egandro · December 22, 2025 13:54
diff --git a/pdm-certificate.sh b/pdm-certificate.sh
 #!/bin/bash
 set -x
 set -e

 # --- CONFIGURATION ---
 PDM_HOST="https://pdm.whatever:8443"
 USERNAME="root@pam"
 PASSWORD="Secret@PassWord123"

 # ACME Config
 ACME_EMAIL="admin@goole.com"
 PLUGIN_ID="cloudflare_plugin"
 PLUGIN_API="cloudflare"
 PLUGIN_DATA_RAW="WHATEVER=key"
 PLUGIN_DATA_ENCODED=$(echo -n "$PLUGIN_DATA_RAW" | base64 -w 0)
 DOMAIN="pdm.whatever"

 # --- SAFETY & CLEANUP ---
 # 1) Use trap to delete cookies.txt on exit (success or failure)
 trap 'rm -f cookies.txt' EXIT

 # --- 1. AUTHENTICATE ---
 echo "Logging in as $USERNAME..."

 # We add 'Accept: application/json' to ensure we always get JSON, even on errors.
 LOGIN_RESPONSE=$(curl -s -k -c cookies.txt \
    -H "Accept: application/json" \
    -d "username=$USERNAME" \
    --data-urlencode "password=$PASSWORD" \
    "$PDM_HOST/api2/json/access/ticket")

 CSRF_TOKEN=$(echo "$LOGIN_RESPONSE" | jq -r '.data.CSRFPreventionToken')

 if [[ "$CSRF_TOKEN" == "null" ]] || [[ -z "$CSRF_TOKEN" ]]; then
    echo "Error: Login failed. Could not get CSRF Token."
    echo "Response: $LOGIN_RESPONSE"
    exit 1
 fi

 # Define standard headers for all subsequent requests
 # We combine the CSRF token and the Accept header here for cleaner curl commands
 API_HEADERS=(-H "CSRFPreventionToken: $CSRF_TOKEN" -H "Accept: application/json")

 echo "Success! Auth completed."

 # --- 2. REGISTER ACME ACCOUNT ---
 # Strategy: List all accounts and check if 'default' is inside.
 # This prevents 404 errors from querying a non-existent ID.

 echo "Checking ACME accounts..."
 EXISTING_ACCOUNTS=$(curl -s -k -b cookies.txt "${API_HEADERS[@]}" "$PDM_HOST/api2/json/config/acme/account" | jq -r '.data[].name')

 if echo "$EXISTING_ACCOUNTS" | grep -q "^default$"; then
    echo "ACME Account 'default' already exists. Skipping."
 else
    echo "Registering ACME Account 'default'..."
    curl -s -k -b cookies.txt -X POST "${API_HEADERS[@]}" \
        "$PDM_HOST/api2/json/config/acme/account" \
        --data-urlencode "name=default" \
        --data-urlencode "contact=$ACME_EMAIL" \
        --data-urlencode "directory=https://acme-v02.api.letsencrypt.org/directory" \
        --data-urlencode "tos_url=https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf" \
        | jq -r '. | if .success then "Account Created" else "Error: " + (.message // .errors) end'
 fi

 # --- 3. REGISTER DNS PLUGIN ---
 # Strategy: List all plugins and check if our ID is inside.

 echo "Checking ACME plugins..."
 EXISTING_PLUGINS=$(curl -s -k -b cookies.txt "${API_HEADERS[@]}" "$PDM_HOST/api2/json/config/acme/plugins" | jq -r '.data[].plugin')

 if echo "$EXISTING_PLUGINS" | grep -q "^$PLUGIN_ID$"; then
    echo "DNS Plugin '$PLUGIN_ID' already exists. Skipping."
 else
    echo "Creating DNS Plugin '$PLUGIN_ID'..."

    # Base64 encode the plugin data (Required by API)
    PLUGIN_DATA_ENCODED=$(echo -n "$PLUGIN_DATA_RAW" | base64 -w 0)

    curl -s -k -b cookies.txt -X POST "${API_HEADERS[@]}" \
        "$PDM_HOST/api2/json/config/acme/plugins" \
        --data-urlencode "id=$PLUGIN_ID" \
        --data-urlencode "type=dns" \
        --data-urlencode "api=$PLUGIN_API" \
        --data-urlencode "data=$PLUGIN_DATA_ENCODED" \
        | jq -r '. | if .success then "Plugin Created" else "Error: " + (.message // .errors) end'
 fi

 # --- 4. CONFIGURE NODE DOMAIN ---
 # Using the global /config/certificate endpoint
 echo "Configuring Node Domain ($DOMAIN)..."
 curl -s -k -b cookies.txt -X PUT "${API_HEADERS[@]}" \
    "$PDM_HOST/api2/json/config/certificate" \
    --data-urlencode "acme=account=default" \
    --data-urlencode "acmedomain0=domain=$DOMAIN,plugin=$PLUGIN_ID" \
    | jq -r '. | if .success then "Configuration Updated" else "Error: " + (.message // .errors) end'

 # We need a bit of a delay here
 sleep 20

 # --- 5. ORDER CERTIFICATE ---
 echo "Ordering Certificate..."
 curl -s -k -b cookies.txt -X POST "${API_HEADERS[@]}" \
    "$PDM_HOST/api2/extjs/nodes/localhost/certificates/acme/certificate" \
    | jq .
 echo "Done."
	#!/bin/bash
	set -x
	set -e

