f

README.md

@@ -1,3 +1,30 @@
 # certbot-letencrypt-wildcardcertificates-alydns-au
 
-的
+### 功能
+
+用于自动设置阿里云 DNS 记录，从而配合 certbot 完成证书验证工作（包括通配符、SAN、单域名证书），从而避免人工干预。
+
+### 使用方法
+
+1：下载：
+
+```
+$ git clone https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au
+
+$ cd certbot-letencrypt-wildcardcertificates-alydns-au
+```
+
+2：配置：
+
+- au.sh，修改 PHPPROGRAM（au.sh 脚本的目录）、DOMAIN（你的域名）。
+- alydns.php，修改 accessKeyId、accessSecrec，需要去阿里云申请 API key 和 Secrec，用于调用阿里云 DNS API。
+
+3：运行 renew 命令（也包括申请证书命令）：
+
+```
+# 测试
+$ certbot-auto renew --cert-name newyingyong.cn --manual-auth-hook /你的脚本目录/au.sh --dry-run
+
+#renew
+$ certbot-auto renew --cert-name newyingyong.cn --manual-auth-hook /你的脚本目录/au.sh 
+```

alydns.php

@@ -0,0 +1,171 @@
+<?php
+
+date_default_timezone_set("GMT");
+
+//这两个值需要去阿里云申请
+define("accessKeyId", "");
+define("accessSecrec", "");
+
+/*
+//$obj = new AliDns(accessKeyId, accessSecrec, "newyingyong.cn");
+
+//显示所有
+//$data = $obj->DescribeDomainRecords();
+
+//增加解析
+//$data= $obj->AddDomainRecord("TXT", "test", "test");
+
+//修改解析
+//$data = $obj->UpdateDomainRecord("3965724468724736","TXT", "test", "test2");
+
+//删除解析
+//$data = $obj->DescribeDomainRecords();
+//$data = $data["DomainRecords"]["Record"];
+//if (is_array($data)) {
+	//foreach ($data as $v) {
+		//if ($v["RR"] == "test") {
+			//$obj->DeleteDomainRecord($v["RecordId"]);
+		//}
+	//}
+//} 
+*/
+
+
+/*
+example:
+
+php alydns.php add "newyingyong.cn" "test" "test2" 
+php alydns.php del "newyingyong.cn" "test"  
+*/
+
+//add or del
+$type = $argv[1];
+//manager domain 
+$obj = new AliDns(accessKeyId, accessSecrec, $argv[2]);
+$data = $obj->DescribeDomainRecords();
+$data = $data["DomainRecords"]["Record"];
+if (is_array($data)) {
+      foreach ($data as $v) {
+           if ($v["RR"] == $argv[3]) {
+               $obj->DeleteDomainRecord($v["RecordId"]);
+           }
+      }
+} 
+
+print_r($obj->AddDomainRecord("TXT", $argv[3],$argv[4]));
+
+class AliDns {
+    private $accessKeyId = null;
+    private $accessSecrec = null;
+    private $DomainName = null;
+
+
+    public function __construct($accessKeyId, $accessSecrec, $domain) {
+        $this->accessKeyId = $accessKeyId;
+        $this->accessSecrec = $accessSecrec;
+        $this->DomainName = $domain;
+    }
+
+    public function DescribeDomainRecords() {
+        $requestParams = array(
+             "Action" => "DescribeDomainRecords"
+        );
+        $val = $this->send($requestParams);
+        return $this->out($val);
+    }
+
+
+    public function UpdateDomainRecord($id, $type, $rr,$value){
+        $requestParams = array(
+            "Action" => "UpdateDomainRecord",
+            "RecordId" => $id,
+            "RR" => $rr,
+            "Type" => $type,
+            "Value" => $value,
+        );
+        $val = $this->send($requestParams);
+        return $this->out($val);
+    }
+    public function DeleteDomainRecord($id) {
+	$requestParams = array(
+            "Action" => "DeleteDomainRecord",
+            "RecordId" => $id,
+        );
+        $val = $this->send($requestParams);
+        return $this->out($val);
+    }
+
+    public function AddDomainRecord($type, $rr, $value) {
+
+        $requestParams = array(
+            "Action" => "AddDomainRecord",
+            "RR" => $rr,
+            "Type" => $type,
+            "Value" => $value,
+        );
+        $val = $this->send($requestParams);
+        return $this->out($val);
+
+    }
+
+    private function send($requestParams) {
+        $publicParams = array(
+        "DomainName" => $this->DomainName,
+        "Format" => "JSON",
+        "Version" => "2015-01-09",
+        "AccessKeyId" => $this->accessKeyId,
+        "Timestamp" => date("Y-m-d\TH:i:s\Z"),
+        "SignatureMethod" => "HMAC-SHA1",
+        "SignatureVersion" => "1.0",
+        "SignatureNonce" => substr(md5(rand(1, 99999999)), rand(1, 9), 14),
+        );
+
+        $params = array_merge($publicParams, $requestParams);
+        $params['Signature'] = $this->sign($params, $this->accessSecrec);
+        $uri = http_build_query($params);
+        $url = 'http://alidns.aliyuncs.com/?'.$uri;
+        return $this->curl($url);
+    }
+
+
+
+    private function sign($params, $accessSecrec, $method = "GET") {
+        ksort($params);
+        $stringToSign = strtoupper($method).'&'.$this->percentEncode('/').'&';
+
+        $tmp = "";
+        foreach($params as $key => $val){
+            $tmp .= '&'.$this->percentEncode($key).'='.$this->percentEncode($val);
+        }
+        $tmp = trim($tmp, '&');
+        $stringToSign = $stringToSign.$this->percentEncode($tmp);
+
+        $key = $accessSecrec.'&';
+        $hmac = hash_hmac("sha1", $stringToSign, $key, true);
+
+        return base64_encode($hmac);
+    }
+
+
+    private function percentEncode($value = null){
+        $en = urlencode($value);
+        $en = str_replace("+", "%20", $en);
+        $en = str_replace("*", "%2A", $en);
+        $en = str_replace("%7E", "~", $en);
+        return $en;
+    }
+
+    private function curl($url) {
+        $ch = curl_init();
+        curl_setopt($ch, CURLOPT_URL, $url );
+        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
+        $result = curl_exec ($ch);
+        curl_close($ch);
+        return $result;
+    }
+
+    private function out($msg) {
+        return json_decode($msg, true);
+    }
+}
+

au.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+#PHP 脚本位置
+PHPPROGRAM="/root/"
+DOMAIN="simplehttps.com"
+
+PATH=$(cd `dirname $0`; pwd)
+
+
+# 要为那个 DNS RR 添加 TXT 记录
+CREATE_DOMAIN="_acme-challenge"
+
+# $CERTBOT_VALIDATION 是 Certbot 的内置变量，代表需要为 DNS TXT 记录设置的值
+
+echo $PATH"/alydns.php"
+
+# 调用 PHP 脚本，自动设置 DNS TXT 记录。
+/usr/bin/php   $PATH"/alydns.php"  $DOMAIN $CREATE_DOMAIN  $CERTBOT_VALIDATION >/var/log/certdebug.log
+
+# DNS TXT 记录刷新时间
+#sleep 30