15308555518/ certbot-letencrypt-wildcardcertificates-alydns-au
1
0
Fork 0
mirror of https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au.git synced 2025-12-25 20:32:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

f5

This commit is contained in:
ywdblog 2019-03-23 19:50:30 +08:00
parent 1d282ce158
commit add908cce7
4 changed files with 737 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
au2.sh
View File

@ -1,12 +1,12 @@
#!/bin/bash
#ywdblog@gmail.com 欢迎关注我的书
#填写腾讯云的AccessKey ID及AccessKey Secret
#如何申请见https://help.aliyun.com/knowledge_detail/38738.html
ALY_KEY="LTAIkLV6coSSKklZ"
ALY_TOKEN="YEGDVHQV4oBC6AGQM9BWaHStUtNE5M"
#填写腾讯云的SecretId及SecretKey
#如何申请见https://console.cloud.tencent.com/cam/capi
TXY_KEY="AKIDwlPr7DUpLgpZBb4tlT0MWUHtIVXOJwxm"
@ -19,53 +19,63 @@ GODADDY_TOKEN=""
PATH=$(cd `dirname $0`; pwd)
# 命令行参数
# 第一个参数:使用什么语言环境
# 第二个参数:使用那个 DNS 的 API
# 第三个参数action or clean
plang=$1 #python or php
pdns=$2
paction=$3 #add or clean
#PHP 命令行路径,如果有需要可以修改
phpcmd="/usr/bin/php"
#Python 命令行路径,如果有需要可以修改
pythoncmd="/usr/bin/python"
#内部变量
cmd=""
key=""
token=""
if [[ "paction" != "clean" ]]; then
if [[ "$paction" != "clean" ]]; then
paction="add"
fi
#
#
# 第三个参数:需要为那个域名设置 DNS 记录
# 第四个参数:需要为具体那个 RR 设置
# 第五个参数: letsencrypt 动态传递的 RR 值
case $plang in
"php")
cmd=$phpcmd
if [[ "$pdns" == "aly" ]]; then
dnsapi="php-version/alydns.php"
dnsapi=$PATH"/php-version/alydns.php"
key=$ALY_KEY
token=$ALY_TOKEN
elif [[ "$pdns" == "txy" ]] ;then
dnsapi="php-version/txydns.php"
dnsapi="$path/php-version/txydns.php"
key=$TXY_KEY
token=$TXY_TOKEN
else
dnsapi="php-version/godaddydns.php"
dnsapi="$PATH/php-version/godaddydns.php"
key=$GODADDY_KEY
token=$GODADDY_TOKEN
fi
;;
"python")
cmd=$ythoncmd
cmd=$pythoncmd
if [[ "$pdns" == "aly" ]]; then
dnsapi="python-version/alydns.py"
dnsapi=$PATH"/python-version/alydns.py"
key=$ALY_KEY
token=$ALY_TOKEN
elif [[ "$pdns" == "txy" ]] ;then
key=$TXY_KEY
token=$TXY_TOKEN
echo "目前不支持python版本的非阿里云DNS处理"
exit
else
key=$GODADDY_KEY
token=$GODADDY_TOKEN
echo "目前不支持python版本的非阿里云DNS处理"
exit
fi
@ -73,12 +83,11 @@ case $plang in
esac
$cmd $dnsapi $paction $CERTBOT_DOMAIN "_acme-challenge" $CERTBOT_VALIDATION >"/var/log/certd.log"
$cmd $dnsapi $paction $CERTBOT_DOMAIN "_acme-challenge" $CERTBOT_VALIDATION $key $token >>"/var/log/certd.log"
if [[ "$paction" == "add" ]]; then
# DNS TXT 记录刷新时间
/bin/sleep 10
fi

266
php-version/alydns.php Normal file
View File

@ -0,0 +1,266 @@
<?php
date_default_timezone_set("GMT");
/*
$obj = new AliDns("LTAIkLV6coSSKklZ", "YEGDVHQV4oBC6AGQM9BWaHStUtNE5M", "simplehttps.com1");
$data = $obj->DescribeDomainRecords();
if ($data["httpcode"]!=200) {
echo "aly dns 域名获取失败-" . $data["Code"] . ":" . $data["Message"];
}
//显示所有
//$data = $obj->DescribeDomainRecords();
//增加解析
//$data= $obj->AddDomainRecord("TXT", "test", "test");
//修改解析
//$data = $obj->UpdateDomainRecord("3965724468724736","TXT", "test", "test2");
//删除解析
//$data = $obj->DescribeDomainRecords();
//$data = $data["DomainRecords"]["Record"];
