From 950316c221be9891b626353b0425fb5a02d96487 Mon Sep 17 00:00:00 2001
From: tianyu <xdtianyu@gmail.com>
Date: Sat, 21 Oct 2017 14:31:30 +0800
Subject: [PATCH] add cloudflare le-dns support

---
 le-dns/cloudflare-hook.sh | 22 +++++++++
 le-dns/cloudflare.conf    |  6 +++
 le-dns/cloudflare.sh      | 94 +++++++++++++++++++++++++++++++++++++++
 le-dns/le-cloudflare.sh   | 37 +++++++++++++++
 4 files changed, 159 insertions(+)
 create mode 100755 le-dns/cloudflare-hook.sh
 create mode 100644 le-dns/cloudflare.conf
 create mode 100755 le-dns/cloudflare.sh
 create mode 100755 le-dns/le-cloudflare.sh

diff --git a/le-dns/cloudflare-hook.sh b/le-dns/cloudflare-hook.sh
new file mode 100755
index 0000000..784bd41
--- /dev/null
+++ b/le-dns/cloudflare-hook.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+function deploy_challenge {
+    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+    echo "$DOMAIN" "$TOKEN_FILENAME" "$TOKEN_VALUE"
+    ./cloudflare.sh "$CONFIG" "$DOMAIN" "$TOKEN_VALUE"
+    sleep 15
+}
+
+function clean_challenge {
+    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+}
+
+function deploy_cert {
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
+}
+
+function unchanged_cert {
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
+}
+
+HANDLER=$1; shift; $HANDLER $@
diff --git a/le-dns/cloudflare.conf b/le-dns/cloudflare.conf
new file mode 100644
index 0000000..133a2b2
--- /dev/null
+++ b/le-dns/cloudflare.conf
@@ -0,0 +1,6 @@
+CF_EMAIL="YOUR_EMAIL@gmail.com"
+CF_TOKEN="YOUR_API_TOKEN"
+DOMAIN_NAME="example.com"
+CERT_DOMAINS="example.com www.example.com"
+#ECC=TRUE
+
diff --git a/le-dns/cloudflare.sh b/le-dns/cloudflare.sh
new file mode 100755
index 0000000..3625a11
--- /dev/null
+++ b/le-dns/cloudflare.sh
@@ -0,0 +1,94 @@
+#!/usr/bin/env sh
+
+CONFIG=$1
+DOMAIN_FULL=$2
+TXT_TOKEN=$3
+
+if [ ! -f "$CONFIG" ];then
+    echo "ERROR, CONFIG NOT EXIST."
+    exit 1
+fi
+
+# shellcheck source=/dev/null
+. "$CONFIG"
+
+SUB_DOMAIN=${DOMAIN_FULL%$DOMAIN}
+
+if [ -z "$SUB_DOMAIN" ];then
+    HOST="_acme-challenge"
+else
+    HOST="_acme-challenge.${SUB_DOMAIN%.}"
+fi 
+
+# we get them automatically for you
+CF_ZONE_ID=""
+CF_DOMAIN_ID=""
+
+jsonValue() {
+    KEY=$1
+    num=$2
+    awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'"$KEY"'\042/){print $(i+1)}}}' | tr -d '"' | sed -n "${num}"p
+}
+
+
+getZoneID() {
+  CF_ZONE_ID=$(curl -s \
+    -X GET "https://api.cloudflare.com/client/v4/zones?name=${DOMAIN_NAME}" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json"| \
+    jsonValue id 1)
+}
+
+getDomainID() {
+  CF_DOMAIN_ID=$(curl -s \
+    -X GET "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records?name=${HOST}" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json" | \
+    jsonValue id 1)
+}
+
+createDomain() {
+  RESULT=$(curl -s \
+    -X POST "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json" \
+    --data '{"type":"TXT","name":"'"${HOST}"'","content":"'"${TXT_TOKEN}"'","ttl":1,"proxied":false}' | \
+    jsonValue success 1)
+
+    if [ "$RESULT" = "true" ];then
+        echo "$(date) -- Update success"
+    else
+        echo "$(date) -- Update failed"
+    fi
+
+}
+
+updateDomain() {
+  RESULT=$(curl -s \
+    -X PUT "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records/${CF_DOMAIN_ID}" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json" \
+    --data '{"type":"TXT","name":"'"${HOST}"'","content":"'"${TXT_TOKEN}"'","ttl":1,"proxied":false}' | \
+    jsonValue success 1)
+
+    if [ "$RESULT" = "true" ];then
+        echo "$(date) -- Update success"
+    else
+        echo "$(date) -- Update failed"
+    fi
+
+}
+
+getZoneID
+getDomainID
+
+if [ -z "$CF_DOMAIN_ID" ];then
+    createDomain
+else
+    updateDomain
+fi
+
diff --git a/le-dns/le-cloudflare.sh b/le-dns/le-cloudflare.sh
new file mode 100755
index 0000000..03aa392
--- /dev/null
+++ b/le-dns/le-cloudflare.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+export CONFIG=$1
+
+if [ -f "$CONFIG" ];then
+    . "$CONFIG"
+    DIRNAME=$(dirname "$CONFIG")
+    cd "$DIRNAME" || exit 1
+else
+    echo "ERROR CONFIG."
+    exit 1
+fi
+
+echo "$CERT_DOMAINS" > domains.txt
+
+if [ ! -f "cloudflare.sh" ];then
+    wget https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudflare.sh -O cloudflare.sh -o /dev/null
+    chmod +x cloudflare.sh
+fi
+
+if [ ! -f "cloudflare-hook.sh" ];then
+    wget https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudflare-hook.sh -O cloudflare-hook.sh -o /dev/null
+    chmod +x cloudflare-hook.sh
+fi
+
+if [ ! -f "letsencrypt.sh" ];then
+    wget https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated -O letsencrypt.sh -o /dev/null
+    chmod +x letsencrypt.sh
+fi
+
+if [ "$ECC" = "TRUE" ];then
+    ./letsencrypt.sh -c -k ./cloudflare-hook.sh -t dns-01 -a secp384r1
+else
+    ./letsencrypt.sh -c -k ./cloudflare-hook.sh -t dns-01
+fi
+
+chown -R www-data:www-data certs