From e3b4b44236373aba7d451077f9efed8c1043e87c Mon Sep 17 00:00:00 2001 From: Damian Hopa Date: Mon, 31 Jan 2022 19:57:45 +0100 Subject: [PATCH 1/4] Added dns_sdns plugin. --- dnsapi/dns_sdns.sh | 125 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 dnsapi/dns_sdns.sh diff --git a/dnsapi/dns_sdns.sh b/dnsapi/dns_sdns.sh new file mode 100644 index 00000000..cc244cfb --- /dev/null +++ b/dnsapi/dns_sdns.sh @@ -0,0 +1,125 @@ +#!/usr/bin/env sh + +# Usage to order a * certificate +# ./acme.sh --issue -d '*.www.domain.com' --dns dns_sdns --server letsencrypt --dnssleep 240 + +SDNS_API_URL="https://robot.s-dns.de:8488/" + + +# export SDNS_ZONE_KEY=your_zone_key + +######## Public functions ##################### + +# Adds a txt record with the specified value. Does not remove an existing record +# Usage: dns_sdns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_sdns_add () +{ + fulldomain=$1; + txtvalue=$2; + _debug2 "dns_sdns_add() entered"; + SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}"; + if [ -z "$SDNS_ZONE_KEY" ]; then + SDNS_ZONE_KEY=""; + _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)"; + return 1; + fi; + _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY"; + _debug "First detect the root zone"; + if ! _get_root "$fulldomain"; then + _err "invalid domain"; + return 1; + fi; + _debug _sub_domain "$_sub_domain"; + _debug _domain "$_domain"; + _payload=" + + + + +"; + _debug2 "$_payload"; + response=$(_post "$_payload" "$SDNS_API_URL"); + _debug2 "$response"; + if _contains "$response" "status=\"OK\""; then + _debug "The TXT record has been added."; + return 0; + else + _err "The attempt to add the TXT record has failed."; + return 1; + fi +} + +# Removes a txt record with the specified value. This function does not remove resource records with the same name but a different values. +# Usage: dns_sdns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_sdns_rm () +{ + fulldomain=$1; + txtvalue=$2; + _debug2 "dns_sdns_rm() entered"; + SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}"; + if [ -z "$SDNS_ZONE_KEY" ]; then + SDNS_ZONE_KEY=""; + _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)"; + return 1; + fi; + _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY"; + _debug "First detect the root zone"; + if ! _get_root "$fulldomain"; then + _err "invalid domain"; + return 1; + fi; + _debug _sub_domain "$_sub_domain"; + _debug _domain "$_domain"; + _payload=" + + + + +"; + _debug $_payload; + response=$(_post "$_payload" "$SDNS_API_URL"); + _debug $response; + if _contains "$response" "status=\"OK\""; then + _debug "The TXT record has been deleted."; + return 0; + else + _err "The attempt to delete the TXT record has failed."; + return 1; + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root () +{ + fulldomain=$1; + _debug2 "_get_root() entered"; + SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}"; + if [ -z "$SDNS_ZONE_KEY" ]; then + SDNS_ZONE_KEY=""; + _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)"; + return 1; + fi; + _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY"; + _payload=" + + $fulldomain +"; + _debug2 "$_payload"; + response=$(_post "$_payload" "$SDNS_API_URL"); + _debug2 "$response"; + if _contains "$response" "status=\"found\""; then + _debug "root domain is found"; + + _domain=$(printf "%s\n" "$response" | _egrep_o "(.*)" | cut -d ">" -f 2 | cut -d "<" -f 1); + _sub_domain=$(printf "%s\n" "$response" | _egrep_o "(.*)" | cut -d ">" -f 2 | cut -d "<" -f 1); + + _debug _domain "$_domain"; + _debug _sub_domain "$_sub_domain"; + return 0; + fi +} + From 0ec426437fb366f2946e0f687af271d3dd782b68 Mon Sep 17 00:00:00 2001 From: Damian Hopa Date: Tue, 1 Feb 2022 12:02:56 +0100 Subject: [PATCH 2/4] Trigger Action --- dnsapi/dns_sdns.