//if (is_array($data)) {
//foreach ($data as $v) {
//if ($v["RR"] == "test") {
//$obj->DeleteDomainRecord($v["RecordId"]);
//}
//}
//}
*/
/*
example:
php alydns.php add "simplehttps.com" "dnsv" "dnsk" APPKEY APPTOKEN
*/
########## 配合 cerbot 运行
# 第一个参数是 action代表 (add/clean)
# 第二个参数是域名
# 第三个参数是主机名(第三个参数+第二个参数组合起来就是要添加的 TXT 记录)
# 第四个参数是 TXT 记录值
# 第五个参数是 APPKEY
# 第六个参数是 APPTOKEN
echo "域名 API 调用开始\n" ;
print_r($argv);
if (count($argv)<7) {
echo "参数有误\n";
exit;
}
echo $argv[1] . "-" . $argv[2] . "-" . $argv[3] . "-" . $argv[4] . "-" . $argv[5] . "-" . $argv[6] . "\n";
$domainarray = AliDns::getDomain($argv[2]);
$selfdomain = ($domainarray[0]=="")?$argv[3]:$argv[3] . "." . $domainarray[0];
$obj = new AliDns($argv[5], $argv[6], $domainarray[1]);
switch ($argv[1]) {
case "clean":
$data = $obj->DescribeDomainRecords();
$data = $data["DomainRecords"]["Record"];
if (is_array($data)) {
foreach ($data as $v) {
if ($v["RR"] == $selfdomain) {
$data = $obj->DeleteDomainRecord($v["RecordId"]);
if ($data["httpcode"]!=200) {
echo "aly dns 域名删除失败-" . $data["Code"] . ":" . $data["Message"];
exit;
}
}
}
}
break;
case "add":
$data = $obj->AddDomainRecord("TXT", $selfdomain,$argv[4]);
if ($data["httpcode"]!=200) {
echo "aly dns 域名增加失败-" . $data["Code"] . ":" . $data["Message"];
exit;
}
break;
}
echo "域名 API 调用结束\n" ;
############ Class 定义
class AliDns {
private $accessKeyId = null;
private $accessSecrec = null;
private $DomainName = null;
public function __construct($accessKeyId, $accessSecrec, $domain) {
$this->accessKeyId = $accessKeyId;
$this->accessSecrec = $accessSecrec;
$this->DomainName = $domain;
}
/*
根据域名返回主机名和二级域名
*/
public static function getDomain($domain) {
//https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains
//常见根域名
$arr[]=".co.jp";
$arr[]=".com.tw";
$arr[]=".net";
$arr[]=".com";
$arr[]=".com.cn";
$arr[]=".org";
$arr[]=".cn";
$arr[]=".gov";
$arr[]=".net.cn";
$arr[]=".io";
$arr[]=".top";
$arr[]=".me";
$arr[]=".int";
$arr[]=".edu";
$arr[]=".link";
$arr[]=".uk";
$arr[]=".hk";
//二级域名
$seconddomain ="";
//子域名
$selfdomain = "";
//根域名
$rootdomain = "";
foreach ($arr as $k=>$v) {
$pos = stripos($domain,$v);
if ($pos) {
$rootdomain = substr($domain,$pos);
$s = explode(".",substr($domain,0,$pos));
$seconddomain = $s[count($s)-1] . $rootdomain;
for ($i=0;$i<count($s)-1;$i++)
$selfdomain .= $s[$i];
break;
}
}
//echo $seconddomain ;exit;
if ($rootdomain=="") {
$seconddomain = $domain;
$selfdomain = "";
}
return array($selfdomain,$seconddomain);
}
public function DescribeDomainRecords() {
$requestParams = array(
"Action" => "DescribeDomainRecords"
);
$val = $this->send($requestParams);
return $this->out($val);
}
public function UpdateDomainRecord($id, $type, $rr,$value){
$requestParams = array(
"Action" => "UpdateDomainRecord",
"RecordId" => $id,
"RR" => $rr,
"Type" => $type,
"Value" => $value,
);
$val = $this->send($requestParams);
return $this->out($val);
}
public function DeleteDomainRecord($id) {
$requestParams = array(
"Action" => "DeleteDomainRecord",
