acme.sh icon indicating copy to clipboard operation
acme.sh copied to clipboard
verified publisher icon acmesh-official

make ip-whitelisting configurable for DNS TransIP

Open koter84 opened this issue 3 years ago • 11 comments

i need to use the TransIP API without a whitelisted IP because of dynamic IP. it wasn't possible to configure this without changing the dns_transip.sh script, so i made the existing variable configurable, yet retain the default of false

koter84 avatar May 31 '22 08:05 koter84

fix the ci checks first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test

Neilpang avatar Jun 04 '22 11:06 Neilpang

getting the CI to run correctly took more work then the actual change, since the TransIP API requires a keyfile, and not a variable, so i added some code to create a keyfile from the base64 encoded keyfile in the secrets..

i tried to decode this with the base64 -d command, but that isn't available by default on the BSD OS-es, but then i found the _dbase64 function in acme.sh which uses openssl and works as expected.

the workflow is currently running, and i expect it to complete successfully, since it managed to get through the whole workflow before removing a bunch of _debug messages, and the last rebase to upstream/dev of course..

koter84 avatar Jul 26 '22 09:07 koter84

@Neilpang just did a new rebase, could you approve the workflow?

koter84 avatar Aug 02 '22 08:08 koter84

@Neilpang CI checks are all fixed

koter84 avatar Aug 05 '22 08:08 koter84

it's a bit of a learning curve, i use bash quite a lot for scripting, but not so much the POSIX variant, and mostly on Debian, Ubuntu and Fedora. thanks for pointing me in the right direction!

koter84 avatar Aug 09 '22 08:08 koter84

can we delete the temp key file ?

Neilpang avatar Aug 09 '22 10:08 Neilpang

Well, I was thinking about that, but it should only delete the file during the test run, otherwise people lose their private key, so I figured since it's a short lived VM, and the files are rather small, I could just let the destruction of the VM handle that. But now that I think of it, it's actually a new feature where you could have the private key on a local webserver, so then it should be cleaned, and documented that you could also use a URL for the key.

You think I should check for http:// as well then? Or just http?

koter84 avatar Aug 09 '22 11:08 koter84

I'll add the changes tomorrow probably..

koter84 avatar Aug 09 '22 11:08 koter84

delete the temp key file only when it's downloaded from web. If the file is not a URL, don't delete it.

Neilpang avatar Aug 09 '22 12:08 Neilpang

yeah, but after downloading the file the original URL is "gone" since the variable which holds the URL gets replaced with the tempfile location

koter84 avatar Aug 09 '22 13:08 koter84

Apparently Solaris doesn't accept the CA for transfer.sh so i used PasteBin instead, also had to change the delete function a bit to make sure the URL gets restored after deleting the temp-file.

Right now the checks are all on green.. :-D

koter84 avatar Aug 17 '22 08:08 koter84