mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
add Le_Next_Domain_Key for tlsa
fix https://github.com/acmesh-official/acme.sh/issues/3096 Usage: https://github.com/acmesh-official/acme.sh/wiki/tlsa-next-key
This commit is contained in:
parent
0a4b70dbd2
commit
1c16931e26
27
acme.sh
27
acme.sh
@ -4423,6 +4423,7 @@ issue() {
|
|||||||
_debug "_saved_account_key_hash is not changed, skip register account."
|
_debug "_saved_account_key_hash is not changed, skip register account."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
export Le_Next_Domain_Key="$CERT_KEY_PATH.next"
|
||||||
if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then
|
if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then
|
||||||
_info "Signing from existing CSR."
|
_info "Signing from existing CSR."
|
||||||
else
|
else
|
||||||
@ -4435,6 +4436,11 @@ issue() {
|
|||||||
fi
|
fi
|
||||||
_debug "Read key length:$_key"
|
_debug "Read key length:$_key"
|
||||||
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
||||||
|
if [ "$Le_ForceNewDomainKey" = "1" ] && [ -f "$Le_Next_Domain_Key" ]; then
|
||||||
|
_info "Using pre generated key: $Le_Next_Domain_Key"
|
||||||
|
cat "$Le_Next_Domain_Key" >"$CERT_KEY_PATH"
|
||||||
|
echo "" >"$Le_Next_Domain_Key"
|
||||||
|
else
|
||||||
if ! createDomainKey "$_main_domain" "$_key_length"; then
|
if ! createDomainKey "$_main_domain" "$_key_length"; then
|
||||||
_err "Create domain key error."
|
_err "Create domain key error."
|
||||||
_clearup
|
_clearup
|
||||||
@ -4442,7 +4448,18 @@ issue() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$Le_ForceNewDomainKey" ]; then
|
||||||
|
_info "Generate next pre-generate key."
|
||||||
|
if [ ! -e "$Le_Next_Domain_Key" ]; then
|
||||||
|
touch "$Le_Next_Domain_Key"
|
||||||
|
chmod 600 "$Le_Next_Domain_Key"
|
||||||
|
fi
|
||||||
|
if ! _createkey "$_key_length" "$Le_Next_Domain_Key"; then
|
||||||
|
_err "Can not pre generate domain key"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
|
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
|
||||||
_err "Create CSR error."
|
_err "Create CSR error."
|
||||||
_clearup
|
_clearup
|
||||||
@ -5178,6 +5195,9 @@ $_authorizations_map"
|
|||||||
|
|
||||||
[ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
|
[ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
|
||||||
[ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"
|
[ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"
|
||||||
|
if [ "$Le_ForceNewDomainKey" ] && [ -e "$Le_Next_Domain_Key" ]; then
|
||||||
|
_info "Your pre-generated next key for future cert key change is in: $(__green "$Le_Next_Domain_Key")"
|
||||||
|
fi
|
||||||
|
|
||||||
Le_CertCreateTime=$(_time)
|
Le_CertCreateTime=$(_time)
|
||||||
_savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime"
|
_savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime"
|
||||||
@ -5752,7 +5772,8 @@ installcert() {
|
|||||||
_savedomainconf "Le_RealKeyPath" "$_real_key"
|
_savedomainconf "Le_RealKeyPath" "$_real_key"
|
||||||
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
|
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
|
||||||
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
|
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
|
||||||
|
export Le_ForceNewDomainKey="$(_readdomainconf Le_ForceNewDomainKey)"
|
||||||
|
export Le_Next_Domain_Key
|
||||||
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
|
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5844,6 +5865,8 @@ _installcert() {
|
|||||||
export CA_CERT_PATH
|
export CA_CERT_PATH
|
||||||
export CERT_FULLCHAIN_PATH
|
export CERT_FULLCHAIN_PATH
|
||||||
export Le_Domain="$_main_domain"
|
export Le_Domain="$_main_domain"
|
||||||
|
export Le_ForceNewDomainKey
|
||||||
|
export Le_Next_Domain_Key
|
||||||
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
|
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
|
||||||
); then
|
); then
|
||||||
_info "$(__green "Reload success")"
|
_info "$(__green "Reload success")"
|
||||||
|
Loading…
Reference in New Issue
Block a user