Skip to content

Instantly share code, notes, and snippets.

@MilxMil

MilxMil/dcv.sh

Last active Dec 3, 2020
Embed
What would you like to do?
Select and force DCV for any type of SSL certificate
ncuser="SECTIGO_USERNAME"
password="SECTIGO_PASS"
red="$(printf '\033[0;1;31m')"
blue="$(printf '\033[0;1;34m')"
white="$(printf '\033[0;1;37m')"
green="$(printf '\033[0;1;32m')"
yellow="$(printf '\033[0;1;33m')"
norm="$(printf '\033[0m')"
order=$1
function getDomains {
curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&queryType=0&showMDCDomainDetails=Y&orderNumber="$order"" https://secure.sectigo.com/products/download/CollectSSL \
| sed -e 's/,/\n/g' | sort -k2 | sed '1,2d' > ALL_DOMAINS
NOTVALIDATED_DOMAINS=$(grep -vw VALIDATED < ALL_DOMAINS | awk '{print $1}')
VALIDATED_DOMAINS=$(grep -vw NOTVALIDATED < ALL_DOMAINS | awk '{print $1}')
if [[ -n $NOTVALIDATED_DOMAINS ]]; then
echo -e "${red}------------------------NOT VALIDATED DOMAINS------------------------\n\n$NOTVALIDATED_DOMAINS${norm}"
echo -e
echo -e "${green}--------------------------VALIDATED DOMAINS--------------------------\n\n$VALIDATED_DOMAINS${norm}"
echo -e
else
echo -e "${green}ALL DOMAINS ARE VALIDATED!"
exit 0
fi
}
function MDC_func {
getDomains
echo -e "====================================================================="
echo -e "Press 1 to set ${white}EMAIL DCV${norm} or resend emails for all domains."
echo -e "Press 2 to set/force ${white}DNS DCV${norm} for all domains."
echo -e "Press 3 to set/force ${white}HTTP DCV${norm} for all domains."
echo -e "Press 4 to set/force ${white}HTTPS DCV${norm} for all domains."
echo -e "Press 5 to remove SAN from certificate."
echo -e "Press ${white}CTRL+C${norm} to exit."
read choice
case $choice in
1) dcvmethod="EMAIL";;
2) dcvmethod="CNAME_CSR_HASH";;
3) dcvmethod="HTTP_CSR_HASH";;
4) dcvmethod="HTTPS_CSR_HASH";;
5) echo -e "\nEnter the SAN to remove:"
read san
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&orderNumber="$order"&domainName="$san"" https://secure.sectigo.com/products/\!AutoRemoveMDCDomain \
| grep -oE 'errorCode=0|errorCode=-')
if [[ $result =~ ^errorCode=0$ ]]; then echo -e "\nTHE SAN ${yellow}${san}${norm} HAS BEEN REMOVED SUCCESSFULLY!"
getDomains
exit 0
else echo -e "\n${red}ERROR! DOUBLE-CHECK THE SAN SPELLING OR THE ORDER STATUS!${norm}"
exit 1
fi ;;
*) echo -n "${red}WRONG OPTION, EXITING!${norm}"; exit 1 ;;
esac
echo -e
if [[ $dcvmethod =~ ^EMAIL$ ]]; then
echo -e "Press 1 to select the ${white}admin@${norm} mailbox."
echo -e "Press 2 to select the ${white}administrator@${norm} mailbox."
echo -e "Press 3 to select the ${white}webmaster@${norm} mailbox."
echo -e "Press 4 to select the ${white}hostmaster@${norm} mailbox."
echo -e "Press 5 to select the ${white}postmaster@${norm} mailbox."
echo -e "Press 6 to select the ${white}WHOIS${norm} mailbox."
echo -e "Press ${white}CTRL+C${norm} to exit."
