Skip to content

Fix cPanel Scripts #874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pgoforth wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix cPanel Scripts #874

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
673f62e
Fix cPanel scripts to handle wild card domains and use correct API pa…
pgoforth Feb 1, 2025
77cfa28
Merge branch 'master' into cpanel_script_fix
timkimber Jan 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions dns_scripts/dns_add_cpanel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,11 @@ fi

# If no existing record, create a new TXT record, otherwise edit the existing record
if [[ "$resp" == *\"data\":[]* ]]; then
request_params="&cpanel_jsonapi_func=add_zone_record&domain=$domain&type=TXT&name=_acme-challenge$name&txtdata=$token"
request_params="&cpanel_jsonapi_func=add_zone_record&domain=${domain}&type=TXT&name=_acme-challenge&txtdata=${token}"
else
# shellcheck disable=SC2001
line=$(echo "$resp" | sed -e 's/.*line":\([0-9]*\),.*/\1/')
request_params="&cpanel_jsonapi_func=edit_zone_record&domain=$domain&type=TXT&name=_acme-challenge$name&txtdata=${token}&line=${line}"
request_params="&cpanel_jsonapi_func=edit_zone_record&domain=${domain}&type=TXT&name=_acme-challenge&txtdata=${token}&line=${line}"
Comment on lines +64 to +68
Copy link

Copilot AI Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name is still computed earlier (for the CNAME case), but this request now ignores it. That makes the CNAME handling ineffective and can create the TXT record at _acme-challenge in the target zone instead of the intended _acme-challenge.<relative>. Either incorporate the computed name into the ZoneEdit name parameter again, or remove the now-unused name logic entirely to avoid incorrect behavior.

Copilot uses AI. Check for mistakes.
fi
resp=$(curl --silent "${curl_params[@]}" "$request_func$request_params")

Expand Down
2 changes: 1 addition & 1 deletion dns_scripts/dns_del_cpanel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ fi
line=$(echo "$resp" | sed -e 's/.*line":\([0-9]*\),.*/\1/')
if [[ "$line" != "" ]]; then
# Delete the challenge token
request_params="&cpanel_jsonapi_func=remove_zone_record&domain=$domain&type=TXT&name=_acme-challenge$name&line=$line"
request_params="&cpanel_jsonapi_func=remove_zone_record&domain=${domain}&type=TXT&name=_acme-challenge&line=${line}"
Copy link

Copilot AI Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name is computed earlier but no longer used here. If domain was rewritten due to a detected CNAME, deleting _acme-challenge without the derived relative suffix can fail to remove the correct TXT record. Either use the computed name in the ZoneEdit name parameter, or remove the unused CNAME/name logic so the script behavior is consistent.

Suggested change
request_params="&cpanel_jsonapi_func=remove_zone_record&domain=${domain}&type=TXT&name=_acme-challenge&line=${line}"
request_params="&cpanel_jsonapi_func=remove_zone_record&domain=${domain}&type=TXT&name=_acme-challenge${name}&line=${line}"

Copilot uses AI. Check for mistakes.
resp=$(curl --silent "${curl_params[@]}" "$request_func$request_params")
fi

Expand Down
3 changes: 2 additions & 1 deletion getssl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,7 @@
# 2024-03-26 Test for "true" in wildcard property of authorization responses
# 2024-10-16 Add newlines to /directory response (#765)(#859)
# 2025-06-18 Support profiles
# 2025-12-02 Fix cPanel support for API zone record updates and wildcard domain support
# 2025-07-28 Accept lowercase replay-nonce headers (#884)
Comment on lines +296 to 297
Copy link

Copilot AI Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changelog header appears to be chronological, but this new entry is out of order (2025-12-02 is listed before 2025-07-28). Please place it in date order to keep the history section consistent.

Suggested change
# 2025-12-02 Fix cPanel support for API zone record updates and wildcard domain support
# 2025-07-28 Accept lowercase replay-nonce headers (#884)
# 2025-07-28 Accept lowercase replay-nonce headers (#884)
# 2025-12-02 Fix cPanel support for API zone record updates and wildcard domain support

Copilot uses AI. Check for mistakes.
# ----------------------------------------------------------------------------------------

Expand All @@ -302,7 +303,7 @@ esac

PROGNAME=${0##*/}
PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)"
VERSION="2.49"
VERSION="2.50"

# defaults
ACCOUNT_KEY_LENGTH=4096
Expand Down
3 changes: 2 additions & 1 deletion other_scripts/cpanel_cert_upload
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
# use with RELOAD_CMD="${HOME}/cpanel_cert_upload domain.com"

domain="$1"
nowild=$(echo "${1//\*\./}")
Copy link

Copilot AI Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This uses an unnecessary subshell and external echo, and the pattern removes every *. occurrence rather than only a leading wildcard. Consider using parameter expansion directly (and only stripping a leading *.) to avoid surprising transformations and keep the script consistent with domain="$1".

Suggested change
nowild=$(echo "${1//\*\./}")
nowild=${domain#\*\.}

Copilot uses AI. Check for mistakes.

rawurlencode() {
local string
Expand All @@ -28,4 +29,4 @@ ecert=$( rawurlencode "${HOME}/.getssl/${domain}/${domain}.crt" )
ekey=$( rawurlencode "${HOME}/.getssl/${domain}/${domain}.key" )
echain=$( rawurlencode "${HOME}/.getssl/${domain}/chain.crt" )

uapi SSL install_ssl domain="${domain}" cert="${ecert}" key="${ekey}" cabundle="${echain}"
uapi SSL install_ssl domain="${nowild}" cert="${ecert}" key="${ekey}" cabundle="${echain}"
Loading