bryan/acme-namecheap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: bryan:25985327612e67341e7ac740fd75d913b619aadf
Branches Tags
bryan:master
..
compare: bryan:master
Branches Tags
bryan:master

8 Commits
2598532761 ... master

Author SHA1 Message Date
bryan
b8c904bbf3 Refactor issue certs 2020-08-02 00:38:56 -04:00
bryan
7348048ddd Remove redundant info 2020-08-01 22:30:19 -04:00
bryan
35c706eceb Update e-mail function 2020-08-01 22:29:42 -04:00
bryan
a51c60370e Update README 2020-08-01 21:44:36 -04:00
bryan
e92c6c2fef Add interactive dns 2020-08-01 21:40:01 -04:00
bryan
b93f43f6fe Add plugin req 2020-08-01 20:52:33 -04:00
bryan
28e61360ae Update README 2020-08-01 20:47:10 -04:00
bryan
6e0b7cfd62 Fix derp 2020-08-01 20:46:00 -04:00
2 changed files with 89 additions and 77 deletions
Expand all files Collapse all files

6
README.md
View File

@@ -34,15 +34,15 @@ cPanel:
## Usage ## Usage
### `./acme-cpanel.sh [OPTIONS] [FILES...]` #### `./acme-cpanel.sh [OPTIONS] [FILES...]`
#### Options #### Options
```text ```text
--method, -m webroot,dns --method, -m dns,webroot
Choose the authentication method (default: dns) Choose the authentication method (default: dns)
--email, -e EMAIL --email, -e EMAIL
E-mail not be notified of certificate renewal failures E-mail to be notified of certificate renewal failures
--group-by-file, -g --group-by-file, -g
Issue multidomain certificates for all domains with the same webroot, grouped by input file Issue multidomain certificates for all domains with the same webroot, grouped by input file
The first domain in each file will be used to determine the shared webroot The first domain in each file will be used to determine the shared webroot

134
acme-cpanel.sh
View File

@@ -5,29 +5,13 @@
# See README.md for more details # See README.md for more details
# #
# Copyright 2020 Bryan Roessler <bryanroessler@gmail.com> # Copyright 2020 Bryan Roessler <bryanroessler@gmail.com>
#
# USAGE
# ./acme-cpanel.sh [OPTIONS] [FILES...]
#
# EXAMPLES
# TESTING: ./acme-cpanel-webroot.sh --debug -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website
# PRODUCTION: ./acme-cpanel-webroot.sh --force -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website
#
# TESTING: ./acme-cpanel-webroot.sh --debug -s multisites
# PRODUCTION: ./acme-cpanel-webroot.sh --force -s multisites
#
# FILES is a list of files containing first-level DOMAIN names (see domains.txt) on newlines
# Certificates will automatically be issued and deployed for DOMAIN and www.DOMAIN using the webroot method
#
# NOTE: The webroot method does NOT support wildcard domains, Let's Encrypt requires wildcard domains to
# use DNS challenges, which the CPANEL uapi does not support (use dns_cpaneldns plugin instead)
source functions.sh
unset SITES_DIR USEREMAIL DOMAIN_FILES DOMAIN_GROUPS DEPLOY_CMD_PREFIX ISSUE_CMD_PREFIX DEBUG GROUP unset SITES_DIR USEREMAIL DOMAIN_FILES DOMAIN_GROUPS DEPLOY_CMD_PREFIX ISSUE_CMD_PREFIX DEBUG GROUP
DEBUG="true" # quote this line to stop DEBUG mode and issue certificates for real, or use --force in user options DEBUG="true" # quote this line to stop DEBUG mode and issue certificates for real, or use --force in user options
METHOD="dns" # set the default method METHOD="dns" # set the default method
CONF="$HOME/.acme.sh/account.conf"
ACME_SH="$HOME/.acme.sh/acme.sh"
parse_input() { parse_input() {
@@ -43,10 +27,6 @@ parse_input() {
shift shift
METHOD="${1,,}" METHOD="${1,,}"
;; ;;
--email|-e)
shift
USEREMAIL="$1"
;;
--force|-f) --force|-f)
unset DEBUG unset DEBUG
;; ;;
@@ -88,22 +68,52 @@ parse_input() {
} }
get_acme() { interactive_dns() {
curl https://get.acme.sh | sh if [[ -f "$CONF" ]] && grep -q "CPANELDNS_AUTH_PASSWORD" "$CONF"; then
source "$HOME/.bashrc" echo "cPanel credentials already present, skipping configuration..."
"$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade echo "To rerun the configuration, first run 'rm $CONF'"
else
read -rp 'Enter your cPanel username: ' CPANELDNS_AUTH_ID
echo
export CPANELDNS_AUTH_ID
read -rp 'Enter your cPanel password: ' CPANELDNS_AUTH_PASSWORD
echo
export CPANELDNS_AUTH_PASSWORD
read -rp 'Enter your cPanel address and port number (example: "https://www.example.com:2083/"): ' CPANELDNS_API
echo
export CPANELDNS_API
fi
} }
update_email() { [[ -v USEREMAIL ]] && "$HOME/.acme.sh/acme.sh" --update-account --accountemail "${USEREMAIL}"; } get_acme() {
curl https://get.acme.sh | sh
# shellcheck disable=SC1090
source "$HOME/.bashrc"
"$ACME_SH" --upgrade --auto-upgrade
[[ "$METHOD" == "dns" ]] && \
curl -o "$HOME/.acme.sh/dnsapi/dns_cpaneldns.sh" https://raw.githubusercontent.com/cryobry/dns_cpaneldns/master/dns_cpaneldns.sh
