Add deployhook for CacheFly, Edgio and Netlify

deploy/cachefly.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env sh
+
+# Script to deploy certificate to CacheFly
+# https://api.cachefly.com/api/2.5/docs#tag/Certificates/paths/~1certificates/post
+
+# This deployment required following variables
+# export CACHEFLY_TOKEN="Your CacheFly API Token"
+
+# returns 0 means success, otherwise error.
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+CACHEFLY_API_BASE="https://api.cachefly.com/api/2.5"
+
+cachefly_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if [ -z "$CACHEFLY_TOKEN" ]; then
+ _err "CACHEFLY_TOKEN is not defined."
+ return 1
+ else
+ _savedomainconf CACHEFLY_TOKEN "$CACHEFLY_TOKEN"
+ fi
+
+ _info "Deploying certificate to CacheFly..."
+
+ ## upload certificate
+ string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n')
+ string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
+
+ _request_body="{\"certificate\":\"$string_fullchain\",\"certificateKey\":\"$string_key\"}"
+ _debug _request_body "$_request_body"
+ _debug CACHEFLY_TOKEN "$CACHEFLY_TOKEN"
+ export _H1="Authorization: Bearer $CACHEFLY_TOKEN"
+ _response=$(_post "$_request_body" "$CACHEFLY_API_BASE/certificates" "" "POST" "application/json")
+
+ if _contains "$_response" "message"; then
+ _err "Error in deploying $_cdomain certificate to CacheFly."
+ _err "$_response"
+ return 1
+ fi
+ _debug response "$_response"
+ _info "Domain $_cdomain certificate successfully deployed to CacheFly."
+ return 0
+}

deploy/directadmin.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env sh
+
+# Script to deploy certificate to DirectAdmin
+# https://docs.directadmin.com/directadmin/customizing-workflow/api-all-about.html#creating-a-login-key
+# https://docs.directadmin.com/changelog/version-1.24.4.html#cmd-api-catch-all-pop-passwords-frontpage-protected-dirs-ssl-certs
+
+# This deployment required following variables
+# export DirectAdmin_SCHEME="https" # Optional, https or http, defaults to https
+# export DirectAdmin_ENDPOINT="example.com:2222"
+# export DirectAdmin_USERNAME="Your DirectAdmin Username"
+# export DirectAdmin_KEY="Your DirectAdmin Login Key or Password"
+# export DirectAdmin_MAIN_DOMAIN="Your DirectAdmin Main Domain, NOT Subdomain"
+
+# returns 0 means success, otherwise error.
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+directadmin_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if [ -z "$DirectAdmin_ENDPOINT" ]; then
+ _err "DirectAdmin_ENDPOINT is not defined."
+ return 1
+ else
+ _savedomainconf DirectAdmin_ENDPOINT "$DirectAdmin_ENDPOINT"
+ fi
+ if [ -z "$DirectAdmin_USERNAME" ]; then
+ _err "DirectAdmin_USERNAME is not defined."
+ return 1
+ else
+ _savedomainconf DirectAdmin_USERNAME "$DirectAdmin_USERNAME"
+ fi
+ if [ -z "$DirectAdmin_KEY" ]; then
+ _err "DirectAdmin_KEY is not defined."
+ return 1
+ else
+ _savedomainconf DirectAdmin_KEY "$DirectAdmin_KEY"
+ fi
+ if [ -z "$DirectAdmin_MAIN_DOMAIN" ]; then
+ _err "DirectAdmin_MAIN_DOMAIN is not defined."
+ return 1
+ else
+ _savedomainconf DirectAdmin_MAIN_DOMAIN "$DirectAdmin_MAIN_DOMAIN"
+ fi
+
+ # Optional SCHEME
+ _getdeployconf DirectAdmin_SCHEME
+ # set default values for DirectAdmin_SCHEME
+ [ -n "${DirectAdmin_SCHEME}" ] || DirectAdmin_SCHEME="https"
+
+ _info "Deploying certificate to DirectAdmin..."