read emailchoice
case $emailchoice in
1) email="admin" ;;
2) email="administrator" ;;
3) email="webmaster" ;;
4) email="hostmaster" ;;
5) email="postmaster" ;;
6) email="whois" ;;
*) echo -n "${red}WRONG OPTION, EXITING!${norm}"; exit 1 ;;
esac
echo -e
for dom in $NOTVALIDATED_DOMAINS; do
baredom=$(awk -F. '{print $(NF-1),$NF}' <<< "$dom" | sed 's/ /./')
if [[ $email =~ ^whois$ ]]; then
whoisemail=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&domainName="$baredom"" https://secure.sectigo.com/products/\!GetDCVEmailAddressList \
| grep whois_email | awk '{print $2}')
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&OrderNumber="$order"&newMethod="$dcvmethod"&newDCVEmailAddress="${whoisemail/@/%40}"&domainName="$dom"" https://secure.sectigo.com/products/\!AutoUpdateDCV \
| grep -oE 'errorCode=0|errorCode=-')
else
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&OrderNumber="$order"&newMethod="$dcvmethod"&newDCVEmailAddress="${email/%/%40$baredom}"&domainName="$dom"" https://secure.sectigo.com/products/\!AutoUpdateDCV \
| grep -oE 'errorCode=0|errorCode=-')
fi
done
fi
if [[ $dcvmethod =~ ^(CNAME_CSR_HASH|HTTP_CSR_HASH|HTTPS_CSR_HASH)$ ]]; then
for dom in $NOTVALIDATED_DOMAINS; do
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&orderNumber="$order"&newMethod="$dcvmethod"&domainName="$dom"" https://secure.sectigo.com/products/\!AutoUpdateDCV \
| grep -oE 'errorCode=0|errorCode=-')
done
fi
if [[ $result =~ ^errorCode=0$ ]]; then
echo -e "DCV METHOD CHANGED TO ${yellow}${dcvmethod}${norm} SUCCESSFULLY!"
if [[ $dcvmethod =~ ^EMAIL$ ]]; then
echo -e "DCV EMAIL SENT TO THE ${yellow}${email^^}@${norm} EMAIL ADDRESSES!"
exit 0
fi
else echo -e "\n${red}ERROR! DOUBLE-CHECK THE EMAIL ADDRESS SPELLING OR THE ORDER STATUS!${norm}"; exit 1
fi
sleep 2
echo -e "${blue}RUNNING DCV CHECK AGAIN...${norm}"
echo -e
getDomains
echo -e
rm ALL_DOMAINS
}
#Check if CAORDER is provided to the script
if [[ -z $1 ]]; then
echo "${red}ERROR! SCRIPT USAGE IS: $(basename $0) (without '.sh') CAORDER${norm}"
exit 1
fi
#Check if only one parameter is provided to the script
if [[ $# > 1 ]]; then
echo "${red}ERROR! TOO MANY PARAMETERS. SCRIPT USAGE IS: $(basename $0) (without '.sh') CAORDER${norm}"
exit 1
fi
#Check if CAORDER includes only numeric value
if [[ ! $1 =~ ^[0-9]+$ ]]; then
echo "${red}ERROR! CAORDER CAN HAVE ONLY NUMERIC VALUE!${norm}"
exit 1
fi
type=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&orderNumber="$order"" https://secure.sectigo.com/products/\!WebHostReport \
| grep -oE 'type=(279|557|361|335)|errorCode=-16|noOfResults=0')
if [[ $type =~ ^errorCode=-16$ ]]; then
echo -e "\n${red}INCORRECT LOGIN DETAILS! DOUBLE-CHECK YOU ENTERED YOUR SECTIGO USERNAME AND PASSWORD AT THE BEGINNING OF THE SCRIPT CORRECTLY.${norm}\n"
exit 1
elif [[ $type =~ ^noOfResults=0$ ]]; then
echo -e "\n${red}CANNOT FIND SUCH ORDER! DOUBLE-CHECK THE ORDER NUMBER.${norm}\n"
exit 1
fi
echo -e
if [[ -n $type ]]; then
MDC_func
else
echo -e "Press 1 to set ${white}EMAIL DCV${norm} or resend email"
echo -e "Press 2 to set/force ${white}DNS DCV${norm}"
echo -e "Press 3 to set/force ${white}HTTP DCV${norm}"
echo -e "Press 4 to set/force ${white}HTTPS DCV${norm}"
echo -e "Press ${white}CTRL+C${norm} to exit."
