Solved update domain names with the cli (yet another topic)
-
Hello, I checked the topics existed earlier, but I really need a way to initiate all domains certificate renew using command line - something like
sudo docker exec -it `sudo docker ps --filter name=certbot -q` /usr/local/bin/certbot renewReason for that: my host is closed by a firewall and I need to automate opening the firewall for some time, renew the certs, close the firewall back.
I understand I can do it GUI, but that means I can't automate it, which I would like to...
Any clue would be much appreciated!
-
Hi @potemkin_ai,
generally I think it would be a better solution to use a dns provider that supports dns validation.
@potemkin_ai said in update domain names with the cli (yet another topic):
I understand I can do it GUI
Is that a typo? If its possible to do this in the gui then you just need to check which requests/commands it sends to the server when doing so. This is how I sniffed the requests I needed to make to trigger a full box backup and poll for its completion.
The api is also described at https://docs.cloudron.io/api.html
-
@fbartels there is no typo - I need to make it in command line (cli).
I wish I can easily change DNS providers, but since it's not the case, I need a way to automate that from the server.
-
@potemkin_ai said in update domain names with the cli (yet another topic):
I need to make it in command line (cli).
Like I said, if its part of the web ui, then you can easily trigger it from the cli with curl. Just checked it myself and this is the request that gets sent (from the network console and then selected "copy as curl"):
curl 'https://my.cloud.ron/api/v1/cloudron/renew_certs' \ -H 'authority: my.cloud.ron' \ -H 'sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"' \ -H 'dnt: 1' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'authorization: Bearer my-token' \ -H 'content-type: application/json;charset=UTF-8' \ -H 'accept: application/json, text/plain, */*' \ -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36' \ -H 'sec-ch-ua-platform: "macOS"' \ -H 'origin: https://my.cloud.ron' \ -H 'sec-fetch-site: same-origin' \ -H 'sec-fetch-mode: cors' \ -H 'sec-fetch-dest: empty' \ -H 'referer: my.cloud.ron' \ -H 'accept-language: en,de-DE;q=0.9,de;q=0.8,en-US;q=0.7,nl-NL;q=0.6,nl;q=0.5,zh-TW;q=0.4,zh;q=0.3' \ --data-raw '{}' \ --compressed(in the above example there are parts that can easily be removed)
-
@fbartels thank you; is there any other way, opposed to reverse engineer front-end from the back-end, or at least to make it more understandable and repeat-able, for those, who is not a front-end developer, like myself?
For example, how do I find this particular request, on top of dozens (at least) others? Would it be supported in the future or it's something that can be broken easily? Where do I get token? Can it expire?
If things can expire, is there any better way to handle things?I understand it's not very typical request, I appreciate your help, just trying to make sense of it.
-
@potemkin_ai while there is no cli subcommand as such, as @fbartels correctly mentioned, there is a REST api, which the Cloudron dashboard also uses.
I have documented it now at https://docs.cloudron.io/api.html#tag/Cloudron/paths/~1cloudron~1renew_certs/post -
@nebulon oh, that's wonderful!
May I ask you for some help in here, please?
I did the call 'curl -k -X POST -H 'Content-Type: application/json' --data '{"domain": "sub.domain.name"}' https://mydomain.name//api/v1/cloudron/renew_certs
and it failed with the following error:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Error</title> </head> <body> <pre>Cannot POST //api/v1/cloudron/renew_certs</pre> </body> </html>What am I missing here?
-
@potemkin_ai were you using the dashboard domain. As in my.example.com ?
-
@nebulon nop; but I changed it to be my.sub-domain.domain.name, which is exactly a cloudron address, and get the very same error there.
As I wrote I realized that I used double slash after the domain name - that broke out things, which I didn't expected...
Got the new error - could you please, assist me - how to get the token?
{ "status": "Unauthorized", "message": "Token required" } -
@potemkin_ai you need to provide an access token for verification as mentioned on the top of https://docs.cloudron.io/api.html
Such api tokens can be created in the profile page in your Cloudron dashboard.
-
@nebulon Thank you.
For the future guys like me - that's in profile page.I've added the token, but it still generate an error:
curl -k -X POST -H 'Content-Type: application/json' -H 'Bearer: $TOKEN' --data '{"domain": "my.sub.domain.com"}' https://my.sub.domain.com/api/v1/cloudron/renew_certsGenerates the same error:
{ "status": "Unauthorized", "message": "Token required"Request via ?access_token=<token> works, though.
Is there something I'm missing with passing token as a header? Tried both "Bearer: $token" and "Bearer $token" - same result.
-
@potemkin_ai said in update domain names with the cli (yet another topic):
Is there something I'm missing with passing token as a header?
It needs to be
-H "authorization: Bearer $TOKEN". -
For the future me, here is a two minutes guide I wish I had when I started:
- Go to the profile page on your Cloudron, generate the token there.
- Create the script you want to be executed and here is the part of it, in charge of the API calls:
dns_host_name='my.your_instance.name' token='token_you_just_generated' set +e set +x #do your voodoo here; in my case - it's firewall rules altering curl -k -X POST -H 'Content-Type: application/json' -H "authorization: Bearer $token" --data '{"domain": "'$dns_host_name'"}' https://$dns_host_name/api/v1/cloudron/renew_certs echo "You can check the status of the task at https://$dns_host_name/logs.html?taskId=$task_id_from_above" sleep 180 #do your next voodoo here - in my case, altering firewall rules back -
So I guess this is solved now?
-
@nebulon indeed, thank you!
For the sake of future users, I guess it could make sense to add information about where to take token and full command line for cURL into the documentation, but it's not directly related to the case.