}
update_email() {
if [[ ! -v USEREMAIL ]]; then
if [[ -f "$CONF" ]] && line=$(grep -q "ACCOUNT_EMAIL" "$CONF"); then
echo "Reusing existing contact e-mail: ${line#ACCOUNT_EMAIL=}"
return 0
fi
read -rp 'Enter your contact e-mail (in case of renewal failures): ' USEREMAIL
fi
"$ACME_SH" --update-account --accountemail "${USEREMAIL}"
}
command_prefixes() { command_prefixes() {
declare -ag ISSUE_CMD_PREFIX DEPLOY_CMD_PREFIX declare -ag ISSUE_CMD_PREFIX DEPLOY_CMD_PREFIX
ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue") ISSUE_CMD_PREFIX=("$ACME_SH" "--issue")
[[ "$METHOD" == "dns" ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--dns" "dns_cpaneldns") [[ "$METHOD" == "dns" ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--dns" "dns_cpaneldns")
[[ -v DEBUG ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--staging") || ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--force") [[ -v DEBUG ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--staging") || ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--force")
DEPLOY_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi") DEPLOY_CMD_PREFIX=("$ACME_SH" "--deploy" "--deploy-hook" "cpanel_uapi")
} }
@@ -145,48 +155,49 @@ load_domains() {
issue_and_deploy_certs() { issue_and_deploy_certs() {
local domain_root domain domain_group local group_root domain_root domain domain_group
local -a issue_cmd=()
local -a deploy_cmd=()
if [[ -v GROUP ]]; then
for domain_group in "${DOMAIN_GROUPS[@]}"; do for domain_group in "${DOMAIN_GROUPS[@]}"; do
unset i local -a issue_cmd=("${ISSUE_CMD_PREFIX[@]}")
local -a deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}")
local i="set"
# Issue certificates
for domain in $domain_group; do # we want to split on whitespace for domain in $domain_group; do # we want to split on whitespace
[[ "$domain" == "" ]] && continue [[ "$domain" == "" ]] && continue
# Get the webroot from the first domain if [[ -v GROUP ]]; then
if [[ ! -v i ]]; then if [[ "$METHOD" == "webroot" && -v i ]]; then
local i="set" group_root=$(get_webroot "$domain")
domain_root=$(get_webroot "$domain") issue_cmd+=("-w" "$group_root")
issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-w" "$domain_root") unset i
fi fi
# Append domains to issue command that we will call after the loop
issue_cmd+=("-d" "$domain" "-d" "www.$domain") issue_cmd+=("-d" "$domain" "-d" "www.$domain")
done # Issue certificate for single domain
# Issue certificate for entire domain group
echo "Running:" "${issue_cmd[@]}"
if ! "${issue_cmd[@]}"; then
echo "Failed to issue certificate"
# Deploy certificates one by one
for domain in $domain_group; do
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain")
echo "Running:" "${deploy_cmd[@]}"
"${deploy_cmd[@]}"
done
done
else else
for domain_group in "${DOMAIN_GROUPS[@]}"; do local -a issue_cmd=("${ISSUE_CMD_PREFIX[@]}")
# Issue and deploy certificates one by one domain_root=$(get_webroot "$domain")
for domain in $domain_group; do # we want to split on whitespace issue_cmd+=("-d" "$domain" "-d" "www.$domain")
issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-d" "$domain" "-d" "www.$domain") [[ "$METHOD" == "webroot" ]] && issue_cmd+=("-w" "$domain_root")
[[ "$METHOD" == "webroot" ]] && domain_root=$(get_webroot "$domain") && issue_cmd=("${issue_cmd[@]}" "-w" "$domain_root")
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains
[[ "$METHOD" == "webroot" ]] && deploy_cmd=("${deploy_cmd[@]}" "-w" "$domain_root")
echo "Running:" "${issue_cmd[@]}" echo "Running:" "${issue_cmd[@]}"
if ! "${issue_cmd[@]}"; then if ! "${issue_cmd[@]}"; then
echo "Failed to issue certificate for $domain" echo "Failed to issue certificate for domain: $domain"
err=1 err=1
fi fi
fi
done
# Issue certificate for group of domains
if [[ -v GROUP ]]; then
echo "Running:" "${issue_cmd[@]}"
if ! "${issue_cmd[@]}"; then
echo "Failed to issue certificate for domain group: $domain_group"
err=1
fi
fi
# Deploy certificates one domain at a time
for domain in $domain_group; do
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains (e.g. www.)
echo "Running:" "${deploy_cmd[@]}" echo "Running:" "${deploy_cmd[@]}"
if ! "${deploy_cmd[@]}"; then if ! "${deploy_cmd[@]}"; then
echo "Failed to deploy certificate for $domain" echo "Failed to deploy certificate for $domain"
@@ -194,7 +205,6 @@ issue_and_deploy_certs() {
fi fi
done done
done done
fi
} }
@@ -204,6 +214,8 @@ main() {
update_email update_email
command_prefixes command_prefixes
load_domains load_domains
[[ "$METHOD" == "dns" ]] && interactive_dns
sanity_check
issue_and_deploy_certs issue_and_deploy_certs
} }