Home Explore Help
Register Sign In
Apq
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: dev
Branches Tags
acme.sh
/
dnsapi
/
dns_hetzner.sh

dns_hetzner.sh 6.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256 
  1. #!/usr/bin/env sh
    2. 

  2. # shellcheck disable=SC2034
    3. 

  3. dns_hetzner_info='Hetzner.com
    4. 

  4. Site: Hetzner.com
    5. 

  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hetzner
    6. 

  6. Options:
    7. 

  7.  HETZNER_Token API Token
    8. 

  8. Issues: github.com/acmesh-official/acme.sh/issues/2943
    9. 

  9. '
    10. 

  10. 

  11. HETZNER_Api="https://dns.hetzner.com/api/v1"
    12. 

  12. 

  13. ########  Public functions #####################
    14. 

  14. 

  15. # Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
    16. 

  16. # Used to add txt record
    17. 

  17. # Ref: https://dns.hetzner.com/api-docs/
    18. 

  18. dns_hetzner_add() {
    19. 

  19.   full_domain=$1
    20. 

  20.   txt_value=$2
    21. 

  21. 

  22.   HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}"
    23. 

  23. 

  24.   if [ -z "$HETZNER_Token" ]; then
    25. 

  25.     HETZNER_Token=""
    26. 

  26.     _err "You didn't specify a Hetzner api token."
    27. 

  27.     _err "You can get yours from here https://dns.hetzner.com/settings/api-token."
    28. 

  28.     return 1
    29. 

  29.   fi
    30. 

  30. 

  31.   #save the api key and email to the account conf file.
    32. 

  32.   _saveaccountconf_mutable HETZNER_Token "$HETZNER_Token"
    33. 

  33. 

  34.   _debug "First detect the root zone"
    35. 

  35. 

  36.   if ! _get_root "$full_domain"; then
    37. 

  37.     _err "Invalid domain"
    38. 

  38.     return 1
    39. 

  39.   fi
    40. 

  40.   _debug _domain_id "$_domain_id"
    41. 

  41.   _debug _sub_domain "$_sub_domain"
    42. 

  42.   _debug _domain "$_domain"
    43. 

  43. 

  44.   _debug "Getting TXT records"
    45. 

  45.   if ! _find_record "$_sub_domain" "$txt_value"; then
    46. 

  46.     return 1
    47. 

  47.   fi
    48. 

  48. 

  49.   if [ -z "$_record_id" ]; then
    50. 

  50.     _info "Adding record"
    51. 

  51.     if _hetzner_rest POST "records" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then
    52. 

  52.       if _contains "$response" "$txt_value"; then
    53. 

  53.         _info "Record added, OK"
    54. 

  54.         _sleep 2
    55. 

  55.         return 0
    56. 

  56.       fi
    57. 

  57.     fi
    58. 

  58.     _err "Add txt record error${_response_error}"
    59. 

  59.     return 1
    60. 

  60.   else
    61. 

  61.     _info "Found record id: $_record_id."
    62. 

  62.     _info "Record found, do nothing."
    63. 

  63.     return 0
    64. 

  64.     # we could modify a record, if the names for txt records for *.example.com and example.com would be not the same
    65. 

  65.     #if _hetzner_rest PUT "records/${_record_id}" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$full_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then
    66. 

  66.     #  if _contains "$response" "$txt_value"; then
    67. 

  67.     #    _info "Modified, OK"
    68. 

  68.     #    return 0
    69. 

  69.     #  fi
    70. 

  70.     #fi
    71. 

  71.     #_err "Add txt record error (modify)."
    72. 

  72.     #return 1
    73. 

  73.   fi
    74. 

  74. }
    75. 

  75. 

  76. # Usage: full_domain txt_value
    77. 

  77. # Used to remove the txt record after validation
    78. 

  78. dns_hetzner_rm() {
    79. 

  79.   full_domain=$1
    80. 

  80.   txt_value=$2
    81. 

  81. 

  82.   HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}"
    83. 

  83. 

  84.   _debug "First detect the root zone"
    85. 

  85.   if ! _get_root "$full_domain"; then
    86. 

  86.     _err "Invalid domain"
    87. 

  87.     return 1
    88. 

  88.   fi
    89. 

  89.   _debug _domain_id "$_domain_id"
    90. 

  90.   _debug _sub_domain "$_sub_domain"
    91. 

  91.   _debug _domain "$_domain"
    92. 

  92. 

  93.   _debug "Getting TXT records"
    94. 

  94.   if ! _find_record "$_sub_domain" "$txt_value"; then
    95. 

  95.     return 1
    96. 

  96.   fi
    97. 

  97. 

  98.   if [ -z "$_record_id" ]; then
    99. 

  99.     _info "Remove not needed. Record not found."
    100. 

  100.   else
    101. 

  101.     if ! _hetzner_rest DELETE "records/$_record_id"; then
    102. 

  102.       _err "Delete record error${_response_error}"
    103. 

  103.       return 1
    104. 

  104.     fi
    105. 

  105.     _sleep 2
    106. 

  106.     _info "Record deleted"
    107. 

  107.   fi
    108. 

  108. }
    109. 

  109. 

  110. ####################  Private functions below ##################################
    111. 

  111. #returns
    112. 

  112. # _record_id=a8d58f22d6931bf830eaa0ec6464bf81  if found; or 1 if error
    113. 

  113. _find_record() {
    114. 

  114.   unset _record_id
    115. 

  115.   _record_name=$1
    116. 

  116.   _record_value=$2
    117. 

  117. 

  118.   if [ -z "$_record_value" ]; then
    119. 

  119.     _record_value='[^"]*'
    120. 

  120.   fi
    121. 

  121. 

  122.   _debug "Getting all records"
    123. 

  123.   _hetzner_rest GET "records?zone_id=${_domain_id}"
    124. 

  124. 

  125.   if _response_has_error; then
    126. 

  126.     _err "Error${_response_error}"
    127. 

  127.     return 1
    128. 

  128.   else
    129. 

  129.     _record_id=$(
    130. 

  130.       echo "$response" |
    131. 

  131.         grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" |
    132. 

  132.         grep "\"value\":\"$_record_value\"" |
    133. 

  133.         while read -r record; do
    134. 

  134.           # test for type and
    135. 

  135.           if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then
    136. 

  136.             echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \"
    137. 

  137.             break
    138. 

  138.           fi
    139. 

  139.         done
    140. 

  140.     )
    141. 

  141.   fi
    142. 

  142. }
    143. 

  143. 

  144. #_acme-challenge.www.domain.com
    145. 

  145. #returns
    146. 

  146. # _sub_domain=_acme-challenge.www
    147. 

  147. # _domain=domain.com
    148. 

  148. # _domain_id=sdjkglgdfewsdfg
    149. 

  149. _get_root() {
    150. 

  150.   domain=$1
    151. 

  151.   i=1
    152. 

  152.   p=1
    153. 

  153. 

  154.   domain_without_acme=$(echo "$domain" | cut -d . -f 2-)
    155. 

  155.   domain_param_name=$(echo "HETZNER_Zone_ID_for_${domain_without_acme}" | sed 's/[\.\-]/_/g')
    156. 

  156. 

  157.   _debug "Reading zone_id for '$domain_without_acme' from config..."
    158. 

  158.   HETZNER_Zone_ID=$(_readdomainconf "$domain_param_name")
    159. 

  159.   if [ "$HETZNER_Zone_ID" ]; then
    160. 

  160.     _debug "Found, using: $HETZNER_Zone_ID"
    161. 

  161.     if ! _hetzner_rest GET "zones/${HETZNER_Zone_ID}"; then
    162. 

  162.       _debug "Zone with id '$HETZNER_Zone_ID' does not exist."
    163. 

  163.       _cleardomainconf "$domain_param_name"
    164. 

  164.       unset HETZNER_Zone_ID
    165. 

  165.     else
    166. 

  166.       if _contains "$response" "\"id\":\"$HETZNER_Zone_ID\""; then
    167. 

