Home Explore Help
Register Sign In
Apq
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Files Issues 0 Wiki
Branch: dev
Branches Tags
acme.sh
/
dnsapi
/
dns_nsupdate.sh

dns_nsupdate.sh 4.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. #!/usr/bin/env sh
    2. 

  2. # shellcheck disable=SC2034
    3. 

  3. dns_nsupdate_info='nsupdate RFC 2136 DynDNS client
    4. 

  4. Site: bind9.readthedocs.io/en/v9.18.19/manpages.html#nsupdate-dynamic-dns-update-utility
    5. 

  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsupdate
    6. 

  6. Options:
    7. 

  7.  NSUPDATE_SERVER Server hostname. Default: "localhost".
    8. 

  8.  NSUPDATE_SERVER_PORT Server port. Default: "53".
    9. 

  9.  NSUPDATE_KEY File path to TSIG key.
    10. 

  10.  NSUPDATE_ZONE Domain zone to update. Optional.
    11. 

  11. '
    12. 

  12. 

  13. ########  Public functions #####################
    14. 

  14. 

  15. #Usage: dns_nsupdate_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
    16. 

  16. dns_nsupdate_add() {
    17. 

  17.   fulldomain=$1
    18. 

  18.   txtvalue=$2
    19. 

  19.   NSUPDATE_SERVER="${NSUPDATE_SERVER:-$(_readaccountconf_mutable NSUPDATE_SERVER)}"
    20. 

  20.   NSUPDATE_SERVER_PORT="${NSUPDATE_SERVER_PORT:-$(_readaccountconf_mutable NSUPDATE_SERVER_PORT)}"
    21. 

  21.   NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
    22. 

  22.   NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}"
    23. 

  23.   NSUPDATE_OPT="${NSUPDATE_OPT:-$(_readaccountconf_mutable NSUPDATE_OPT)}"
    24. 

  24. 

  25.   _checkKeyFile || return 1
    26. 

  26. 

  27.   # save the dns server and key to the account conf file.
    28. 

  28.   _saveaccountconf_mutable NSUPDATE_SERVER "${NSUPDATE_SERVER}"
    29. 

  29.   _saveaccountconf_mutable NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
    30. 

  30.   _saveaccountconf_mutable NSUPDATE_KEY "${NSUPDATE_KEY}"
    31. 

  31.   _saveaccountconf_mutable NSUPDATE_ZONE "${NSUPDATE_ZONE}"
    32. 

  32.   _saveaccountconf_mutable NSUPDATE_OPT "${NSUPDATE_OPT}"
    33. 

  33. 

  34.   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
    35. 

  35.   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
    36. 

  36.   [ -n "${NSUPDATE_OPT}" ] || NSUPDATE_OPT=""
    37. 

  37. 

  38.   _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
    39. 

  39.   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
    40. 

  40.   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
    41. 

  41.   if [ -z "${NSUPDATE_ZONE}" ]; then
    42. 

  42.     #shellcheck disable=SC2086
    43. 

  43.     nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
    44. 

  44. server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
    45. 

  45. update add ${fulldomain}. 60 in txt "${txtvalue}"
    46. 

  46. send
    47. 

  47. EOF
    48. 

  48.   else
    49. 

  49.     #shellcheck disable=SC2086
    50. 

  50.     nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
    51. 

  51. server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
    52. 

  52. zone ${NSUPDATE_ZONE}.
    53. 

  53. update add ${fulldomain}. 60 in txt "${txtvalue}"
    54. 

  54. send
    55. 

  55. EOF
    56. 

  56.   fi
    57. 

  57.   if [ $? -ne 0 ]; then
    58. 

  58.     _err "error updating domain"
    59. 

  59.     return 1
    60. 

  60.   fi
    61. 

  61. 

  62.   return 0
    63. 

  63. }
    64. 

  64. 

  65. #Usage: dns_nsupdate_rm   _acme-challenge.www.domain.com
    66. 

  66. dns_nsupdate_rm() {
    67. 

  67.   fulldomain=$1
    68. 

  68. 

  69.   NSUPDATE_SERVER="${NSUPDATE_SERVER:-$(_readaccountconf_mutable NSUPDATE_SERVER)}"
    70. 

  70.   NSUPDATE_SERVER_PORT="${NSUPDATE_SERVER_PORT:-$(_readaccountconf_mutable NSUPDATE_SERVER_PORT)}"
    71. 

  71.   NSUPDATE_KEY="${NSUPDATE_KEY:-$(_readaccountconf_mutable NSUPDATE_KEY)}"
    72. 

  72.   NSUPDATE_ZONE="${NSUPDATE_ZONE:-$(_readaccountconf_mutable NSUPDATE_ZONE)}"
    73. 

  73.   NSUPDATE_OPT="${NSUPDATE_OPT:-$(_readaccountconf_mutable NSUPDATE_OPT)}"
    74. 

  74. 

  75.   _checkKeyFile || return 1
    76. 

  76.   [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
    77. 

  77.   [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
    78. 

  78.   _info "removing ${fulldomain}. txt"
    79. 

  79.   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
    80. 

  80.   [ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
    81. 

  81.   if [ -z "${NSUPDATE_ZONE}" ]; then
    82. 

  82.     #shellcheck disable=SC2086
    83. 

  83.     nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
    84. 

  84. server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
    85. 

  85. update delete ${fulldomain}. txt
    86. 

  86. send
    87. 

  87. EOF
    88. 

  88.   else
    89. 

  89.     #shellcheck disable=SC2086
    90. 

  90.     nsupdate -k "${NSUPDATE_KEY}" $nsdebug $NSUPDATE_OPT <<EOF
    91. 

  91. server ${NSUPDATE_SERVER}  ${NSUPDATE_SERVER_PORT}
    92. 

  92. zone ${NSUPDATE_ZONE}.
    93. 

  93. update delete ${fulldomain}. txt
    94. 

  94. send
    95. 

  95. EOF
    96. 

  96.   fi
    97. 

  97.   if [ $? -ne 0 ]; then
    98. 

  98.     _err "error updating domain"
    99. 

  99.     return 1
    100. 

  100.   fi
    101. 

  101. 

  102.   return 0
    103. 

  103. }
    104. 

  104. 

  105. ####################  Private functions below ##################################
    106. 

  106. 

  107. _checkKeyFile() {
    108. 

  108.   if [ -z "${NSUPDATE_KEY}" ]; then
    109. 

  109.     _err "you must specify a path to the nsupdate key file"
    110. 

  110.     return 1
    111. 

  111.   fi
    112. 

  112.   if [ ! -r "${NSUPDATE_KEY}" ]; then
    113. 

  113.     _err "key ${NSUPDATE_KEY} is unreadable"
    114. 

  114.     return 1
    115. 

  115.   fi
    116. 

  116. }
    117.