"RecordId" => $id,
);
$val = $this->send($requestParams);
return $this->out($val);
}
public function AddDomainRecord($type, $rr, $value) {
$requestParams = array(
"Action" => "AddDomainRecord",
"RR" => $rr,
"Type" => $type,
"Value" => $value,
);
$val = $this->send($requestParams);
return $this->out($val);
}
private function send($requestParams) {
$publicParams = array(
"DomainName" => $this->DomainName,
"Format" => "JSON",
"Version" => "2015-01-09",
"AccessKeyId" => $this->accessKeyId,
"Timestamp" => date("Y-m-d\TH:i:s\Z"),
"SignatureMethod" => "HMAC-SHA1",
"SignatureVersion" => "1.0",
"SignatureNonce" => substr(md5(rand(1, 99999999)), rand(1, 9), 14),
);
$params = array_merge($publicParams, $requestParams);
$params['Signature'] = $this->sign($params, $this->accessSecrec);
$uri = http_build_query($params);
$url = 'http://alidns.aliyuncs.com/?'.$uri;
return $this->curl($url);
}
private function sign($params, $accessSecrec, $method = "GET") {
ksort($params);
$stringToSign = strtoupper($method).'&'.$this->percentEncode('/').'&';
$tmp = "";
foreach($params as $key => $val){
$tmp .= '&'.$this->percentEncode($key).'='.$this->percentEncode($val);
}
$tmp = trim($tmp, '&');
$stringToSign = $stringToSign.$this->percentEncode($tmp);
$key = $accessSecrec.'&';
$hmac = hash_hmac("sha1", $stringToSign, $key, true);
return base64_encode($hmac);
}
private function percentEncode($value = null){
$en = urlencode($value);
$en = str_replace("+", "%20", $en);
$en = str_replace("*", "%2A", $en);
$en = str_replace("%7E", "~", $en);
return $en;
}
private function curl($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
//curl_setopt($ch, CURLOPT_HEADER, 1);
//curl_setopt($ch, CURLINFO_HEADER_OUT, true);
$result = curl_exec ($ch);
$info = curl_getinfo($ch);
curl_close($ch);
return array($info["http_code"],$result);
}
private function out($arr) {
$t = json_decode($arr[1], true);
$t["httpcode"] = $arr[0];
return $t;
}
}

166
php-version/godaddydns.php Normal file
View File

@ -0,0 +1,166 @@
<?php
date_default_timezone_set("GMT");
//accessKeyId 和 accessSecrec 在 https://developer.godaddy.com/getstarted 申请
define("accessKeyId", "");
define("accessSecrec", "");
$type = 'TXT';
$domainarray = GodaddyDns::getDomain($argv[1]);
//证书申请域名
$selfdomain = ($domainarray[0] == "") ? $argv[2] : $argv[2].".".$domainarray[0];
//根域名
$domain = $domainarray[1];
$obj = new GodaddyDns(accessKeyId, accessSecrec, $domain);
$data = $obj->GetDNSRecord($domain, $type);
$code = $data['httpCode'];
if ($code != 200) {
echo 'code='.$code;
echo '<br/>';
echo $data['result'];
exit;
}
$data_obj = json_decode($data['result']);
$count = count($data_obj);
if ($count <= 0) {
$r = $obj->CreateDNSRecord($domain, $selfdomain, $argv[3], $type);
} else {
$r = $obj->UpdateDNSRecord($domain, $selfdomain, $argv[3], $type); //$domain,$name,$value,$recordType='TXT
}
class GodaddyDns
{
private $accessKeyId = null;
private $accessSecrec = null;
private $DomainName = null;
private $Host = "";
private $Path = "";
