mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-18 04:11:46 +00:00
commit
4967fa020f
103
.github/workflows/LetsEncrypt.yml
vendored
103
.github/workflows/LetsEncrypt.yml
vendored
@ -16,34 +16,89 @@ on:
|
||||
|
||||
jobs:
|
||||
Ubuntu:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: ""
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install tools
|
||||
run: sudo apt-get install -y socat
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
run: |
|
||||
cd .. \
|
||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||
&& cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& sudo --preserve-env ./letest.sh
|
||||
|
||||
MacOS:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: ""
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install tools
|
||||
run: brew install socat
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
run: |
|
||||
cd .. \
|
||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||
&& cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& sudo --preserve-env ./letest.sh
|
||||
|
||||
Windows:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: ""
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: windows-latest
|
||||
env:
|
||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
TEST_LOCAL: 1
|
||||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
||||
Le_HTTPPort: 8888
|
||||
@ -77,9 +132,24 @@ jobs:
|
||||
run: cd ../acmetest && bash.exe -c ./letest.sh
|
||||
|
||||
FreeBSD:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: ""
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: vmactions/cf-tunnel@v0.0.2
|
||||
@ -93,18 +163,34 @@ jobs:
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- uses: vmactions/freebsd-vm@v0.1.4
|
||||
with:
|
||||
envs: 'TEST_LOCAL TestingDomain'
|
||||
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
||||
nat: |
|
||||
"8080": "80"
|
||||
prepare: pkg install -y socat curl
|
||||
usesh: true
|
||||
run: |
|
||||
cd ../acmetest && ./letest.sh
|
||||
cd ../acmetest \
|
||||
&& ./letest.sh
|
||||
|
||||
Solaris:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: ""
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: vmactions/cf-tunnel@v0.0.2
|
||||
@ -118,10 +204,11 @@ jobs:
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- uses: vmactions/solaris-vm@v0.0.3
|
||||
with:
|
||||
envs: 'TEST_LOCAL TestingDomain'
|
||||
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
||||
nat: |
|
||||
"8080": "80"
|
||||
prepare: pkgutil -y -i socat curl
|
||||
run: |
|
||||
cd ../acmetest && ./letest.sh
|
||||
cd ../acmetest \
|
||||
&& ./letest.sh
|
||||
|
||||
|
14
acme.sh
14
acme.sh
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
VER=2.9.0
|
||||
VER=3.0.0
|
||||
|
||||
PROJECT_NAME="acme.sh"
|
||||
|
||||
@ -29,7 +29,7 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
|
||||
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
||||
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
|
||||
|
||||
DEFAULT_CA=$CA_LETSENCRYPT_V2
|
||||
DEFAULT_CA=$CA_ZEROSSL
|
||||
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
||||
|
||||
CA_NAMES="
|
||||
@ -3526,8 +3526,10 @@ _regAccount() {
|
||||
if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
|
||||
_info "No EAB credentials found for ZeroSSL, let's get one"
|
||||
if [ -z "$_email" ]; then
|
||||
_err "Please provide a email address for ZeroSSL account."
|
||||
_err "See ZeroSSL usage: $_ZEROSSL_WIKI"
|
||||
_info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")"
|
||||
_info "$(__green "Please update your account with an email address first.")"
|
||||
_info "$(__green "$PROJECT_ENTRY --register-account -m my@example.com")"
|
||||
_info "See: $(__green "$_ZEROSSL_WIKI")"
|
||||
return 1
|
||||
fi
|
||||
_eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
|
||||
@ -3538,11 +3540,13 @@ _regAccount() {
|
||||
fi
|
||||
_debug2 "$_eabresp"
|
||||
_eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
|
||||
_secure_debug2 _eab_id "$_eab_id"
|
||||
if [ -z "$_eab_id" ]; then
|
||||
_err "Can not resolve _eab_id"
|
||||
return 1
|
||||
fi
|
||||
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
|
||||
_secure_debug2 _eab_hmac_key "$_eab_hmac_key"
|
||||
if [ -z "$_eab_hmac_key" ]; then
|
||||
_err "Can not resolve _eab_hmac_key"
|
||||
return 1
|
||||
@ -3564,7 +3568,7 @@ _regAccount() {
|
||||
eab_sign_t="$eab_protected64.$eab_payload64"
|
||||
_debug3 eab_sign_t "$eab_sign_t"
|
||||
|
||||
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')"
|
||||
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')"
|
||||
_debug3 key_hex "$key_hex"
|
||||
|
||||
eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)
|
||||
|
@ -59,7 +59,7 @@ dns_1984hosting_add() {
|
||||
if _contains "$response" '"haserrors": true'; then
|
||||
_err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
|
||||
return 1
|
||||
elif _contains "$response" "<html>"; then
|
||||
elif _contains "$response" "html>"; then
|
||||
_err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
|
||||
return 1
|
||||
elif _contains "$response" '"auth": false'; then
|
||||
@ -204,7 +204,7 @@ _get_root() {
|
||||
fi
|
||||
|
||||
_authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
|
||||
if _contains "$_response" "serial" && ! _contains "$_response" 'null}'; then
|
||||
if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain="$h"
|
||||
return 0
|
||||
|
@ -33,7 +33,7 @@ dns_vultr_add() {
|
||||
_debug 'Getting txt records'
|
||||
_vultr_rest GET "dns/records?domain=$_domain"
|
||||
|
||||
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
_err 'Error'
|
||||
return 1
|
||||
fi
|
||||
@ -73,12 +73,12 @@ dns_vultr_rm() {
|
||||
_debug 'Getting txt records'
|
||||
_vultr_rest GET "dns/records?domain=$_domain"
|
||||
|
||||
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
_err 'Error'
|
||||
return 1
|
||||
fi
|
||||
|
||||
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
|
||||
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
|
||||
_debug _record_id "$_record_id"
|
||||
if [ "$_record_id" ]; then
|
||||
_info "Successfully retrieved the record id for ACME challenge."
|
||||
|
Loading…
Reference in New Issue
Block a user