diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000..6b71b4b8 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,11 @@ +language: bash + +env: + global: + - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64 + +script: + - curl -sSL $SHFMT_URL -o ~/shfmt + - chmod +x ~/shfmt + - ~/shfmt -l -w -i 2 . + - git diff --exit-code || echo "Run shfmt to fix the formatting issues" diff --git a/acme.sh b/acme.sh index c52ce70c..47a4f6d0 100755 --- a/acme.sh +++ b/acme.sh @@ -60,33 +60,32 @@ DEFAULT_LOG_LEVEL="$LOG_LEVEL_1" _DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh" __INTERACTIVE="" -if [ -t 1 ] ; then +if [ -t 1 ]; then __INTERACTIVE="1" fi __green() { - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[1;31;32m' fi printf -- "$1" - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[0m' fi } __red() { - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[1;31;40m' fi printf -- "$1" - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[0m' fi } - _printargs() { - if [ -z "$2" ] ; then + if [ -z "$2" ]; then printf -- "[$(date)] $1" else printf -- "[$(date)] $1='$2'" @@ -97,31 +96,30 @@ _printargs() { _dlg_versions() { echo "Diagnosis versions: " echo "openssl:" - if _exists openssl ; then + if _exists openssl; then openssl version 2>&1 else echo "openssl doesn't exists." fi - + echo "apache:" - if [ "$_APACHECTL" ] && _exists "$_APACHECTL" ; then + if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then _APACHECTL -V 2>&1 else echo "apache doesn't exists." fi - + echo "nc:" - if _exists "nc" ; then + if _exists "nc"; then nc -h 2>&1 else _debug "nc doesn't exists." fi } - _log() { [ -z "$LOG_FILE" ] && return - _printargs "$@" >> $LOG_FILE + _printargs "$@" >>$LOG_FILE } _info() { @@ -129,11 +127,10 @@ _info() { _printargs "$@" } - _err() { _log "$@" printf -- "[$(date)] " >&2 - if [ -z "$2" ] ; then + if [ -z "$2" ]; then __red "$1" >&2 else __red "$1='$2'" >&2 @@ -143,52 +140,51 @@ _err() { } _usage() { - __red "$@" >&2 + __red "$@" >&2 printf "\n" >&2 } - _debug() { - if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ] ; then + if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then _log "$@" fi - if [ -z "$DEBUG" ] ; then + if [ -z "$DEBUG" ]; then return fi _printargs "$@" >&2 } _debug2() { - if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ] ; then + if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then _log "$@" fi - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _debug "$@" fi } _debug3() { - if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ] ; then + if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then _log "$@" fi - if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then _debug "$@" fi } -_startswith(){ +_startswith() { _str="$1" _sub="$2" echo "$_str" | grep "^$_sub" >/dev/null 2>&1 } -_endswith(){ +_endswith() { _str="$1" _sub="$2" echo "$_str" | grep -- "$_sub\$" >/dev/null 2>&1 } -_contains(){ +_contains() { _str="$1" _sub="$2" echo "$_str" | grep -- "$_sub" >/dev/null 2>&1 @@ -198,17 +194,17 @@ _hasfield() { _str="$1" _field="$2" _sep="$3" - if [ -z "$_field" ] ; then + if [ -z "$_field" ]; then _usage "Usage: str field [sep]" return 1 fi - - if [ -z "$_sep" ] ; then + + if [ -z "$_sep" ]; then _sep="," fi - - for f in $(echo "$_str" | tr ',' ' ') ; do - if [ "$f" = "$_field" ] ; then + + for f in $(echo "$_str" | tr ',' ' '); do + if [ "$f" = "$_field" ]; then _debug2 "'$_str' contains '$_field'" return 0 #contains ok fi @@ -217,42 +213,41 @@ _hasfield() { return 1 #not contains } -_getfield(){ +_getfield() { _str="$1" _findex="$2" _sep="$3" - - if [ -z "$_findex" ] ; then + + if [ -z "$_findex" ]; then _usage "Usage: str field [sep]" return 1 fi - - if [ -z "$_sep" ] ; then + + if [ -z "$_sep" ]; then _sep="," fi _ffi=$_findex - while [ "$_ffi" -gt "0" ] - do - _fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" - if [ "$_fv" ] ; then + while [ "$_ffi" -gt "0" ]; do + _fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" + if [ "$_fv" ]; then printf -- "%s" "$_fv" return 0 fi _ffi="$(_math $_ffi - 1)" done - + printf -- "%s" "$_str" } -_exists(){ +_exists() { cmd="$1" - if [ -z "$cmd" ] ; then + if [ -z "$cmd" ]; then _usage "Usage: _exists cmd" return 1 fi - if type command >/dev/null 2>&1 ; then + if type command >/dev/null 2>&1; then command -v "$cmd" >/dev/null 2>&1 else type "$cmd" >/dev/null 2>&1 @@ -263,41 +258,40 @@ _exists(){ } #a + b -_math(){ +_math() { expr "$@" } _h_char_2_dec() { _ch=$1 case "${_ch}" in - a|A) + a | A) printf "10" - ;; - b|B) + ;; + b | B) printf "11" - ;; - c|C) + ;; + c | C) printf "12" - ;; - d|D) + ;; + d | D) printf "13" - ;; - e|E) + ;; + e | E) printf "14" - ;; - f|F) + ;; + f | F) printf "15" - ;; + ;; *) printf "%s" "$_ch" - ;; + ;; esac } - _URGLY_PRINTF="" -if [ "$(printf '\x41')" != 