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_sdns.sh b/dnsapi/dns_sdns.sh index cc244cfb..4f1f31ff 100644 --- a/dnsapi/dns_sdns.sh +++ b/dnsapi/dns_sdns.sh @@ -90,6 +90,7 @@ dns_sdns_rm () #################### Private functions below ################################## #_acme-challenge.www.domain.com + #returns # _sub_domain=_acme-challenge.www # _domain=domain.com From 6a4d12fcc3f53635993660cf2d5b0e3866a768b5 Mon Sep 17 00:00:00 2001 From: Damian Hopa Date: Tue, 1 Feb 2022 15:11:10 +0100 Subject: [PATCH 3/4] Trigger action --- dnsapi/dns_sdns.sh | 139 ++++++++++++++++++++++----------------------- 1 file changed, 67 insertions(+), 72 deletions(-) diff --git a/dnsapi/dns_sdns.sh b/dnsapi/dns_sdns.sh index 4f1f31ff..1e63b0c1 100644 --- a/dnsapi/dns_sdns.sh +++ b/dnsapi/dns_sdns.sh @@ -5,86 +5,83 @@ SDNS_API_URL="https://robot.s-dns.de:8488/" - # export SDNS_ZONE_KEY=your_zone_key ######## Public functions ##################### # Adds a txt record with the specified value. Does not remove an existing record # Usage: dns_sdns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_sdns_add () -{ - fulldomain=$1; - txtvalue=$2; - _debug2 "dns_sdns_add() entered"; - SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}"; +dns_sdns_add() { + fulldomain=$1 + txtvalue=$2 + _debug2 "dns_sdns_add() entered" + SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}" if [ -z "$SDNS_ZONE_KEY" ]; then - SDNS_ZONE_KEY=""; - _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)"; - return 1; - fi; - _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY"; - _debug "First detect the root zone"; + SDNS_ZONE_KEY="" + _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)" + return 1 + fi + _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY" + _debug "First detect the root zone" if ! _get_root "$fulldomain"; then - _err "invalid domain"; - return 1; - fi; - _debug _sub_domain "$_sub_domain"; - _debug _domain "$_domain"; + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" _payload=" -"; - _debug2 "$_payload"; - response=$(_post "$_payload" "$SDNS_API_URL"); - _debug2 "$response"; +" + _debug2 "$_payload" + response=$(_post "$_payload" "$SDNS_API_URL") + _debug2 "$response" if _contains "$response" "status=\"OK\""; then - _debug "The TXT record has been added."; - return 0; + _debug "The TXT record has been added." + return 0 else - _err "The attempt to add the TXT record has failed."; - return 1; + _err "The attempt to add the TXT record has failed." + return 1 fi } # Removes a txt record with the specified value. This function does not remove resource records with the same name but a different values. # Usage: dns_sdns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_sdns_rm () -{ - fulldomain=$1; - txtvalue=$2; - _debug2 "dns_sdns_rm() entered"; - SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}"; +dns_sdns_rm() { + fulldomain=$1 + txtvalue=$2 + _debug2 "dns_sdns_rm() entered" + SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}" if [ -z "$SDNS_ZONE_KEY" ]; then - SDNS_ZONE_KEY=""; - _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)"; - return 1; - fi; - _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY"; - _debug "First detect the root zone"; + SDNS_ZONE_KEY="" + _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)" + return 1 + fi + _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY" + _debug "First detect the root zone" if ! _get_root "$fulldomain"; then - _err "invalid