Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
marcdupain / getssl deb
Repository URL to install this package:
|
Version:
2.49-1 ▾
|
#!/usr/bin/env bash
# either configure here or export environment variables in getssl.cfg
email=${CF_EMAIL:-''}
key=${CF_KEY:-''}
api_token=${CF_API_TOKEN:-''}
zone_id=${CF_ZONE_ID:-''}
# This script removes a TXT record from cloudflare DNS for the ACME challenge
# usage dns_del_cloudflare "domain name" "token (optional)"
# if token is not specified, then all tokens are removed.
# return codes are;
# 0 - success
# 1 - error in input
# 2 - error within internal processing
# 3 - error in result ( domain not found in cloudflare etc)
fulldomain="${1}"
token="${2}"
API='https://api.cloudflare.com/client/v4/zones'
if [[ -z "$api_token" ]]; then
curl_params=( -H "X-Auth-Email: $email" -H "X-Auth-Key: $key" -H 'Content-Type: application/json' )
else
curl_params=( -H "Authorization: Bearer $api_token" -H 'Content-Type: application/json' )
fi
# check initial parameters
if [[ -z "$fulldomain" ]]; then
echo "DNS script requires full domain name as first parameter"
exit 1
fi
if [[ -z "$api_token" ]]; then
if [[ -z "$email" ]]; then
echo "CF_EMAIL (email) parameter not set"
exit 1
fi
if [[ -z "$key" ]]; then
echo "CF_KEY (key) parameter not set"
exit 1
fi
fi
if [[ -z "$zone_id" ]]; then
# get a list of all domain names from cloudflare
# If you have a lot, you may need add "&page=1&per_page=1000" and/or "&status=active"
resp=$(curl --silent "${curl_params[@]}" -X GET "$API")
re='"result":\[(([^][]*\[[^][]*])*[^][]*)]' # find result section
if [[ "${resp// }" =~ $re ]]; then
resp="${BASH_REMATCH[1]}"
fi
# iterate through all sections to obtain a list of domains
while [[ "$resp" ]]; do
re='[^}{]*\{(([^}{]*\{[^}{]*})*[^}{]*)}(.*)'
if [[ "$resp" =~ $re ]]; then
first="${BASH_REMATCH[1]}"
resp="${BASH_REMATCH[3]}"
fi
# remove subsections - leave only domain level
while [[ "$first" =~ (.*)[\[\{][^]\{\}[]*[\]\}](.*) ]]; do
first="${BASH_REMATCH[1]}${BASH_REMATCH[2]}"
done
re='"name":"([^"]*)"'
if [[ "$first" =~ $re ]]; then
domains=( "${domains[@]}" "${BASH_REMATCH[1]}" )
else
echo "Error getting domain name"
exit 2
fi
re='"id":"([^"]*)"'
if [[ "$first" =~ $re ]]; then
ids=( "${ids[@]}" "${BASH_REMATCH[1]}" )
else
echo "Error getting domain id"
exit 2
fi
done
# split required domain name into an array
dnarray=(${fulldomain//./ })
# get number of parts in required domain name
NumParts=${#dnarray[@]}
# build a test domain name, starting with the largest, and reduce it
# until a match is found, set domain = first ( longest) match.
domain=""
i=1
while [ $i -lt "$NumParts" ]; do
testdomain="${dnarray[i-1]}"
for ((j=i; j<NumParts; j++)); do
testdomain+=".${dnarray[j]}"
done
# loop through domains at cloudflare
for k in "${!domains[@]}"; do
# if match found, then set domain and zone_id
if [[ "$testdomain" == "${domains[k]}" ]]; then
domain="$testdomain"
zone_id=${ids[k]}
i="$NumParts"
fi
done
((i++))
done
if [[ -z "$domain" ]]; then
echo 'domain name not found on your cloudflare account'
exit 3
fi
fi
curl_request="$API/$zone_id/dns_records?type=TXT&name=_acme-challenge.$fulldomain"
if [[ ! -z "$token" ]]; then # if token specified, then use it
curl_request+="&content=$token"
fi
resp=$(curl --silent "${curl_params[@]}" -X GET "$curl_request")
re='"result":\[(([^][]*\[[^][]*])*[^][]*)]' # find result section
if [[ "${resp// }" =~ $re ]]; then
resp="${BASH_REMATCH[1]}"
if [ -z "$resp" ]; then
echo 'challenge TXT record not found on your cloudflare account'
exit 3
fi
else # results section not found
echo "error in results section response from cloudflare"
exit 3
fi
while [[ "$resp" ]]; do # iterate through records returned
re='[^}{]*\{(([^}{]*\{[^}{]*})+[^}{]*)}(.*)'
if [[ "$resp" =~ $re ]]; then
first="${BASH_REMATCH[1]}"
resp="${BASH_REMATCH[3]}"
fi
re='"id":"([^"]*)"'
if [[ "$first" =~ $re ]]; then
id="${BASH_REMATCH[1]}"
else
echo "Error: domain ID not found"
exit 2
fi
respd=$(curl --silent "${curl_params[@]}" -X DELETE "$API/$zone_id/dns_records/$id")
if [[ "${respd// }" == *'"success":false'* ]]; then
re='"message":"([^"]+)"'
if [[ "$respd" =~ $re ]]; then
echo "Error: DNS challenge not deleted: ${BASH_REMATCH[1]}"
exit 3
else
echo "Error: DNS challenge not deleted: unknown error - $respd"
exit 3
fi
fi
done