diff --git a/letsencrypt/Demo/SingleNode/README.md b/letsencrypt/Demo/SingleNode/README.md index 5af0c9f..e5bbacc 100644 --- a/letsencrypt/Demo/SingleNode/README.md +++ b/letsencrypt/Demo/SingleNode/README.md @@ -14,17 +14,18 @@ - 调用腾讯云接口设置/更新 TXT 解析记录 ``` cp tencent-api.sh letsencrypt-wildcard/etc/manual-hook.sh - # 修改脚本,替换成自己的阿里云 access key 信息 - #ACCESS_KEY_ID='aliyun access key id' - #ACCESS_KEY_SECRET='aliyun access key secret' + # 修改脚本,替换成自己的腾讯云 secret 信息 + #export TENCENTCLOUD_SECRET_ID='tencent secret id' + #export TENCENTCLOUD_SECRET_KEY='tencent secret key' ``` - 调用阿里云接口设置/更新 TXT 解析记录 ``` cp aliyun-api.sh letsencrypt-wildcard/etc/manual-hook.sh - # 修改脚本,替换成自己的腾讯云 secret 信息 - #SECRET_ID='tencent secret id' - #SECRET_KEY='tencent secret key' + # 修改脚本,替换成自己的阿里云的 region 和 access key 信息 + #REGION=cn-beijing + #ACCESS_KEY_ID='aliyun access key id' + #ACCESS_KEY_SECRET='aliyun access key secret' ``` - 手动启动,等待容器停止后,证书申请完成 diff --git a/letsencrypt/Demo/SingleNode/aliyun-api.sh b/letsencrypt/Demo/SingleNode/aliyun-api.sh index ee6cb27..fb281cf 100755 --- a/letsencrypt/Demo/SingleNode/aliyun-api.sh +++ b/letsencrypt/Demo/SingleNode/aliyun-api.sh @@ -1,20 +1,21 @@ #!/bin/bash #========================================= # Author : Colben -# Create : 2022-04-11 19:48 +# Create : 2025-11-06 15:43 #========================================= set -euo pipefail export LANG=en_US.UTF-8 trap Quit EXIT +REGION=cn-beijing ACCESS_KEY_ID='aliyun access key id' ACCESS_KEY_SECRET='aliyun access key secret' DOMAIN=$CERTBOT_DOMAIN SUB_DOMAIN=_acme-challenge RECORD_ID= RECORD_VA=$CERTBOT_VALIDATION -PID_FILE=/tmp/$(basename ${0%.sh}).pid +RECORD="txt record: $SUB_DOMAIN.$DOMAIN" if [ -t 0 ]; then function Print { echo -e "\033[32;1m$(date +'[%F %T]') $*\033[0m"; } @@ -35,118 +36,69 @@ function Quit { sleep 30 } -function GetSignature { - local uriEncoded="GET&%2F&$(echo "$1" | sed -e 's/=/%3D/g' -e 's/:/%253A/g' -e 's/&/%26/g')" - local sha1Str=$(echo -n "$uriEncoded" | openssl dgst -sha1 -hmac "$ACCESS_KEY_SECRET&" -binary) - echo -n "$sha1Str" | base64 | sed -e 's/=/%3D/g' -e 's/+/%2B/g' -e 's,/,%2F,g' +function SetAK { + Warn Setting AK with regin: $REGION ... + aliyun configure set \ + --mode AK \ + --access-key-id $ACCESS_KEY_ID \ + --access-key-secret $ACCESS_KEY_SECRET \ + --region $REGION } -function ListRecord { - Warn Get request uri ... - local sign= +function GetTxtRecord { local resp= - local uri="AccessKeyId=$ACCESS_KEY_ID" - uri="${uri}&Action=DescribeDomainRecords" - uri="${uri}&DomainName=$DOMAIN" - uri="${uri}&Format=JSON" - uri="${uri}&KeyWord=$SUB_DOMAIN" - uri="${uri}&SearchMode=EXACT" - uri="${uri}&SignatureMethod=HMAC-SHA1" - uri="${uri}&SignatureNonce=$RANDOM" - uri="${uri}&SignatureVersion=1.0" - uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')" - uri="${uri}&Type=TXT" - uri="${uri}&Version=2015-01-09" - sign=$(GetSignature "$uri") - Warn List record ... - resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .) - RECORD_ID=$(echo $resp | jq -crM .DomainRecords.Record[].RecordId) - [ 'null' == "$RECORD_ID" ] && echo "$resp" && exit 1 - return 0 + Warn Getting $RECORD ... + if resp=$(aliyun alidns DescribeSubDomainRecords \ + --SubDomain $SUB_DOMAIN.