domain"; - return 1; - fi; - _debug _sub_domain "$_sub_domain"; - _debug _domain "$_domain"; + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" _payload=" -"; - _debug $_payload; - response=$(_post "$_payload" "$SDNS_API_URL"); - _debug $response; +" + _debug "$_payload" + response=$(_post "$_payload" "$SDNS_API_URL") + _debug "$response" if _contains "$response" "status=\"OK\""; then - _debug "The TXT record has been deleted."; - return 0; + _debug "The TXT record has been deleted." + return 0 else - _err "The attempt to delete the TXT record has failed."; - return 1; + _err "The attempt to delete the TXT record has failed." + return 1 fi } @@ -94,33 +91,31 @@ dns_sdns_rm () #returns # _sub_domain=_acme-challenge.www # _domain=domain.com -_get_root () -{ - fulldomain=$1; - _debug2 "_get_root() entered"; - SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}"; +_get_root() { + fulldomain=$1 + _debug2 "_get_root() entered" + SDNS_ZONE_KEY="${SDNS_ZONE_KEY:-$(_readaccountconf_mutable SDNS_ZONE_KEY)}" if [ -z "$SDNS_ZONE_KEY" ]; then - SDNS_ZONE_KEY=""; - _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)"; - return 1; - fi; - _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY"; + SDNS_ZONE_KEY="" + _err "You didn't specify your zone key yet. (export SDNS_ZONE_KEY=yourkey)" + return 1 + fi + _saveaccountconf_mutable SDNS_ZONE_KEY "$SDNS_ZONE_KEY" _payload=" $fulldomain -"; - _debug2 "$_payload"; - response=$(_post "$_payload" "$SDNS_API_URL"); - _debug2 "$response"; +" + _debug2 "$_payload" + response=$(_post "$_payload" "$SDNS_API_URL") + _debug2 "$response" if _contains "$response" "status=\"found\""; then - _debug "root domain is found"; + _debug "root domain is found" - _domain=$(printf "%s\n" "$response" | _egrep_o "(.*)" | cut -d ">" -f 2 | cut -d "<" -f 1); - _sub_domain=$(printf "%s\n" "$response" | _egrep_o "(.*)" | cut -d ">" -f 2 | cut -d "<" -f 1); + _domain=$(printf "%s\n" "$response" | _egrep_o "(.*)" | cut -d ">" -f 2 | cut -d "<" -f 1) + _sub_domain=$(printf "%s\n" "$response" | _egrep_o "(.*)" | cut -d ">" -f 2 | cut -d "<" -f 1) - _debug _domain "$_domain"; - _debug _sub_domain "$_sub_domain"; - return 0; + _debug _domain "$_domain" + _debug _sub_domain "$_sub_domain" + return 0 fi } - From 2ed425d85ead7205cf3b447b438c453b78705c9c Mon Sep 17 00:00:00 2001 From: Damian Hopa Date: Wed, 12 Mar 2025 16:40:07 +0100 Subject: [PATCH 4/4] Update documentation in dns_sdns.sh for clarity Clarified usage instructions for obtaining wildcard certificates with the s-dns system. Added steps for setting up the dynamic DNS password and configuring the SDNS_ZONE_KEY variable. --- dnsapi/dns_sdns.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_sdns.sh b/dnsapi/dns_sdns.sh index 1e63b0c1..581d3a3d 100644 --- a/dnsapi/dns_sdns.sh +++ b/dnsapi/dns_sdns.sh @@ -1,12 +1,19 @@ #!/usr/bin/env sh -# Usage to order a * certificate -# ./acme.sh --issue -d '*.www.domain.com' --dns dns_sdns --server letsencrypt --dnssleep 240 +# s-dns is the Domain Name Registration System of Kyberio GmbH, former Hostway Deutschland GmbH -SDNS_API_URL="https://robot.s-dns.de:8488/" +# Steps to order a * certificate: +# First log in into the domain robot, enable the dynamic DNS password for your zone and click save. +# Copy the password and set the SDNS_ZONE_KEY variable with # export SDNS_ZONE_KEY=your_zone_key +# +# ./acme.sh --issue -d '*.www.domain.com' --dns dns_sdns --server letsencrypt --dnssleep 240 + +SDNS_API_URL="https://robot.s-dns.de:8488/" + + ######## Public functions ##################### # Adds a txt record with the specified value. Does not remove an existing record