public function __construct($accessKeyId, $accessSecrec, $domain = "")
{
$this->accessKeyId = $accessKeyId;
$this->accessSecrec = $accessSecrec;
$this->DomainName = $domain;
}
/*
根据域名返回主机名和二级域名
*/
public static function getDomain($domain)
{
//常见根域名 【https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains】
// 【http://www.seobythesea.com/2006/01/googles-most-popular-and-least-popular-top-level-domains/】
$arr[] = ".co.jp";
$arr[] = ".com.tw";
$arr[] = ".net";
$arr[] = ".com";
$arr[] = ".com.cn";
$arr[] = ".org";
$arr[] = ".cn";
$arr[] = ".gov";
$arr[] = ".net.cn";
$arr[] = ".io";
$arr[] = ".top";
$arr[] = ".me";
$arr[] = ".int";
$arr[] = ".edu";
$arr[] = ".link";
$arr[] = ".uk";
$arr[] = ".hk";
//二级域名
$seconddomain = "";
//子域名
$selfdomain = "";
//根域名
$rootdomain = "";
foreach ($arr as $k => $v) {
$pos = stripos($domain, $v);
if ($pos) {
$rootdomain = substr($domain, $pos);
$s = explode(".", substr($domain, 0, $pos));
$seconddomain = $s[count($s) - 1].$rootdomain;
for ($i = 0; $i < count($s) - 1; $i++)
$selfdomain .= $s[$i];
break;
}
}
//echo $seconddomain ;exit;
if ($rootdomain == "") {
$seconddomain = $domain;
$selfdomain = "";
}
return array($selfdomain, $seconddomain);
}
public function error($code, $str)
{
echo "操作错误:".$code.":".$str;
exit;
}
private function curl($url, $header = '', $data = '', $method = 'get')
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method); //设置请求方式
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data); //设置提交的字符串
$result = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return array(
'result' => $result,
'httpCode' => $httpCode
);
}
private function out($msg)
{
return json_decode($msg, true);
}
public function GetDNSRecord($domain, $recordType = 'TXT')
{
$url = "https://api.godaddy.com/v1/domains/$domain/records/$recordType/_acme-challenge";
$header = ['accept: application/json', 'authorization:sso-key '.$this->accessKeyId.':'.$this->accessSecrec];
return $this->curl($url, $header);
}
public function UpdateDNSRecord($domain, $name, $value, $recordType = 'TXT')
{
$url = "https://api.godaddy.com/v1/domains/$domain/records/$recordType/$name";
$header = ['accept: application/json', 'Content-Type: application/json',
'authorization:sso-key '.$this->accessKeyId.':'.$this->accessSecrec];
$data = array(
array(
'data' => $value,
'name' => $name,
'ttl' => 3600,
'type' => $recordType)
);
return $this->curl($url, $header, json_encode($data), 'put');
}
public function CreateDNSRecord($domain, $name, $value, $recordType = 'TXT')
{
$url = "https://api.godaddy.com/v1/domains/$domain/records";
$header = ['accept: application/json', 'Content-Type: application/json',
'authorization:sso-key '.$this->accessKeyId.':'.$this->accessSecrec];
$data = array(
array(
'data' => $value,
'name' => $name,
'ttl' => 3600,
'type' => $recordType)
);
return $this->curl($url, $header, json_encode($data), 'PATCH');
}
}

270
php-version/txydns.php Executable file
View File

@ -0,0 +1,270 @@
<?php
date_default_timezone_set("GMT");
//去 https://console.cloud.tencent.com/cam/capi 页面申请
/*
$obj = new TxyDns(txyaccessKeyId, APPKEY, APPTOKEN);
//显示所有域名
$data = $obj->DomainList();
if ($data["code"]!=0) {
echo $data["message"] . "\n";
}
//可以增加同名的二条
$data = $obj->RecordCreate("www3","TXT",rand(10,1000));
$data = $obj->RecordCreate("www3","TXT",rand(10,1000));
$data = $obj->RecordCreate("www3.www3","TXT",rand(10,1000));
if ($data["code"]!=0) {
echo $data["message"] . "\n";
}
//查看一个主机的所有txt 记录
$data = $obj->RecordList("www3.www3","TXT");
$data = $obj->RecordList("www3","TXT");
$records = $data["data"]["records"];
foreach ($records as $k=>$v) {
//根据ID修改记录
$data = $obj->RecordModify("www3", "TXT", rand(1000,2000), $v["id"]);
//根据ID删除记录
$obj->RecordDelete($v["id"]);
}
*/
###### 代码运行
//php txydns.php add "www.yudadan.com" "k1" "v1" AKIDwlPr7DUpLgpZBb4tlT0MWUHtIVXOJwxm mMkxzoTxOirrfJlFYfbS7g7792jEi5GG
# 第一个参数是 action代表 (add/clean)
# 第二个参数是域名
# 第三个参数是主机名(第三个参数+第二个参数组合起来就是要添加的 TXT 记录)
# 第四个参数是 TXT 记录值
# 第五个参数是 APPKEY
# 第六个参数是 APPTOKEN
echo "域名 API 调用开始\n" ;
if (count($argv)<7) {
echo "参数有误\n";
exit;
}
echo $argv[1] . "-" . $argv[2] . "-" . $argv[3] . "-" . $argv[4] . "-" . $argv[5] . "-" . $argv[6] . "\n";
$domainarray = TxyDns::getDomain($argv[2]);
$selfdomain = ($domainarray[0]=="")?$argv[3]:$argv[3] . "." . $domainarray[0];
$obj = new TxyDns($argv[5], $argv[6], $domainarray[1]);
switch ($argv[1]) {
case "clean":
$data = $obj->RecordList($selfdomain , "TXT");
if ($data["code"]!=0) {
echo "txy dns 记录获取失败-" . $data["message"] . "\n";
exit;
}
$records = $data["data"]["records"];
foreach ( $records as $k=>$v) {
$data = $obj->RecordDelete($v["id"]);
if ($data["code"]!=0) {
echo "txy dns 记录删除失败-" . $data["message"] . "\n";
exit;
}
}
break;
case "add":
$data = $obj->RecordCreate($selfdomain, "TXT", $argv[4]);
if ($data["code"]!=0) {
echo "txy dns 记录添加失败-" . $data["message"] . "\n";
exit;
}
break;
}
echo "域名 API 调用成功结束\n" ;
####### 基于腾讯云 DNS API 实现的 PHP 类,参考 https://cloud.tencent.com/document/product/302/4032
class TxyDns {
private $accessKeyId = null;
private $accessSecrec = null;
private $DomainName = null;
private $Host = "cns.api.qcloud.com";
private $Path = "/v2/index.php";
public function __construct($accessKeyId, $accessSecrec, $domain = "") {
$this->accessKeyId = $accessKeyId;
$this->accessSecrec = $accessSecrec;
$this->DomainName = $domain;
}
/*
根据域名返回主机名和二级域名
*/
public static function getDomain($domain) {
//常见根域名 【https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains】
// 【http://www.seobythesea.com/2006/01/googles-most-popular-and-least-popular-top-level-domains/】
$arr[]=".uk";
$arr[]=".hk";
$arr[]=".net";
$arr[]=".com";
$arr[]=".edu";
$arr[]=".mil";
$arr[]=".com.cn";
$arr[]=".org";
$arr[]=".cn";
$arr[]=".gov";
$arr[]=".net.cn";
$arr[]=".io";
$arr[]=".co.jp";
$arr[]=".com.tw";
$arr[]=".info";
$arr[]=".io";
$arr[]=".top";
$arr[]=".me";
$arr[]=".int";
$arr[]=".edu";
//二级域名
$seconddomain ="";
//子域名
$selfdomain = "";
//根域名
$rootdomain = "";
foreach ($arr as $k=>$v) {
$pos = stripos($domain,$v);
if ($pos) {
$rootdomain = substr($domain,$pos);
$s = explode(".",substr($domain,0,$pos));
$seconddomain = $s[count($s)-1] . $rootdomain;
for ($i=0;$i<count($s)-1;$i++)
$selfdomain .= $s[$i];
break;
}
}
//echo $seconddomain ;exit;
if ($rootdomain=="") {
$seconddomain = $domain;
$selfdomain = "";
}
return array($selfdomain,$seconddomain);
}
public function error($code, $str) {
echo "操作错误:" . $code . ":" . $str;
exit;
}
public function RecordDelete($recordId) {
$param["domain"] = $this->DomainName;
$param["recordId"] = $recordId;
$data = $this->send("RecordDelete", "GET", $param);
return ($this->out($data));
}
public function RecordList($subDomain, $recordType = "") {
if ($recordType != "")
$param["recordType"] = $recordType;
$param["subDomain"] = $subDomain;
$param["domain"] = $this->DomainName;
$data = $this->send("RecordList", "GET", $param);
return ($this->out($data));
}
public function RecordModify($subDomain, $recordType = "TXT", $value, $recordId) {
$param["recordType"] = $recordType;
$param["subDomain"] = $subDomain;
$param["recordId"] = $recordId;
$param["domain"] = $this->DomainName;
$param["recordLine"] = "默认";
$param["value"] = $value;
$data = $this->send("RecordModify", "GET", $param);
return ($this->out($data));
}
public function RecordCreate($subDomain, $recordType = "TXT", $value) {
$param["recordType"] = $recordType;
$param["subDomain"] = $subDomain;
$param["domain"] = $this->DomainName;
$param["recordLine"] = "默认";
$param["value"] = $value;
$data = $this->send("RecordCreate", "GET", $param);
return ($this->out($data));
}
public function DomainList() {
$data = $this->send("DomainList", "GET", array());
return ($this->out($data));
}
private function send($action, $reqMethod, $requestParams) {
$params = $this->formatRequestData($action, $requestParams, $reqMethod);
$uri = http_build_query($params);
$url = "https://" . $this->Host . "" . $this->Path . "?" . $uri;
return $this->curl($url);
}
private function formatRequestData($action, $request, $reqMethod) {
$param = $request;
$param["Action"] = ucfirst($action);
//$param["RequestClient"] = $this->sdkVersion;
$param["Nonce"] = rand();
$param["Timestamp"] = time();
//$param["Version"] = $this->apiVersion;
$param["SecretId"] = $this->accessKeyId;
$signStr = $this->formatSignString($this->Host, $this->Path, $param, $reqMethod);
$param["Signature"] = $this->sign($signStr);
return $param;
}
//签名
private function formatSignString($host, $path, $param, $requestMethod) {
$tmpParam = [];
ksort($param);
foreach ($param as $key => $value) {
array_push($tmpParam, str_replace("_", ".", $key) . "=" . $value);
}
$strParam = join("&", $tmpParam);
$signStr = strtoupper($requestMethod) . $host . $path . "?" . $strParam;
return $signStr;
}
private function sign($signStr) {
$signature = base64_encode(hash_hmac("sha1", $signStr, $this->accessSecrec, true));
return $signature;
}
private function curl($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
private function out($msg) {
return json_decode($msg, true);
}
}