$DOMAIN \ + --Type TXT); then + [ '1' != "$(jq -rM .TotalCount)" ] && warn Not found $RECORD! && return 0 + RECORD_ID=$(echo $resp | jq -rM .DomainRecords.Record[0].RecordId) + else + echo "$resp" + Error Failed to get $RECORD! + fi } -function CreateRecord { - Warn Get request uri ... - local sign= - local resp= - local uri="AccessKeyId=$ACCESS_KEY_ID" - uri="${uri}&Action=AddDomainRecord" - uri="${uri}&DomainName=$DOMAIN" - uri="${uri}&Format=JSON" - uri="${uri}&RR=$SUB_DOMAIN" - uri="${uri}&SignatureMethod=HMAC-SHA1" - uri="${uri}&SignatureNonce=$RANDOM" - uri="${uri}&SignatureVersion=1.0" - uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')" - uri="${uri}&Type=TXT" - uri="${uri}&Value=$RECORD_VA" - uri="${uri}&Version=2015-01-09" - sign=$(GetSignature "$uri") - Warn Create sub_domain: $SUB_DOMAIN with value: $RECORD_VA ... - resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .) - [ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1 - return 0 +function CreateTxtRecord { + Warn Creating $RECORD ... + aliyun alidns AddDomainRecord \ + --DomainName $DOMAIN \ + --RR $SUB_DOMAIN \ + --Type TXT \ + --Value $RECORD_VA \ + && Print Succeeded to create $RECORD. \ + && return 0 + Error Failed to create $RECORD! } function ModifyRecord { - Warn Get request uri ... - local sign= - local resp= - local uri="AccessKeyId=$ACCESS_KEY_ID" - uri="${uri}&Action=UpdateDomainRecord" - uri="${uri}&DomainName=$DOMAIN" - uri="${uri}&Format=JSON" - uri="${uri}&RR=$SUB_DOMAIN" - uri="${uri}&RecordId=$RECORD_ID" - uri="${uri}&SignatureMethod=HMAC-SHA1" - uri="${uri}&SignatureNonce=$RANDOM" - uri="${uri}&SignatureVersion=1.0" - uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')" - uri="${uri}&Type=TXT" - uri="${uri}&Value=$RECORD_VA" - uri="${uri}&Version=2015-01-09" - sign=$(GetSignature "$uri") - Warn Modify record: $RECORD_ID with value: $RECORD_VA ... - resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .) - [ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1 - return 0 + Warn Modifying $RECORD ... + aliyun alidns UpdateDomainRecord \ + --RecordId $RECORD_ID \ + --RR $SUB_DOMAIN \ + --Type TXT \ + --Value $RECORD_VA \ + && Print Succeeded to modify $RECORD. \ + && return 0 + Error Failed to modify $RECORD! } function DeleteRecord { - Warn Get request uri ... - local sign= - local resp= - local uri="AccessKeyId=$ACCESS_KEY_ID" - uri="${uri}&Action=DeleteDomainRecord" - uri="${uri}&DomainName=$DOMAIN" - uri="${uri}&Format=JSON" - uri="${uri}&RecordId=$RECORD_ID" - uri="${uri}&SignatureMethod=HMAC-SHA1" - uri="${uri}&SignatureNonce=$RANDOM" - uri="${uri}&SignatureVersion=1.0" - uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')" - uri="${uri}&Version=2015-01-09" - sign=$(GetSignature "$uri") - Warn Delete record $RECORD_ID ... - resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .) - [ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1 - return 0 + Warn Deleting $RECORD ... + aliyun alidns DeleteDomainRecord \ + --RecordId $RECORD_ID \ + && Print Succeeded to delete $RECORD. \ + && return 0 + Error Failed to delete $RECORD! } function Main { - [ -e "$PID_FILE" ] && Error Pid file $PID_FILE already exists, quit! - echo $$ > $PID_FILE - for _ in {1..5}; do - ListRecord || continue - if [ -z "$RECORD_ID" ]; then - CreateRecord || continue - else - ModifyRecord || continue - fi - END=1 - return 0 - done - return 