+
+ # upload certificate
+ string_cfullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n')
+ string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
+
+ _request_body="{\"domain\":\"$DirectAdmin_MAIN_DOMAIN\",\"action\":\"save\",\"type\":\"paste\",\"certificate\":\"$string_key\n$string_cfullchain\n\"}"
+ _debug _request_body "$_request_body"
+ _debug DirectAdmin_ENDPOINT "$DirectAdmin_ENDPOINT"
+ _debug DirectAdmin_USERNAME "$DirectAdmin_USERNAME"
+ _debug DirectAdmin_KEY "$DirectAdmin_KEY"
+ _debug DirectAdmin_MAIN_DOMAIN "$DirectAdmin_MAIN_DOMAIN"
+ _response=$(_post "$_request_body" "$DirectAdmin_SCHEME://$DirectAdmin_USERNAME:$DirectAdmin_KEY@$DirectAdmin_ENDPOINT/CMD_API_SSL" "" "POST" "application/json")
+
+ if _contains "$_response" "error=1"; then
+ _err "Error in deploying $_cdomain certificate to DirectAdmin Domain $DirectAdmin_MAIN_DOMAIN."
+ _err "$_response"
+ return 1
+ fi
+
+ _info "$_response"
+ _info "Domain $_cdomain certificate successfully deployed to DirectAdmin Domain $DirectAdmin_MAIN_DOMAIN."
+
+ return 0
+}

deploy/edgio.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env sh
+
+# Here is a script to deploy cert to edgio using its API
+# https://docs.edg.io/guides/v7/develop/rest_api/authentication
+# https://docs.edg.io/rest_api/#tag/tls-certs/operation/postConfigV01TlsCerts
+
+# This deployment required following variables
+# export EDGIO_CLIENT_ID="Your Edgio Client ID"
+# export EDGIO_CLIENT_SECRET="Your Edgio Client Secret"
+# export EDGIO_ENVIRONMENT_ID="Your Edgio Environment ID"
+
+# If have more than one Environment ID
+# export EDGIO_ENVIRONMENT_ID="ENVIRONMENT_ID_1 ENVIRONMENT_ID_2"
+
+# returns 0 means success, otherwise error.
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+edgio_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if [ -z "$EDGIO_CLIENT_ID" ]; then
+ _err "EDGIO_CLIENT_ID is not defined."
+ return 1
+ else
+ _savedomainconf EDGIO_CLIENT_ID "$EDGIO_CLIENT_ID"
+ fi
+
+ if [ -z "$EDGIO_CLIENT_SECRET" ]; then
+ _err "EDGIO_CLIENT_SECRET is not defined."
+ return 1
+ else
+ _savedomainconf EDGIO_CLIENT_SECRET "$EDGIO_CLIENT_SECRET"
+ fi
+
+ if [ -z "$EDGIO_ENVIRONMENT_ID" ]; then
+ _err "EDGIO_ENVIRONMENT_ID is not defined."
