mirror of
https://github.com/hiskang/acme.sh
synced 2025-10-31 18:37:30 +00:00
neil
GitHub
commit
42d1fe5422
@ -310,6 +310,7 @@ You don't have to do anything manually!
|
|||||||
1. Knot DNS API
|
1. Knot DNS API
|
||||||
1. DigitalOcean API (native)
|
1. DigitalOcean API (native)
|
||||||
1. ClouDNS.net API
|
1. ClouDNS.net API
|
||||||
|
1. Infoblox NIOS API (https://www.infoblox.com/)
|
||||||
|
|
||||||
**More APIs coming soon...**
|
**More APIs coming soon...**
|
||||||
|
|
||||||
|
|||||||
@ -421,6 +421,23 @@ Ok, let's issue a cert now:
|
|||||||
acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com
|
acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## 22. Use Infoblox API
|
||||||
|
|
||||||
|
First you need to create/obtain API credentials on your Infoblox appliance.
|
||||||
|
|
||||||
|
```
|
||||||
|
export Infoblox_Creds="username:password"
|
||||||
|
export Infoblox_Server="ip or fqdn of infoblox appliance"
|
||||||
|
```
|
||||||
|
|
||||||
|
Ok, let's issue a cert now:
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
Note: This script will automatically create and delete the ephemeral txt record.
|
||||||
|
The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
# Use custom API
|
# Use custom API
|
||||||
|
|
||||||
If your API is not supported yet, you can write your own DNS API.
|
If your API is not supported yet, you can write your own DNS API.
|
||||||
|
|||||||
97
dnsapi/dns_infoblox.sh
Normal file
97
dnsapi/dns_infoblox.sh
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
## Infoblox API integration by Jason Keller and Elijah Tenai
|
||||||
|
##
|
||||||
|
## Report any bugs via https://github.com/jasonkeller/acme.sh
|
||||||
|
|
||||||
|
dns_infoblox_add() {
|
||||||
|
|
||||||
|
## Nothing to see here, just some housekeeping
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue"
|
||||||
|
|
||||||
|
_info "Using Infoblox API"
|
||||||
|
_debug fulldomain "$fulldomain"
|
||||||
|
_debug txtvalue "$txtvalue"
|
||||||
|
|
||||||
|
## Check for the credentials
|
||||||
|
if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then
|
||||||
|
Infoblox_Creds=""
|
||||||
|
Infoblox_Server=""
|
||||||
|
_err "You didn't specify the credentials or server yet (Infoblox_Creds and Infoblox_Server)."
|
||||||
|
_err "Please set them via EXPORT ([username:password] and [ip or hostname]) and try again."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
## Save the credentials to the account file
|
||||||
|
_saveaccountconf Infoblox_Creds "$Infoblox_Creds"
|
||||||
|
_saveaccountconf Infoblox_Server "$Infoblox_Server"
|
||||||
|
|
||||||
|
## Base64 encode the credentials
|
||||||
|
Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64)
|
||||||
|
|
||||||
|
## Construct the HTTP Authorization header
|
||||||
|
export _H1="Accept-Language:en-US"
|
||||||
|
export _H2="Authorization: Basic $Infoblox_CredsEncoded"
|
||||||
|
|
||||||
|
## Add the challenge record to the Infoblox grid member
|
||||||
|
result=$(_post "" "$baseurlnObject" "" "POST")
|
||||||
|
|
||||||
|
## Let's see if we get something intelligible back from the unit
|
||||||
|
if echo "$result" | egrep 'record:txt/.*:.*/default'; then
|
||||||
|
_info "Successfully created the txt record"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
_err "Error encountered during record addition"
|
||||||
|
_err "$result"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
dns_infoblox_rm() {
|
||||||
|
|
||||||
|
## Nothing to see here, just some housekeeping
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
_info "Using Infoblox API"
|
||||||
|
_debug fulldomain "$fulldomain"
|
||||||
|
_debug txtvalue "$txtvalue"
|
||||||
|
|
||||||
|
## Base64 encode the credentials
|
||||||
|
Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64)
|
||||||
|
|
||||||
|
## Construct the HTTP Authorization header
|
||||||
|
export _H1="Accept-Language:en-US"
|
||||||
|
export _H2="Authorization: Basic $Infoblox_CredsEncoded"
|
||||||
|
|
||||||
|
## Does the record exist? Let's check.
|
||||||
|
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&_return_type=xml-pretty"
|
||||||
|
result=$(_get "$baseurlnObject")
|
||||||
|
|
||||||
|
## Let's see if we get something intelligible back from the grid
|
||||||
|
if echo "$result" | egrep 'record:txt/.*:.*/default'; then
|
||||||
|
## Extract the object reference
|
||||||
|
objRef=$(printf "%b" "$result" | _egrep_o 'record:txt/.*:.*/default')
|
||||||
|
objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef"
|
||||||
|
## Delete them! All the stale records!
|
||||||
|
rmResult=$(_post "" "$objRmUrl" "" "DELETE")
|
||||||
|
## Let's see if that worked
|
||||||
|
if echo "$rmResult" | egrep 'record:txt/.*:.*/default'; then
|
||||||
|
_info "Successfully deleted $objRef"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
_err "Error occurred during txt record delete"
|
||||||
|
_err "$rmResult"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_err "Record to delete didn't match an existing record"
|
||||||
|
_err "$result"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#################### Private functions below ##################################
|
||||||
Loading…
x
Reference in New Issue
Block a user