'A' ] ; then +if [ "$(printf '\x41')" != 'A' ]; then _URGLY_PRINTF=1 fi @@ -305,35 +299,35 @@ _h2b() { hex=$(cat) i=1 j=2 - if _exists let ; then + if _exists let; then uselet="1" fi _debug3 uselet "$uselet" _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" - while true ; do - if [ -z "$_URGLY_PRINTF" ] ; then + while true; do + if [ -z "$_URGLY_PRINTF" ]; then h="$(printf $hex | cut -c $i-$j)" - if [ -z "$h" ] ; then - break; + if [ -z "$h" ]; then + break fi printf "\x$h" else ic="$(printf $hex | cut -c $i)" jc="$(printf $hex | cut -c $j)" - if [ -z "$ic$jc" ] ; then - break; + if [ -z "$ic$jc" ]; then + break fi ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" printf '\'"$(printf %o "$(_math $ic \* 16 + $jc)")" fi - if [ "$uselet" ] ; then + if [ "$uselet" ]; then let "i+=2" >/dev/null let "j+=2" >/dev/null else i="$(_math $i + 2)" j="$(_math $j + 2)" - fi + fi done } @@ -341,7 +335,7 @@ _h2b() { _sed_i() { options="$1" filename="$2" - if [ -z "$filename" ] ; then + if [ -z "$filename" ]; then _usage "Usage:_sed_i options filename" return 1 fi @@ -352,12 +346,12 @@ _sed_i() { else _debug "No -i support in sed" text="$(cat "$filename")" - echo "$text" | sed "$options" > "$filename" + echo "$text" | sed "$options" >"$filename" fi } _egrep_o() { - if _contains "$(egrep -o 2>&1)" "egrep: illegal option -- o" ; then + if _contains "$(egrep -o 2>&1)" "egrep: illegal option -- o"; then sed -n 's/.*\('"$1"'\).*/\1/p' else egrep -o "$1" @@ -369,34 +363,34 @@ _getfile() { filename="$1" startline="$2" endline="$3" - if [ -z "$endline" ] ; then + if [ -z "$endline" ]; then _usage "Usage: file startline endline" return 1 fi - - i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)" - if [ -z "$i" ] ; then + + i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)" + if [ -z "$i" ]; then _err "Can not find start line: $startline" return 1 fi i="$(_math "$i" + 1)" _debug i "$i" - - j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)" - if [ -z "$j" ] ; then + + j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)" + if [ -z "$j" ]; then _err "Can not find end line: $endline" return 1 fi j="$(_math "$j" - 1)" _debug j "$j" - - sed -n "$i,${j}p" "$filename" + + sed -n "$i,${j}p" "$filename" } #Usage: multiline _base64() { - if [ "$1" ] ; then + if [ "$1" ]; then openssl base64 -e else openssl base64 -e | tr -d '\r\n' @@ -405,7 +399,7 @@ _base64() { #Usage: multiline _dbase64() { - if [ "$1" ] ; then + if [ "$1" ]; then openssl base64 -d -A else openssl base64 -d @@ -416,15 +410,15 @@ _dbase64() { #Output Base64-encoded digest _digest() { alg="$1" - if [ -z "$alg" ] ; then + if [ -z "$alg" ]; then _usage "Usage: _digest hashalg" return 1 fi - + outputhex="$2" - + if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then - if [ "$outputhex" ] ; then + if [ "$outputhex" ]; then openssl dgst -$alg -hex | cut -d = -f 2 | tr -d ' ' else openssl dgst -$alg -binary | _base64 @@ -442,14 +436,14 @@ _hmac() { alg="$1" hmac_sec="$2" outputhex="$3" - - if [ -z "$hmac_sec" ] ; then - _usage "Usage: _hmac hashalg secret [outputhex]" + + if [ -z "$hmac_sec" ]; then + _usage "Usage: _hmac hashalg secret [outputhex]" return 1 fi if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then - if [ "$outputhex" ] ; then + if [ "$outputhex" ]; then openssl dgst -$alg -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' else openssl dgst -$alg -hmac "$hmac_sec" -binary | _base64 @@ -466,23 +460,23 @@ _hmac() { _sign() { keyfile="$1" alg="$2" - if [ -z "$alg" ] ; then + if [ -z "$alg" ]; then _usage "Usage: _sign keyfile hashalg" return 1 fi - + _sign_openssl="openssl dgst -sign $keyfile " - if [ "$alg" = "sha256" ] ; then + if [ "$alg" = "sha256" ]; then _sign_openssl="$_sign_openssl -$alg" else _err "$alg is not supported yet" return 1 fi - - if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + + if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then $_sign_openssl | _base64 - elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then - if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" ; then + elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then + if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" _err "Key content:$(cat "$keyfile" | wc -l) lises" @@ -498,22 +492,22 @@ _sign() { _err "Unknown key file format." return 1 fi - + } #keylength _isEccKey() { _length="$1" - if [ -z "$_length" ] ;then + if [ -z "$_length" ]; then return 1 fi [ "$_length" != "1024" ] \ - && [ "$_length" != "2048" ] \ - && [ "$_length" != "3072" ] \ - && [ "$_length" != "4096" ] \ - && [ "$_length" != "8192" ] + && [ "$_length" != "2048" ] \ + && [ "$_length" != "3072" ] \ + && [ "$_length" != "4096" ] \ + && [ "$_length" != "8192" ] } # _createkey 2048|ec-256 file @@ -521,42 +515,41 @@ _createkey() { length="$1" f="$2" eccname="$length" - if _startswith "$length" "ec-" ; then + if _startswith "$length" "ec-"; then length=$(printf $length | cut -d '-' -f 2-100) - if [ "$length" = "256" ] ; then + if [ "$length" = "256" ]; then eccname="prime256v1" fi - if [ "$length" = "384" ] ; then + if [ "$length" = "384" ]; then eccname="secp384r1" fi - if [ "$length" = "521" ] ; then + if [ "$length" = "521" ]; then eccname="secp521r1" fi fi - if [ -z "$length" ] ; then - length=2048 + if [ -z "$length" ]; then + length=2048 fi - + _debug "Use length $length" - if _isEccKey "$length" ; then + if _isEccKey "$length"; then _debug "Using ec name: $eccname" - openssl ecparam -name $eccname -genkey 2>/dev/null > "$f" + openssl ecparam -name $eccname -genkey 2>/dev/null >"$f" else _debug "Using RSA: $length" - openssl genrsa $length 2>/dev/null > "$f" + openssl genrsa $length 2>/dev/null >"$f" fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Create key error." return 1 fi } - #domain _is_idn() { _is_idn_d="$1" @@ -570,17 +563,17 @@ _is_idn() { #aa.com,bb.com,cc.com _idn() { __idn_d="$1" - if ! _is_idn "$__idn_d" ; then + if ! _is_idn "$__idn_d"; then printf "%s" "$__idn_d" return 0 fi - - if _exists idn ; then - if _contains "$__idn_d" ',' ; then + + if _exists idn; then + if _contains "$__idn_d" ','; then _i_first="1" - for f in $(echo "$__idn_d" | tr ',' ' ') ; do + for f in $(echo "$__idn_d" | tr ',' ' '); do [ -z "$f" ] && continue - if [ -z "$_i_first" ] ; then + if [ -z "$_i_first" ]; then printf "%s" "," else _i_first="" @@ -608,29 +601,29 @@ _createcsr() { _debug2 csrkey "$csrkey" _debug2 csr "$csr" _debug2 csrconf "$csrconf" - - printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" > "$csrconf" - + + printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf" + if [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then #single domain _info "Single domain" "$domain" else domainlist="$(_idn $domainlist)" _debug2 domainlist "$domainlist" - if _contains "$domainlist" "," ; then + if _contains "$domainlist" ","; then alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" else alt="DNS:$domainlist" fi #multi _info "Multi domain" "$alt" - printf -- "\nsubjectAltName=$alt" >> "$csrconf" + printf -- "\nsubjectAltName=$alt" >>"$csrconf" fi - if [ "$Le_OCSP_Stable" ] ; then + if [ "$Le_OCSP_Stable" ]; then _savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable" - printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf" + printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >>"$csrconf" fi - + _csr_cn="$(_idn "$domain")" _debug2 _csr_cn "$_csr_cn" openssl req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" @@ -643,8 +636,8 @@ _signcsr() { conf="$3" cert="$4" _debug "_signcsr" - - _msg="$(openssl x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)" + + _msg="$(openssl x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)" _ret="$?" _debug "$_msg" return $_ret @@ -653,48 +646,48 @@ _signcsr() { #_csrfile _readSubjectFromCSR() { _csrfile="$1" - if [ -z "$_csrfile" ] ; then + if [ -z "$_csrfile" ]; then _usage "_readSubjectFromCSR mycsr.csr" return 1 fi - openssl req -noout -in "$_csrfile" -subject | _egrep_o "CN=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n' + openssl req -noout -in "$_csrfile" -subject | _egrep_o "CN=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n' } #_csrfile #echo comma separated domain list _readSubjectAltNamesFromCSR() { _csrfile="$1" - if [ -z "$_csrfile" ] ; then + if [ -z "$_csrfile" ]; then _usage "_readSubjectAltNamesFromCSR mycsr.csr" return 1 fi - + _csrsubj="$(_readSubjectFromCSR "$_csrfile")" _debug _csrsubj "$_csrsubj" - - _dnsAltnames="$(openssl req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" + + _dnsAltnames="$(openssl req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" _debug _dnsAltnames "$_dnsAltnames" - - if _contains "$_dnsAltnames," "DNS:$_csrsubj," ; then + + if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then _debug "AltNames contains subject" _dnsAltnames="$(printf "%s" "$_dnsAltnames," | sed "s/DNS:$_csrsubj,//g")" else _debug "AltNames doesn't contain subject" fi - + printf "%s" "$_dnsAltnames" | sed "s/DNS://g" } #_csrfile _readKeyLengthFromCSR() { _csrfile="$1" - if [ -z "$_csrfile" ] ; then + if [ -z "$_csrfile" ]; then _usage "_readKeyLengthFromCSR mycsr.csr" return 1 fi - - _outcsr="$(openssl req -noout -text -in "$_csrfile")" - if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey" ; then + + _outcsr="$(openssl req -noout -text -in "$_csrfile")" + if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then _debug "ECC CSR" echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' ' else @@ -703,25 +696,24 @@ _readKeyLengthFromCSR() { fi } - _ss() { _port="$1" - - if _exists "ss" ; then + + if _exists "ss"; then _debug "Using: ss" ss -ntpl | grep ":$_port " return 0 fi - if _exists "netstat" ; then + if _exists "netstat"; then _debug "Using: netstat" - if netstat -h 2>&1 | grep "\-p proto" >/dev/null ; then + if netstat -h 2>&1 | grep "\-p proto" >/dev/null; then #for windows version netstat tool netstat -an -p tcp | grep "LISTENING" | grep ":$_port " else - if netstat -help 2>&1 | grep "\-p protocol" >/dev/null ; then + if netstat -help 2>&1 | grep "\-p protocol" >/dev/null; then netstat -an -p tcp | grep LISTEN | grep ":$_port " - elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null ; then + elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null; then #for solaris netstat -an -P tcp | grep "\.