -w -s -f 1); do _info "Removing record $id from domain $domain" devil dns del "$domain" "$id" || _err "Could not remove DNS record." done @@ -79,18 +80,6 @@ dns_mydevil_rm() { #################### Private functions below ################################## -# Usage: mydevil_check_record "_acme-challenge.www.domain.com" || _err "Invalid record name" -mydevil_check_record() { - case "$1" in - "_acme-challenge."*) - return 0 - ;; - *) - return 1 - ;; - esac -} - # Usage: domain=$(mydevil_get_domain "_acme-challenge.www.domain.com" || _err "Invalid domain name") # echo $domain mydevil_get_domain() { From db536fe22acfb031c27f098108f929e0bf313aa6 Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Sun, 17 Feb 2019 19:44:39 +0100 Subject: [PATCH 12/14] docs: rewrite info about installation/setup of acme.sh on MyDevil.net --- dnsapi/README.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index 953991ef5f..9f176c0d23 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -1267,13 +1267,7 @@ Make sure that you can execute own binaries: devil binexec on ``` -Install acme.sh somewhere on your mydevil host account, probably in your home directory. -Once it is installed, add it to your `~/bin` directory (and make sure it exists first): - -```sh -mkdir ~/bin -ln -s /path/to/installed/directory/of/.acme.sh/acme.sh ~/bin/acme.sh -``` +Install acme.sh, or simply `git clone` it into some directory on your MyDevil host account (in which case you should link to it from your `~/bin` directory). If you're not using private IP and depend on default IP provided by host, you may want to edit `crontab` too, and make sure that `acme.sh --cron` is run also after reboot (you can find out how to do that on their wiki pages). From f106bef6c75095a563743eae7ce246dbd813e523 Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Mon, 18 Feb 2019 16:14:33 +0100 Subject: [PATCH 13/14] fix: change shebang as requested by @Neilpang --- deploy/mydevil.sh | 2 +- dnsapi/dns_mydevil.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index d0805b8a4d..1154c0c18c 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env sh # MyDevil.net API (2019-02-03) # diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index c71c3c6800..3f9df21f7b 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env sh # MyDevil.net API (2019-02-03) # From 78750a393f587440a946d231492d33ca7d7218b3 Mon Sep 17 00:00:00 2001 From: ahwayakchih Date: Mon, 18 Feb 2019 16:30:25 +0100 Subject: [PATCH 14/14] docs: update comment in MyDevil.net deploy and dns scripts --- deploy/mydevil.sh | 2 +- dnsapi/dns_mydevil.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/mydevil.sh b/deploy/mydevil.sh index 1154c0c18c..bd9868aa8f 100755 --- a/deploy/mydevil.sh +++ b/deploy/mydevil.sh @@ -5,7 +5,7 @@ # MyDevil.net already supports automatic Let's Encrypt certificates, # except for wildcard domains. # -# This script depends on `devil dns` that MyDevil.net provides, +# This script depends on `devil` command that MyDevil.net provides, # which means that it works only on server side. # # Author: Marcin Konicki diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 3f9df21f7b..2f39895923 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -5,7 +5,7 @@ # MyDevil.net already supports automatic Let's Encrypt certificates, # except for wildcard domains. # -# This script depends on `devil dns` that MyDevil.net provides, +# This script depends on `devil` command that MyDevil.net provides, # which means that it works only on server side. # # Author: Marcin Konicki