1 + trap Quit EXIT + SetAK + GetTxtRecord + [ -z "$RECORD_ID" ] && CreateTxtRecord + [ -z "$RECORD_ID" ] || ModifyTxtRecord + END=1 } # Start here diff --git a/letsencrypt/Demo/SingleNode/tencent-api.sh b/letsencrypt/Demo/SingleNode/tencent-api.sh index 9d8a24b..469deab 100755 --- a/letsencrypt/Demo/SingleNode/tencent-api.sh +++ b/letsencrypt/Demo/SingleNode/tencent-api.sh @@ -14,18 +14,17 @@ DOMAIN=$CERTBOT_DOMAIN SUB_DOMAIN=_acme-challenge RECORD_ID= RECORD_VA=$CERTBOT_VALIDATION +RECORD="txt record: $SUB_DOMAIN.$DOMAIN" if [ -t 0 ]; then function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; } function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; } function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; } - function ErrorOnly { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; } else #exec &> /var/log/$(basename ${0%.sh}).out function Print { echo -e "$(date +'[%F %T INFO]') $*"; } function Warn { echo -e "$(date +'[%F %T WARN]') $*"; } function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; } - function ErrorOnly { echo -e "$(date +'[%F %T ERROR]') $*"; } fi function Quit { @@ -37,60 +36,53 @@ function Quit { } function GetTxtRecord { - local record="txt record: $SUB_DOMAIN.$DOMAIN" - local err= local resp= - Warn Getting $record ... - resp=$(tccli dnspod DescribeRecordList \ + Warn Getting $RECORD ... + if resp=$(tccli dnspod DescribeRecordList \ --Domain $DOMAIN \ --Subdomain $SUB_DOMAIN \ - --RecordType TXT) || err=$? - [ '255' == "$err" ] \ - && Warn Not found $record! \ - && return 0 - [ -n "$err" ] \ - && echo "$resp" \ - && ErrorOnly Failed to get $record! \ - && return $err - RECORD_ID=$(echo $resp | jq -rM ".RecordList[0].RecordId") + --RecordType TXT); then + RECORD_ID=$(echo $resp | jq -rM ".RecordList[0].RecordId") + else + [ '255' == "$?" ] && Warn Not found $RECORD! && return 0 + echo "$resp" + Error Failed to get $RECORD! + fi } function CreateTxtRecord { - local record="txt record: $SUB_DOMAIN.$DOMAIN" - Warn Creating $record ... + Warn Creating $RECORD ... tccli dnspod CreateTXTRecord \ --Domain $DOMAIN \ --SubDomain $SUB_DOMAIN \ --RecordLine '默认' \ --Value $RECORD_VA \ - && Print Succeeded to create $record. \ + && Print Succeeded to create $RECORD. \ && return 0 - ErrorOnly Failed to create $record! + Error Failed to create $RECORD! } function ModifyTxtRecord { - local record="txt record: $SUB_DOMAIN.$DOMAIN" - Warn Modifying $record ... + Warn Modifying $RECORD ... tccli dnspod ModifyTXTRecord \ --Domain $DOMAIN \ --SubDomain $SUB_DOMAIN \ --RecordId $RECORD_ID \ --RecordLine '默认' \ --Value $RECORD_VA \ - && Print Succeeded to modify $record. \ + && Print Succeeded to modify $RECORD. \ && return 0 - ErrorOnly Failed to modify $record! + Error Failed to modify $RECORD! } function DeleteRecord { - local record="record: $SUB_DOMAIN.$DOMAIN" - Warn Deleting $record ... + Warn Deleting $RECORD ... tccli dnspod DeleteRecord \ --Domain $DOMAIN \ --RecordId $RECORD_ID \ - && Print Succeeded to delete $record. \ + && Print Succeeded to delete $RECORD. \ && return 0 - ErrorOnly Failed to delete $record! + Error Failed to delete $RECORD! } function Main { @@ -99,7 +91,6 @@ function Main { [ -z "$RECORD_ID" ] && CreateTxtRecord [ -z "$RECORD_ID" ] || ModifyTxtRecord END=1 - return 0 } # Start here