+ return 1
+ else
+ _savedomainconf EDGIO_ENVIRONMENT_ID "$EDGIO_ENVIRONMENT_ID"
+ fi
+
+ _info "Getting access token"
+ _data="client_id=$EDGIO_CLIENT_ID&client_secret=$EDGIO_CLIENT_SECRET&grant_type=client_credentials&scope=app.config"
+ _debug Get_access_token_data "$_data"
+ _response=$(_post "$_data" "https://id.edgio.app/connect/token" "" "POST" "application/x-www-form-urlencoded")
+ _debug Get_access_token_response "$_response"
+ _access_token=$(echo "$_response" | _json_decode | _egrep_o '"access_token":"[^"]*' | cut -d : -f 2 | tr -d '"')
+ _debug _access_token "$_access_token"
+ if [ -z "$_access_token" ]; then
+ _err "Error in getting access token"
+ return 1
+ fi
+
+ _info "Uploading certificate"
+ string_ccert=$(sed 's/$/\\n/' "$_ccert" | tr -d '\n')
+ string_cca=$(sed 's/$/\\n/' "$_cca" | tr -d '\n')
+ string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n')
+
+ for ENVIRONMENT_ID in $EDGIO_ENVIRONMENT_ID; do
+ _data="{\"environment_id\":\"$ENVIRONMENT_ID\",\"primary_cert\":\"$string_ccert\",\"intermediate_cert\":\"$string_cca\",\"private_key\":\"$string_key\"}"
+ _debug Upload_certificate_data "$_data"
+ _H1="Authorization: Bearer $_access_token"
+ _response=$(_post "$_data" "https://edgioapis.com/config/v0.1/tls-certs" "" "POST" "application/json")
+ if _contains "$_response" "message"; then
+ _err "Error in deploying $_cdomain certificate to Edgio ENVIRONMENT_ID $ENVIRONMENT_ID."
+ _err "$_response"
+ return 1
+ fi
+ _debug Upload_certificate_response "$_response"
+ _info "Domain $_cdomain certificate successfully deployed to Edgio ENVIRONMENT_ID $ENVIRONMENT_ID."
+ done
+
+ return 0
+}

deploy/keyhelp.sh

@@ -0,0 +1,117 @@
+#!/usr/bin/env sh
+
+# Script to deploy certificate to KeyHelp
+# This deployment required following variables
+# export DEPLOY_KEYHELP_BASEURL="https://keyhelp.example.com"
+# export DEPLOY_KEYHELP_USERNAME="Your KeyHelp Username"
+# export DEPLOY_KEYHELP_PASSWORD="Your KeyHelp Password"
+# export DEPLOY_KEYHELP_ENFORCE_HTTPS="1" # 0 or 1, input 1 to enable Enforce HTTP to HTTPS redirection.
+# export DEPLOY_KEYHELP_DOMAIN_ID="Depoly certificate to this Domain ID"
+
+# Open the 'Edit domain' page, and you will see id=xxx at the end of the URL. This is the Domain ID.
+# https://DEPLOY_KEYHELP_BASEURL/index.php?page=domains&action=edit&id=xxx
+
+# If have more than one domain name
+# export DEPLOY_KEYHELP_DOMAIN_ID="111 222 333"
+
+keyhelp_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ if [ -z "$DEPLOY_KEYHELP_BASEURL" ]; then
+ _err "DEPLOY_KEYHELP_BASEURL is not defined."
+ return 1
+ else
+ _savedomainconf DEPLOY_KEYHELP_BASEURL "$DEPLOY_KEYHELP_BASEURL"
+ fi
+
+ if [ -z "$DEPLOY_KEYHELP_USERNAME" ]; then
+ _err "DEPLOY_KEYHELP_USERNAME is not defined."
+ return 1
+ else
+ _savedomainconf DEPLOY_KEYHELP_USERNAME "$DEPLOY_KEYHELP_USERNAME"
+ fi
+
+ if [ -z "$DEPLOY_KEYHELP_PASSWORD" ]; then
+ _err "DEPLOY_KEYHELP_PASSWORD is not defined."
+ return 1
+ else
+ _savedomainconf DEPLOY_KEYHELP_PASSWORD "$DEPLOY_KEYHELP_PASSWORD"
+ fi
+
+ if [ -z "$DEPLOY_KEYHELP_DOMAIN_ID" ]; then
+ _err "DEPLOY_KEYHELP_DOMAIN_ID is not defined."