  167.         _domain=$(printf "%s\n" "$response" | _egrep_o '"name":"[^"]*"' | cut -d : -f 2 | tr -d \" | head -n 1)
    168. 

  168.         if [ "$_domain" ]; then
    169. 

  169.           _cut_length=$((${#domain} - ${#_domain} - 1))
    170. 

  170.           _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cut_length")
    171. 

  171.           _domain_id="$HETZNER_Zone_ID"
    172. 

  172.           return 0
    173. 

  173.         else
    174. 

  174.           return 1
    175. 

  175.         fi
    176. 

  176.       else
    177. 

  177.         return 1
    178. 

  178.       fi
    179. 

  179.     fi
    180. 

  180.   fi
    181. 

  181. 

  182.   _debug "Trying to get zone id by domain name for '$domain_without_acme'."
    183. 

  183.   while true; do
    184. 

  184.     h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
    185. 

  185.     if [ -z "$h" ]; then
    186. 

  186.       #not valid
    187. 

  187.       return 1
    188. 

  188.     fi
    189. 

  189.     _debug h "$h"
    190. 

  190. 

  191.     _hetzner_rest GET "zones?name=$h"
    192. 

  192. 

  193.     if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_entries":1'; then
    194. 

  194.       _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
    195. 

  195.       if [ "$_domain_id" ]; then
    196. 

  196.         _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
    197. 

  197.         _domain=$h
    198. 

  198.         HETZNER_Zone_ID=$_domain_id
    199. 

  199.         _savedomainconf "$domain_param_name" "$HETZNER_Zone_ID"
    200. 

  200.         return 0
    201. 

  201.       fi
    202. 

  202.       return 1
    203. 

  203.     fi
    204. 

  204.     p=$i
    205. 

  205.     i=$(_math "$i" + 1)
    206. 

  206.   done
    207. 

  207.   return 1
    208. 

  208. }
    209. 

  209. 

  210. #returns
    211. 

  211. # _response_error
    212. 

  212. _response_has_error() {
    213. 

  213.   unset _response_error
    214. 

  214. 

  215.   err_part="$(echo "$response" | _egrep_o '"error":\{[^\}]*\}')"
    216. 

  216. 

  217.   if [ -n "$err_part" ]; then
    218. 

  218.     err_code=$(echo "$err_part" | _egrep_o '"code":[0-9]+' | cut -d : -f 2)
    219. 

  219.     err_message=$(echo "$err_part" | _egrep_o '"message":"[^"]+"' | cut -d : -f 2 | tr -d \")
    220. 

  220. 

  221.     if [ -n "$err_code" ] && [ -n "$err_message" ]; then
    222. 

  222.       _response_error=" - message: ${err_message}, code: ${err_code}"
    223. 

  223.       return 0
    224. 

  224.     fi
    225. 

  225.   fi
    226. 

  226. 

  227.   return 1
    228. 

  228. }
    229. 

  229. 

  230. #returns
    231. 

  231. # response
    232. 

  232. _hetzner_rest() {
    233. 

  233.   m=$1
    234. 

  234.   ep="$2"
    235. 

  235.   data="$3"
    236. 

  236.   _debug "$ep"
    237. 

  237. 

  238.   key_trimmed=$(echo "$HETZNER_Token" | tr -d \")
    239. 

  239. 

  240.   export _H1="Content-TType: application/json"
    241. 

  241.   export _H2="Auth-API-Token: $key_trimmed"
    242. 

  242. 

  243.   if [ "$m" != "GET" ]; then
    244. 

  244.     _debug data "$data"
    245. 

  245.     response="$(_post "$data" "$HETZNER_Api/$ep" "" "$m")"
    246. 

  246.   else
    247. 

  247.     response="$(_get "$HETZNER_Api/$ep")"
    248. 

  248.   fi
    249. 

  249. 

  250.   if [ "$?" != "0" ] || _response_has_error; then
    251. 

  251.     _debug "Error$_response_error"
    252. 

  252.     return 1
    253. 

  253.   fi
    254. 

  254.   _debug2 response "$response"
    255. 

  255.   return 0
    256. 

  256. }
    257.