	# --- CONFIGURATION ---
	PDM_HOST="https://pdm.whatever:8443"
	USERNAME="root@pam"
	PASSWORD="Secret@PassWord123"

	# ACME Config
	ACME_EMAIL="admin@goole.com"
	PLUGIN_ID="cloudflare_plugin"
	PLUGIN_API="cloudflare"
	PLUGIN_DATA_RAW="WHATEVER=key"
	PLUGIN_DATA_ENCODED=$(echo -n "$PLUGIN_DATA_RAW" \| base64 -w 0)
	DOMAIN="pdm.whatever"

	# --- SAFETY & CLEANUP ---
	# 1) Use trap to delete cookies.txt on exit (success or failure)
	trap 'rm -f cookies.txt' EXIT

	# --- 1. AUTHENTICATE ---
	echo "Logging in as $USERNAME..."

	# We add 'Accept: application/json' to ensure we always get JSON, even on errors.
	LOGIN_RESPONSE=$(curl -s -k -c cookies.txt \
	-H "Accept: application/json" \
	-d "username=$USERNAME" \
	--data-urlencode "password=$PASSWORD" \
	"$PDM_HOST/api2/json/access/ticket")

	CSRF_TOKEN=$(echo "$LOGIN_RESPONSE" \| jq -r '.data.CSRFPreventionToken')

	if [[ "$CSRF_TOKEN" == "null" ]] \|\| [[ -z "$CSRF_TOKEN" ]]; then
	echo "Error: Login failed. Could not get CSRF Token."
	echo "Response: $LOGIN_RESPONSE"
	exit 1
	fi

	# Define standard headers for all subsequent requests
	# We combine the CSRF token and the Accept header here for cleaner curl commands
	API_HEADERS=(-H "CSRFPreventionToken: $CSRF_TOKEN" -H "Accept: application/json")

	echo "Success! Auth completed."

	# --- 2. REGISTER ACME ACCOUNT ---
	# Strategy: List all accounts and check if 'default' is inside.
	# This prevents 404 errors from querying a non-existent ID.

	echo "Checking ACME accounts..."
	EXISTING_ACCOUNTS=$(curl -s -k -b cookies.txt "${API_HEADERS[@]}" "$PDM_HOST/api2/json/config/acme/account" \| jq -r '.data[].name')

	if echo "$EXISTING_ACCOUNTS" \| grep -q "^default$"; then
	echo "ACME Account 'default' already exists. Skipping."
	else
	echo "Registering ACME Account 'default'..."
	curl -s -k -b cookies.txt -X POST "${API_HEADERS[@]}" \
	"$PDM_HOST/api2/json/config/acme/account" \
	--data-urlencode "name=default" \
	--data-urlencode "contact=$ACME_EMAIL" \
	--data-urlencode "directory=https://acme-v02.api.letsencrypt.org/directory" \
	--data-urlencode "tos_url=https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf" \
	\| jq -r '. \| if .success then "Account Created" else "Error: " + (.message // .errors) end'
	fi

	# --- 3. REGISTER DNS PLUGIN ---
	# Strategy: List all plugins and check if our ID is inside.

	echo "Checking ACME plugins..."
	EXISTING_PLUGINS=$(curl -s -k -b cookies.txt "${API_HEADERS[@]}" "$PDM_HOST/api2/json/config/acme/plugins" \| jq -r '.data[].plugin')

	if echo "$EXISTING_PLUGINS" \| grep -q "^$PLUGIN_ID$"; then
	echo "DNS Plugin '$PLUGIN_ID' already exists. Skipping."
	else
	echo "Creating DNS Plugin '$PLUGIN_ID'..."

	# Base64 encode the plugin data (Required by API)
	PLUGIN_DATA_ENCODED=$(echo -n "$PLUGIN_DATA_RAW" \| base64 -w 0)

	curl -s -k -b cookies.txt -X POST "${API_HEADERS[@]}" \
	"$PDM_HOST/api2/json/config/acme/plugins" \
	--data-urlencode "id=$PLUGIN_ID" \
	--data-urlencode "type=dns" \
	--data-urlencode "api=$PLUGIN_API" \
	--data-urlencode "data=$PLUGIN_DATA_ENCODED" \
	\| jq -r '. \| if .success then "Plugin Created" else "Error: " + (.message // .errors) end'
	fi

	# --- 4. CONFIGURE NODE DOMAIN ---
	# Using the global /config/certificate endpoint
	echo "Configuring Node Domain ($DOMAIN)..."
	curl -s -k -b cookies.txt -X PUT "${API_HEADERS[@]}" \
	"$PDM_HOST/api2/json/config/certificate" \
	--data-urlencode "acme=account=default" \
	--data-urlencode "acmedomain0=domain=$DOMAIN,plugin=$PLUGIN_ID" \
	\| jq -r '. \| if .success then "Configuration Updated" else "Error: " + (.message // .errors) end'

	# We need a bit of a delay here
	sleep 20

	# --- 5. ORDER CERTIFICATE ---
	echo "Ordering Certificate..."
	curl -s -k -b cookies.txt -X POST "${API_HEADERS[@]}" \
	"$PDM_HOST/api2/extjs/nodes/localhost/certificates/acme/certificate" \
	\| jq .
	echo "Done."
No results found