read choice
echo -e
case $choice in
1) dcvmethod="EMAIL"
dom=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&OrderNumber="$order"" https://secure.sectigo.com/products/\!WebHostReport \
| grep -oE 'domain=.*' | cut -d "&" -f1 | cut -d "=" -f2 | awk -F. '{print $(NF-1),$NF}' | sed 's/ /./')
whois=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&domainName="$dom"" https://secure.sectigo.com/products/\!GetDCVEmailAddressList \
| grep whois_email | awk '{print $2}')
echo -e "Press 1 to select the ${white}admin@${norm} mailbox."
echo -e "Press 2 to select the ${white}administrator@${norm} mailbox."
echo -e "Press 3 to select the ${white}webmaster@${norm} mailbox."
echo -e "Press 4 to select the ${white}hostmaster@${norm} mailbox."
echo -e "Press 5 to select the ${white}postmaster@${norm} mailbox."
if [[ ! $whois =~ ^none$ ]]; then
echo -e "Press 6 to select the ${white}${whois}${norm} mailbox."
fi
echo -e "Press ${white}CTRL+C${norm} to exit."
read emailchoice
case $emailchoice in
1) email="admin" ;;
2) email="administrator" ;;
3) email="webmaster" ;;
4) email="hostmaster" ;;
5) email="postmaster" ;;
6) email="$whois" ;;
*) echo -n "${red}WRONG OPTION, EXITING!${norm}"; exit 1 ;;
esac
if [[ ${email##*@} =~ [^$dom] && ! ${email##*@} =~ ^admin|administrator|webmaster|postmaster|hostmaster$ ]]; then
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&OrderNumber="$order"&newMethod="$dcvmethod"&newDCVEmailAddress="${email/@/%40}"" https://secure.sectigo.com/products/\!AutoUpdateDCV \
| grep -oE 'errorCode=0|errorCode=-')
else
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&OrderNumber="$order"&newMethod="$dcvmethod"&newDCVEmailAddress="${email/%/%40$dom}"" https://secure.sectigo.com/products/\!AutoUpdateDCV \
| grep -oE 'errorCode=0|errorCode=-')
fi
if [[ $result =~ ^errorCode=0$ ]]; then echo -e "\nDCV EMAIL SENT TO THE ${yellow}${email^^}${norm} EMAIL ADDRESS!"
exit 0
else echo -e "\n${red}ERROR! DOUBLE-CHECK THE EMAIL ADDRESS SPELLING OR THE ORDER STATUS!${norm}"
exit 1
fi ;;
2) dcvmethod="CNAME_CSR_HASH" ;;
3) dcvmethod="HTTP_CSR_HASH" ;;
4) dcvmethod="HTTPS_CSR_HASH" ;;
*) echo -n "${red}WRONG OPTION, EXITING!${norm}"; exit 1 ;;
esac
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&OrderNumber="$order"&newMethod="$dcvmethod"" https://secure.sectigo.com/products/\!AutoUpdateDCV \
| grep -oE 'errorCode=0|errorCode=-')
if [[ $result =~ ^errorCode=0$ ]]; then echo -e "\nDCV METHOD CHANGED TO ${yellow}${dcvmethod}${norm} SUCCESSFULLY!"
else echo -e "\n${red}ERROR! THE DCV MAY BE ALREADY COMPLETED. DOUBLE-CHECK THE ORDER STATUS!${norm}"
exit 1
fi
sleep 1
echo -e "${blue}RUNNING DCV CHECK AGAIN...${norm}"
echo -e
result=$(curl -s -X POST -d "loginName="$ncuser"&loginPassword="$password"&orderNumber="$order"&showStatusDetails=Y" https://secure.sectigo.com/products/\!WebHostReport \
| grep -oE 'dcvStatus=0|dcvStatus=1')
if [[ $result =~ ^dcvStatus=1$ ]] ; then echo -e "\n${green}DCV IS COMPLETED!${norm}"
elif [[ $result =~ ^dcvStatus=0$ ]] ; then echo -e "\n${red}DCV IS NOT COMPLETED! \nDOUBLE-CHECK THE HTTP FILE/CNAME RECORD ACCESSIBILITY!${norm}"
fi
echo -e
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment