mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-19 21:01:45 +00:00
commit
2e9c4914a8
23
acme.sh
23
acme.sh
@ -48,8 +48,6 @@ LOCAL_ANY_ADDRESS="0.0.0.0"
|
||||
|
||||
DEFAULT_RENEW=60
|
||||
|
||||
DEFAULT_DNS_SLEEP=120
|
||||
|
||||
NO_VALUE="no"
|
||||
|
||||
W_DNS="dns"
|
||||
@ -3518,6 +3516,7 @@ updateaccount() {
|
||||
_send_signed_request "$_accUri" "$updjson"
|
||||
|
||||
if [ "$code" = '200' ]; then
|
||||
echo "$response" >"$ACCOUNT_JSON_PATH"
|
||||
_info "account update success for $_accUri."
|
||||
else
|
||||
_info "Error. The account was not updated."
|
||||
@ -6223,7 +6222,7 @@ Parameters:
|
||||
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
||||
--apache Use apache mode.
|
||||
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
||||
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
||||
--dnssleep 300 The time in seconds to wait for all the txt records to take effect in dns api mode. It's not necessary to use this by default, $PROJECT_NAME polls dns status automatically.
|
||||
|
||||
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
|
||||
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
|
||||
@ -6318,7 +6317,7 @@ _installOnline() {
|
||||
if ./$PROJECT_ENTRY install "$_nocron" "" "$_noprofile"; then
|
||||
_info "Install success!"
|
||||
_initpath
|
||||
_saveaccountconf "UPGRADE_HASH" "$(_getMasterHash)"
|
||||
_saveaccountconf "UPGRADE_HASH" "$(_getUpgradeHash)"
|
||||
fi
|
||||
|
||||
cd ..
|
||||
@ -6328,19 +6327,27 @@ _installOnline() {
|
||||
)
|
||||
}
|
||||
|
||||
_getMasterHash() {
|
||||
_getRepoHash() {
|
||||
_hash_path=$1
|
||||
shift
|
||||
_hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path"
|
||||
_get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4
|
||||
}
|
||||
|
||||
_getUpgradeHash() {
|
||||
_b="$BRANCH"
|
||||
if [ -z "$_b" ]; then
|
||||
_b="master"
|
||||
fi
|
||||
_hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/heads/$_b"
|
||||
_get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4
|
||||
_hash=$(_getRepoHash "heads/$_b")
|
||||
if [ -z "$_hash" ]; then _hash=$(_getRepoHash "tags/$_b"); fi
|
||||
echo $_hash
|
||||
}
|
||||
|
||||
upgrade() {
|
||||
if (
|
||||
_initpath
|
||||
[ -z "$FORCE" ] && [ "$(_getMasterHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0
|
||||
[ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0
|
||||
export LE_WORKING_DIR
|
||||
cd "$LE_WORKING_DIR"
|
||||
_installOnline "nocron" "noprofile"
|
||||
|
@ -47,24 +47,24 @@ deployer() {
|
||||
#Set Header
|
||||
export _H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||
if [ "$type" = 'cert' ]; then
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\ncertificate"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
|
||||
panos_url="${panos_url}?type=import"
|
||||
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
||||
fi
|
||||
if [ "$type" = 'key' ]; then
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\nprivate-key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n\r\n123456"
|
||||
panos_url="${panos_url}?type=import"
|
||||
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||
fi
|
||||
#Close multipart
|
||||
content="$content${nl}--$delim--${nl}"
|
||||
content="$content${nl}--$delim--${nl}${nl}"
|
||||
#Convert CRLF
|
||||
content=$(printf %b "$content")
|
||||
fi
|
||||
|
@ -15,6 +15,7 @@
|
||||
# SYNO_Scheme - defaults to http
|
||||
# SYNO_Hostname - defaults to localhost
|
||||
# SYNO_Port - defaults to 5000
|
||||
# SYNO_DID - device ID to skip OTP - defaults to empty
|
||||
#
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
@ -38,6 +39,7 @@ synology_dsm_deploy() {
|
||||
_getdeployconf SYNO_Username
|
||||
_getdeployconf SYNO_Password
|
||||
_getdeployconf SYNO_Create
|
||||
_getdeployconf SYNO_DID
|
||||
if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then
|
||||
SYNO_Username=""
|
||||
SYNO_Password=""
|
||||
@ -79,7 +81,7 @@ synology_dsm_deploy() {
|
||||
|
||||
# Login, get the token from JSON and session id from cookie
|
||||
_info "Logging into $SYNO_Hostname:$SYNO_Port"
|
||||
response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes")
|
||||
response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes&device_id=$SYNO_DID")
|
||||
token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
|
||||
_debug3 response "$response"
|
||||
|
||||
@ -99,6 +101,7 @@ synology_dsm_deploy() {
|
||||
# Now that we know the username and password are good, save them
|
||||
_savedeployconf SYNO_Username "$SYNO_Username"
|
||||
_savedeployconf SYNO_Password "$SYNO_Password"
|
||||
_savedeployconf SYNO_DID "$SYNO_DID"
|
||||
_debug token "$token"
|
||||
|
||||
_info "Getting certificates in Synology DSM"
|
||||
|
@ -23,6 +23,7 @@ dns_aws_add() {
|
||||
|
||||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
||||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
||||
AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
|
||||
|
||||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
||||
_use_container_role || _use_instance_role
|
||||
@ -40,6 +41,7 @@ dns_aws_add() {
|
||||
if [ -z "$_using_role" ]; then
|
||||
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
|
||||
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
|
||||
_saveaccountconf_mutable AWS_DNS_SLOWRATE "$AWS_DNS_SLOWRATE"
|
||||
fi
|
||||
|
||||
_debug "First detect the root zone"
|
||||
@ -77,7 +79,13 @@ dns_aws_add() {
|
||||
|
||||
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
|
||||
_info "TXT record updated successfully."
|
||||
_sleep 1
|
||||
if [ -n "$AWS_DNS_SLOWRATE" ]; then
|
||||
_info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
|
||||
_sleep "$AWS_DNS_SLOWRATE"
|
||||
else
|
||||
_sleep 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
fi
|
||||
_sleep 1
|
||||
@ -91,6 +99,7 @@ dns_aws_rm() {
|
||||
|
||||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
||||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
||||
AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
|
||||
|
||||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
||||
_use_container_role || _use_instance_role
|
||||
@ -125,7 +134,13 @@ dns_aws_rm() {
|
||||
|
||||
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
|
||||
_info "TXT record deleted successfully."
|
||||
_sleep 1
|
||||
if [ -n "$AWS_DNS_SLOWRATE" ]; then
|
||||
_info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
|
||||
_sleep "$AWS_DNS_SLOWRATE"
|
||||
else
|
||||
_sleep 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
fi
|
||||
_sleep 1
|
||||
|
@ -53,7 +53,7 @@ dns_dp_rm() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
|
||||
if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
|
||||
_err "Record.Lis error."
|
||||
return 1
|
||||
fi
|
||||
@ -70,12 +70,12 @@ dns_dp_rm() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then
|
||||
if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&record_id=$record_id"; then
|
||||
_err "Record.Remove error."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_contains "$response" "Action completed successful"
|
||||
_contains "$response" "successful"
|
||||
|
||||
}
|
||||
|
||||
@ -89,11 +89,11 @@ add_record() {
|
||||
|
||||
_info "Adding record"
|
||||
|
||||
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
|
||||
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
_contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists"
|
||||
_contains "$response" "successful" || _contains "$response" "Domain record already exists"
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
@ -113,11 +113,11 @@ _get_root() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&domain=$h"; then
|
||||
if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain=$h"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" "Action completed successful"; then
|
||||
if _contains "$response" "successful"; then
|
||||
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
|
||||
_debug _domain_id "$_domain_id"
|
||||
if [ "$_domain_id" ]; then
|
||||
|
@ -55,6 +55,7 @@ dns_inwx_rm() {
|
||||
|
||||
INWX_User="${INWX_User:-$(_readaccountconf_mutable INWX_User)}"
|
||||
INWX_Password="${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}"
|
||||
INWX_Shared_Secret="${INWX_Shared_Secret:-$(_readaccountconf_mutable INWX_Shared_Secret)}"
|
||||
if [ -z "$INWX_User" ] || [ -z "$INWX_Password" ]; then
|
||||
INWX_User=""
|
||||
INWX_Password=""
|
||||
@ -63,10 +64,6 @@ dns_inwx_rm() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the api key and email to the account conf file.
|
||||
_saveaccountconf_mutable INWX_User "$INWX_User"
|
||||
_saveaccountconf_mutable INWX_Password "$INWX_Password"
|
||||
|
||||
_debug "First detect the root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
|
Loading…
Reference in New Issue
Block a user