+ return 1
+ else
+ _savedomainconf DEPLOY_KEYHELP_DOMAIN_ID "$DEPLOY_KEYHELP_DOMAIN_ID"
+ fi
+
+ # Optional DEPLOY_KEYHELP_ENFORCE_HTTPS
+ _getdeployconf DEPLOY_KEYHELP_ENFORCE_HTTPS
+ # set default values for DEPLOY_KEYHELP_ENFORCE_HTTPS
+ [ -n "${DEPLOY_KEYHELP_ENFORCE_HTTPS}" ] || DEPLOY_KEYHELP_ENFORCE_HTTPS="1"
+
+ _info "Logging in to keyhelp panel"
+ username_encoded="$(printf "%s" "${DEPLOY_KEYHELP_USERNAME}" | _url_encode)"
+ password_encoded="$(printf "%s" "${DEPLOY_KEYHELP_PASSWORD}" | _url_encode)"
+ _H1="Content-Type: application/x-www-form-urlencoded"
+ _response=$(_get "$DEPLOY_KEYHELP_BASEURL/index.php?submit=1&username=$username_encoded&password=$password_encoded" "TRUE")
+ _cookie="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _head_n 1 | cut -d " " -f 2)"
+
+ # If cookies is not empty then logon successful
+ if [ -z "$_cookie" ]; then
+ _err "Fail to get cookie."
+ return 1
+ fi
+ _debug "cookie" "$_cookie"
+
+ _info "Uploading certificate"
+ _date=$(date +"%Y%m%d")
+ encoded_key="$(_url_encode <"$_ckey")"
+ encoded_ccert="$(_url_encode <"$_ccert")"
+ encoded_cca="$(_url_encode <"$_cca")"
+ certificate_name="$_cdomain-$_date"
+
+ _request_body="submit=1&certificate_name=$certificate_name&add_type=upload&text_private_key=$encoded_key&text_certificate=$encoded_ccert&text_ca_certificate=$encoded_cca"
+ _H1="Cookie: $_cookie"
+ _response=$(_post "$_request_body" "$DEPLOY_KEYHELP_BASEURL/index.php?page=ssl_certificates&action=add" "" "POST")
+ _message=$(echo "$_response" | grep -A 2 'message-body' | sed -n '/<div class="message-body ">/,/<\/div>/{//!p;}' | sed 's/<[^>]*>//g' | sed 's/^ *//;s/ *$//')
+ _info "_message" "$_message"
+ if [ -z "$_message" ]; then
+ _err "Fail to upload certificate."
+ return 1
+ fi
+
+ for DOMAIN_ID in $DEPLOY_KEYHELP_DOMAIN_ID; do
+ _info "Apply certificate to domain id $DOMAIN_ID"
+ _response=$(_get "$DEPLOY_KEYHELP_BASEURL/index.php?page=domains&action=edit&id=$DOMAIN_ID")
+ cert_value=$(echo "$_response" | grep "$certificate_name" | sed -n 's/.*value="\([^"]*\).*/\1/p')
+ target_type=$(echo "$_response" | grep 'target_type' | grep 'checked' | sed -n 's/.*value="\([^"]*\).*/\1/p')
+ _debug "cert_value" "$cert_value"
+ if [ -z "$cert_value" ]; then
+ _err "Fail to get certificate id."
+ return 1
+ fi
+
+ _request_body="submit=1&id=$DOMAIN_ID&target_type=$target_type&certificate_type=custom&certificate_id=$cert_value&enforce_https=$DEPLOY_KEYHELP_ENFORCE_HTTPS"
+ _response=$(_post "$_request_body" "$DEPLOY_KEYHELP_BASEURL/index.php?page=domains&action=edit" "" "POST")
+ _message=$(echo "$_response" | grep -A 2 'message-body' | sed -n '/<div class="message-body ">/,/<\/div>/{//!p;}' | sed 's/<[^>]*>//g' | sed 's/^ *//;s/ *$//')
+ _info "_message" "$_message"
+ if [ -z "$_message" ]; then
+ _err "Fail to apply certificate."
+ return 1
+ fi
+ done
+
+ _info "Domain $_cdomain certificate successfully deployed to KeyHelp Domain ID $DEPLOY_KEYHELP_DOMAIN_ID."
+ return 0
+}