$_port " | grep "LISTEN" else @@ -738,22 +730,22 @@ _ss() { toPkcs() { domain="$1" pfxPassword="$2" - if [ -z "$domain" ] ; then + if [ -z "$domain" ]; then _usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]" return 1 fi _isEcc="$3" - + _initpath "$domain" "$_isEcc" - if [ "$pfxPassword" ] ; then + if [ "$pfxPassword" ]; then openssl pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword" else openssl pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" fi - - if [ "$?" = "0" ] ; then + + if [ "$?" = "0" ]; then _info "Success, Pfx is exported to: $CERT_PFX_PATH" fi @@ -762,11 +754,11 @@ toPkcs() { #[2048] createAccountKey() { _info "Creating account key" - if [ -z "$1" ] ; then + if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --createAccountKey --accountkeylength 2048" return fi - + length=$1 _create_account_key "$length" @@ -775,17 +767,17 @@ createAccountKey() { _create_account_key() { length=$1 - - if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then + + if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ]; then _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH" length="$DEFAULT_ACCOUNT_KEY_LENGTH" fi - + _debug length "$length" _initpath mkdir -p "$CA_DIR" - if [ -f "$ACCOUNT_KEY_PATH" ] ; then + if [ -f "$ACCOUNT_KEY_PATH" ]; then _info "Account key exists, skip" return else @@ -798,25 +790,25 @@ _create_account_key() { #domain [length] createDomainKey() { _info "Creating domain key" - if [ -z "$1" ] ; then + if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]" return fi - + domain=$1 length=$2 - - if [ -z "$length" ] ; then + + if [ -z "$length" ]; then _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" length="$DEFAULT_DOMAIN_KEY_LENGTH" fi - - _initpath $domain "$length" - if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then + _initpath $domain "$length" + + if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then _createkey "$length" "$CERT_KEY_PATH" else - if [ "$IS_RENEW" ] ; then + if [ "$IS_RENEW" ]; then _info "Domain key exists, skip" return 0 else @@ -831,29 +823,29 @@ createDomainKey() { # domain domainlist isEcc createCSR() { _info "Creating csr" - if [ -z "$1" ] ; then + if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]" return fi - + domain="$1" domainlist="$2" _isEcc="$3" - + _initpath "$domain" "$_isEcc" - - if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then + + if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then _info "CSR exists, skip" return fi - - if [ ! -f "$CERT_KEY_PATH" ] ; then + + if [ ! -f "$CERT_KEY_PATH" ]; then _err "The key file is not found: $CERT_KEY_PATH" _err "Please create the key file first." return 1 fi _createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" - + } _urlencode() { @@ -863,20 +855,20 @@ _urlencode() { _time2str() { #BSD - if date -u -d@$1 2>/dev/null ; then + if date -u -d@$1 2>/dev/null; then return fi - + #Linux - if date -u -r $1 2>/dev/null ; then + if date -u -r $1 2>/dev/null; then return fi - + #Soaris - if _exists adb ; then + if _exists adb; then echo $(echo "0t${1}=Y" | adb) fi - + } _normalizeJson() { @@ -885,92 +877,91 @@ _normalizeJson() { _stat() { #Linux - if stat -c '%U:%G' "$1" 2>/dev/null ; then + if stat -c '%U:%G' "$1" 2>/dev/null; then return fi - + #BSD - if stat -f '%Su:%Sg' "$1" 2>/dev/null ; then + if stat -f '%Su:%Sg' "$1" 2>/dev/null; then return fi - - return 1; #error, 'stat' not found + + return 1 #error, 'stat' not found } #keyfile _calcjwk() { keyfile="$1" - if [ -z "$keyfile" ] ; then + if [ -z "$keyfile" ]; then _usage "Usage: _calcjwk keyfile" return 1 fi - - if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then + + if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ]; then _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" return 0 fi - - + EC_SIGN="" - if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "RSA key" - pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:"| cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) - if [ "${#pub_exp}" = "5" ] ; then + pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) + if [ "${#pub_exp}" = "5" ]; then pub_exp=0$pub_exp fi _debug3 pub_exp "$pub_exp" - + e=$(echo $pub_exp | _h2b | _base64) _debug3 e "$e" - - modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2 ) + + modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2) _debug3 modulus "$modulus" - n="$(printf "%s" "$modulus"| _h2b | _base64 | _urlencode )" + n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)" jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' _debug3 jwk "$jwk" - + JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' - elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "EC key" EC_SIGN="1" - crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" - - if [ -z "$crv" ] ; then + + if [ -z "$crv" ]; then _debug "Let's try ASN1 OID" - crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv_oid "$crv_oid" case "${crv_oid}" in "prime256v1") - crv="P-256" - ;; + crv="P-256" + ;; "secp384r1") - crv="P-384" - ;; + crv="P-384" + ;; "secp521r1") - crv="P-521" - ;; + crv="P-521" + ;; *) - _err "ECC oid : $crv_oid" - return 1 - ;; + _err "ECC oid : $crv_oid" + return 1 + ;; esac _debug3 crv "$crv" fi - - pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" + + pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi" - - pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" + + pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" pubj=$(_math $pubj - 1) _debug3 pubj "$pubj" - - pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" + + pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" - + xlen="$(printf "$pubtext" | tr -d ':' | wc -c)" xlen=$(_math $xlen / 4) _debug3 xlen "$xlen" @@ -978,20 +969,20 @@ _calcjwk() { xend=$(_math "$xlen" + 1) x="$(printf $pubtext | cut -d : -f 2-$xend)" _debug3 x "$x" - + x64="$(printf $x | tr -d : | _h2b | _base64 | _urlencode)" _debug3 x64 "$x64" xend=$(_math "$xend" + 1) y="$(printf $pubtext | cut -d : -f $xend-10000)" _debug3 y "$y" - + y64="$(printf $y | tr -d : | _h2b | _base64 | _urlencode)" _debug3 y64 "$y64" - + jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' _debug3 jwk "$jwk" - + JWK_HEADER='{"alg": "ES256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "ES256", "jwk": '$jwk'}' @@ -1009,18 +1000,18 @@ _time() { } _mktemp() { - if _exists mktemp ; then - if mktemp 2>/dev/null ; then + if _exists mktemp; then + if mktemp 2>/dev/null; then return 0 - elif _contains "$(mktemp 2>&1)" "-t prefix" && mktemp -t "$PROJECT_NAME" 2>/dev/null ; then + elif _contains "$(mktemp 2>&1)" "-t prefix" && mktemp -t "$PROJECT_NAME" 2>/dev/null; then #for Mac osx return 0 fi fi - if [ -d "/tmp" ] ; then + if [ -d "/tmp" ]; then echo "/tmp/${PROJECT_NAME}wefADf24sf.$(_time).tmp" return 0 - elif [ "$LE_TEMP_DIR" ] && mkdir -p "$LE_TEMP_DIR" ; then + elif [ "$LE_TEMP_DIR" ] && mkdir -p "$LE_TEMP_DIR"; then echo "/$LE_TEMP_DIR/wefADf24sf.$(_time).tmp" return 0 fi @@ -1029,52 +1020,51 @@ _mktemp() { _inithttp() { - if [ -z "$HTTP_HEADER" ] || ! touch "$HTTP_HEADER" ; then + if [ -z "$HTTP_HEADER" ] || ! touch "$HTTP_HEADER"; then HTTP_HEADER="$(_mktemp)" _debug2 HTTP_HEADER "$HTTP_HEADER" fi - - if [ "$__HTTP_INITIALIZED" ] ; then - if [ "$_ACME_CURL$_ACME_WGET" ] ; then + + if [ "$__HTTP_INITIALIZED" ]; then + if [ "$_ACME_CURL$_ACME_WGET" ]; then _debug2 "Http already initialized." return 0 fi fi - - if [ -z "$_ACME_CURL" ] && _exists "curl" ; then + + if [ -z "$_ACME_CURL" ] && _exists "curl"; then _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER " - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _CURL_DUMP="$(_mktemp)" _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi - if [ "$CA_BUNDLE" ] ; then + if [ "$CA_BUNDLE" ]; then _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " fi - if [ "$HTTPS_INSECURE" ] ; then + if [ "$HTTPS_INSECURE" ]; then _ACME_CURL="$_ACME_CURL --insecure " fi fi - + if [ -z "$_ACME_WGET" ] && _exists "wget"; then _ACME_WGET="wget -q" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _ACME_WGET="$_ACME_WGET -d " fi - if [ "$CA_BUNDLE" ] ; then + if [ "$CA_BUNDLE" ]; then _ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " fi - if [ "$HTTPS_INSECURE" ] ; then + if [ "$HTTPS_INSECURE" ]; then _ACME_WGET="$_ACME_WGET --no-check-certificate " fi fi - + __HTTP_INITIALIZED=1 } - # body url [needbase64] [POST|PUT] _post() { body="$1" @@ -1082,53 +1072,53 @@ _post() { needbase64="$3" httpmethod="$4" - if [ -z "$httpmethod" ] ; then + if [ -z "$httpmethod" ]; then httpmethod="POST" fi _debug $httpmethod _debug "url" "$url" _debug2 "body" "$body" - + _inithttp - - if [ "$_ACME_CURL" ] ; then + + if [ "$_ACME_CURL" ]; then _CURL="$_ACME_CURL" _debug "_CURL" "$_CURL" - if [ "$needbase64" ] ; then + if [ "$needbase64" ]; then response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" | _base64)" else - response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" )" + response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url")" fi _ret="$?" - if [ "$_ret" != "0" ] ; then + if [ "$_ret" != "0" ]; then _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" fi fi - elif [ "$_ACME_WGET" ] ; then + elif [ "$_ACME_WGET" ]; then _debug "_ACME_WGET" "$_ACME_WGET" - if [ "$needbase64" ] ; then - if [ "$httpmethod" = "POST" ] ; then + if [ "$needbase64" ]; then + if [ "$httpmethod" = "POST" ]; then response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" else response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" fi else - if [ "$httpmethod" = "POST" ] ; then + if [ "$httpmethod" = "POST" ]; then response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" else response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" fi fi _ret="$?" - if [ "$_ret" = "8" ] ; then + if [ "$_ret" = "8" ]; then _ret=0 _debug "wget returns 8, the server returns a 'Bad request' respons, lets process the response later." fi - if [ "$_ret" != "0" ] ; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" + if [ "$_ret" != "0" ]; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" fi _sed_i "s/^ *//g" "$HTTP_HEADER" else @@ -1140,7 +1130,6 @@ _post() { return $_ret } - # url getheader timeout _get() { _debug GET @@ -1152,43 +1141,43 @@ _get() { _inithttp - if [ "$_ACME_CURL" ] ; then + if [ "$_ACME_CURL" ]; then _CURL="$_ACME_CURL" - if [ "$t" ] ; then + if [ "$t" ]; then _CURL="$_CURL --connect-timeout $t" fi _debug "_CURL" "$_CURL" - if [ "$onlyheader" ] ; then + if [ "$onlyheader" ]; then $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url else - $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url + $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url fi ret=$? - if [ "$ret" != "0" ] ; then + if [ "$ret" != "0" ]; then _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" fi fi - elif [ "$_ACME_WGET" ] ; then + elif [ "$_ACME_WGET" ]; then _WGET="$_ACME_WGET" - if [ "$t" ] ; then + if [ "$t" ]; then _WGET="$_WGET --timeout=$t" fi _debug "_WGET" "$_WGET" - if [ "$onlyheader" ] ; then + if [ "$onlyheader" ]; then $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null $url 2>&1 | sed 's/^[ ]*//g' else - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url fi ret=$? - if [ "$_ret" = "8" ] ; then + if [ "$_ret" = "8" ]; then _ret=0 _debug "wget returns 8, the server returns a 'Bad request' respons, lets process the response later." fi - if [ "$ret" != "0" ] ; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" + if [ "$ret" != "0" ]; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" fi else ret=$? @@ -1203,7 +1192,7 @@ _head_n() { } _tail_n() { - if ! tail -n $1 2>/dev/null ; then + if ! tail -n $1 2>/dev/null; then #fix for solaris tail -$1 fi @@ -1215,80 +1204,78 @@ _send_signed_request() { payload=$2 needbase64=$3 keyfile=$4 - if [ -z "$keyfile" ] ; then + if [ -z "$keyfile" ]; then keyfile="$ACCOUNT_KEY_PATH" fi _debug url $url _debug payload "$payload" - - if ! _calcjwk "$keyfile" ; then + + if ! _calcjwk "$keyfile"; then return 1 fi payload64=$(printf "%s" "$payload" | _base64 | _urlencode) _debug3 payload64 $payload64 - - if [ -z "$_CACHED_NONCE" ] ; then + + if [ -z "$_CACHED_NONCE" ]; then _debug2 "Get nonce." nonceurl="$API/directory" _headers="$(_get $nonceurl "onlyheader")" - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "Can not connect to $nonceurl to get nonce." return 1 fi - + _debug2 _headers "$_headers" - - _CACHED_NONCE="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + + _CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" _debug2 _CACHED_NONCE "$_CACHED_NONCE" else _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" fi nonce="$_CACHED_NONCE" _debug2 nonce "$nonce" - + protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" - + protected64="$(printf "$protected" | _base64 | _urlencode)" _debug3 protected64 "$protected64" - if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")" ; then + if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then _err "Sign request failed." return 1 fi _debug3 _sig_t "$_sig_t" - + sig="$(printf "%s" "$_sig_t" | _urlencode)" _debug3 sig "$sig" - + body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug3 body "$body" - response="$(_post "$body" $url "$needbase64")" _CACHED_NONCE="" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not post to $url" return 1 fi _debug2 original "$response" - - response="$( echo "$response" | _normalizeJson )" + + response="$(echo "$response" | _normalizeJson)" responseHeaders="$(cat "$HTTP_HEADER")" - + _debug2 responseHeaders "$responseHeaders" - _debug2 response "$response" - code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n" )" + _debug2 response "$response" + code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")" _debug code $code - + _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" } - #setopt "file" "opt" "=" "value" [";"] _setopt() { __conf="$1" @@ -1296,44 +1283,43 @@ _setopt() { __sep="$3" __val="$4" __end="$5" - if [ -z "$__opt" ] ; then - _usage usage: _setopt '"file" "opt" "=" "value" [";"]' + if [ -z "$__opt" ]; then + _usage usage: _setopt '"file" "opt" "=" "value" [";"]' return fi - if [ ! -f "$__conf" ] ; then + if [ ! -f "$__conf" ]; then touch "$__conf" fi - if grep -n "^$__opt$__sep" "$__conf" > /dev/null ; then + if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then _debug3 OK - if _contains "$__val" "&" ; then + if _contains "$__val" "&"; then __val="$(echo $__val | sed 's/&/\\&/g')" fi text="$(cat $__conf)" - echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" + echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf" - elif grep -n "^#$__opt$__sep" "$__conf" > /dev/null ; then - if _contains "$__val" "&" ; then + elif grep -n "^#$__opt$__sep" "$__conf" >/dev/null; then + if _contains "$__val" "&"; then __val="$(echo $__val | sed 's/&/\\&/g')" fi text="$(cat $__conf)" - echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" + echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf" else _debug3 APP - echo "$__opt$__sep$__val$__end" >> "$__conf" + echo "$__opt$__sep$__val$__end" >>"$__conf" fi _debug2 "$(grep -n "^$__opt$__sep" $__conf)" } - #_save_conf file key value #save to conf _save_conf() { _s_c_f="$1" _sdkey="$2" _sdvalue="$3" - if [ "$_s_c_f" ] ; then + if [ "$_s_c_f" ]; then _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" else _err "config file is empty, can not save $_sdkey=$_sdvalue" @@ -1344,8 +1330,8 @@ _save_conf() { _clear_conf() { _c_c_f="$1" _sdkey="$2" - if [ "$_c_c_f" ] ; then - _sed_i "s/^$_sdkey.*$//" "$_c_c_f" + if [ "$_c_c_f" ]; then + _sed_i "s/^$_sdkey.*$//" "$_c_c_f" else _err "config file is empty, can not clear" fi @@ -1355,17 +1341,16 @@ _clear_conf() { _read_conf() { _r_c_f="$1" _sdkey="$2" - if [ -f "$_r_c_f" ] ; then - ( - eval $(grep "^$_sdkey *=" "$_r_c_f") - eval "printf \"%s\" \"\$$_sdkey\"" - ) + if [ -f "$_r_c_f" ]; then + ( + eval $(grep "^$_sdkey *=" "$_r_c_f") + eval "printf \"%s\" \"\$$_sdkey\"" + ) else _debug "config file is empty, can not read $_sdkey" fi } - #_savedomainconf key value #save to domain.conf _savedomainconf() { @@ -1415,84 +1400,83 @@ _startserver() { _debug "startserver: $$" nchelp="$(nc -h 2>&1)" - + _debug Le_HTTPPort "$Le_HTTPPort" _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" _NC="nc" - - if [ "$Le_Listen_V4" ] ; then + + if [ "$Le_Listen_V4" ]; then _NC="$_NC -4" - elif [ "$Le_Listen_V6" ] ; then + elif [ "$Le_Listen_V6" ]; then _NC="$_NC -6" fi - - if echo "$nchelp" | grep "\-q[ ,]" >/dev/null ; then + + if echo "$nchelp" | grep "\-q[ ,]" >/dev/null; then _NC="$_NC -q 1 -l $ncaddr" else - if echo "$nchelp" | grep "GNU netcat" >/dev/null && echo "$nchelp" | grep "\-c, \-\-close" >/dev/null ; then + if echo "$nchelp" | grep "GNU netcat" >/dev/null && echo "$nchelp" | grep "\-c, \-\-close" >/dev/null; then _NC="$_NC -c -l $ncaddr" - elif echo "$nchelp" | grep "\-N" |grep "Shutdown the network socket after EOF on stdin" >/dev/null ; then + elif echo "$nchelp" | grep "\-N" | grep "Shutdown the network socket after EOF on stdin" >/dev/null; then _NC="$_NC -N -l $ncaddr" else _NC="$_NC -l $ncaddr" fi fi - _debug "_NC" "$_NC" #for centos ncat - if _contains "$nchelp" "nmap.org" ; then + if _contains "$nchelp" "nmap.org"; then _debug "Using ncat: nmap.org" - if [ "$DEBUG" ] ; then - if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; then + if [ "$DEBUG" ]; then + if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort; then return fi - else - if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1; then + else + if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort >/dev/null 2>&1; then return fi fi _err "ncat listen error." fi - -# while true ; do - if [ "$DEBUG" ] ; then - if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ; then - printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; - fi - else - if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort > /dev/null 2>&1; then - printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1 - fi + + # while true ; do + if [ "$DEBUG" ]; then + if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort; then + printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort fi - if [ "$?" != "0" ] ; then - _err "nc listen error." - exit 1 + else + if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then + printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort >/dev/null 2>&1 fi -# done + fi + if [ "$?" != "0" ]; then + _err "nc listen error." + exit 1 + fi + # done } -_stopserver(){ +_stopserver() { pid="$1" _debug "pid" "$pid" - if [ -z "$pid" ] ; then + if [ -z "$pid" ]; then return fi _debug2 "Le_HTTPPort" "$Le_HTTPPort" - if [ "$Le_HTTPPort" ] ; then - if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ] ; then + if [ "$Le_HTTPPort" ]; then + if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then _get "http://localhost:$Le_HTTPPort" "" 1 else _get "http://localhost:$Le_HTTPPort" "" 1 >/dev/null 2>&1 fi fi - + _debug2 "Le_TLSPort" "$Le_TLSPort" - if [ "$Le_TLSPort" ] ; then - if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ] ; then + if [ "$Le_TLSPort" ]; then + if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then _get "https://localhost:$Le_TLSPort" "" 1 _get "https://localhost:$Le_TLSPort" "" 1 else @@ -1505,10 +1489,9 @@ _stopserver(){ # sleep sec _sleep() { _sleep_sec="$1" - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then _sleep_c="$_sleep_sec" - while [ "$_sleep_c" -ge "0" ] ; - do + while [ "$_sleep_c" -ge "0" ]; do printf "\r \r" __green "$_sleep_c" _sleep_c="$(_math $_sleep_c - 1)" @@ -1528,35 +1511,35 @@ _starttlsserver() { port="$3" content="$4" opaddr="$5" - + _debug san_a "$san_a" _debug san_b "$san_b" _debug port "$port" - + #create key TLS_KEY - if ! _createkey "2048" "$TLS_KEY" ; then + if ! _createkey "2048" "$TLS_KEY"; then _err "Create tls validation key error." return 1 fi - + #create csr alt="$san_a" - if [ "$san_b" ] ; then + if [ "$san_b" ]; then alt="$alt,$san_b" fi - if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" ; then + if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF"; then _err "Create tls validation csr error." return 1 fi - + #self signed - if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT" ; then + if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT"; then _err "Create tls validation cert error." return 1 fi - + __S_OPENSSL="openssl s_server -cert $TLS_CERT -key $TLS_KEY " - if [ "$opaddr" ] ; then + if [ "$opaddr" ]; then __S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" else __S_OPENSSL="$__S_OPENSSL -accept $port" @@ -1564,18 +1547,18 @@ _starttlsserver() { _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" - if [ "$Le_Listen_V4" ] ; then + if [ "$Le_Listen_V4" ]; then __S_OPENSSL="$__S_OPENSSL -4" - elif [ "$Le_Listen_V6" ] ; then + elif [ "$Le_Listen_V6" ]; then __S_OPENSSL="$__S_OPENSSL -6" fi - + #start openssl _debug "$__S_OPENSSL" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL -tlsextdebug ) & + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then + (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL -tlsextdebug) & else - (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL >/dev/null 2>&1) & + (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL >/dev/null 2>&1) & fi serverproc="$!" @@ -1587,24 +1570,24 @@ _starttlsserver() { _readlink() { _rf="$1" if ! readlink -f "$_rf" 2>/dev/null; then - if _startswith "$_rf" "\./$PROJECT_ENTRY" ; then + if _startswith "$_rf" "\./$PROJECT_ENTRY"; then printf -- "%s" "$(pwd)/$PROJECT_ENTRY" return 0 fi - readlink "$_rf" + readlink "$_rf" fi } __initHome() { - if [ -z "$_SCRIPT_HOME" ] ; then - if _exists readlink && _exists dirname ; then + if [ -z "$_SCRIPT_HOME" ]; then + if _exists readlink && _exists dirname; then _debug "Lets find script dir." _debug "_SCRIPT_" "$_SCRIPT_" _script="$(_readlink "$_SCRIPT_")" _debug "_script" "$_script" _script_home="$(dirname "$_script")" _debug "_script_home" "$_script_home" - if [ -d "$_script_home" ] ; then + if [ -d "$_script_home" ]; then _SCRIPT_HOME="$_script_home" else _err "It seems the script home is not correct:$_script_home" @@ -1612,17 +1595,16 @@ __initHome() { fi fi - - if [ -z "$LE_WORKING_DIR" ] ; then - if [ -f "$DEFAULT_INSTALL_HOME/account.conf" ] ; then + if [ -z "$LE_WORKING_DIR" ]; then + if [ -f "$DEFAULT_INSTALL_HOME/account.conf" ]; then _debug "It seems that $PROJECT_NAME is already installed in $DEFAULT_INSTALL_HOME" LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" else LE_WORKING_DIR="$_SCRIPT_HOME" fi fi - - if [ -z "$LE_WORKING_DIR" ] ; then + + if [ -z "$LE_WORKING_DIR" ]; then _debug "Using default home:$DEFAULT_INSTALL_HOME" LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" fi @@ -1630,21 +1612,21 @@ __initHome() { _DEFAULT_ACCOUNT_CONF_PATH="$LE_WORKING_DIR/account.conf" - if [ -z "$ACCOUNT_CONF_PATH" ] ; then - if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ] ; then + if [ -z "$ACCOUNT_CONF_PATH" ]; then + if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then . "$_DEFAULT_ACCOUNT_CONF_PATH" fi fi - - if [ -z "$ACCOUNT_CONF_PATH" ] ; then + + if [ -z "$ACCOUNT_CONF_PATH" ]; then ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH" fi - + DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log" - + DEFAULT_CA_HOME="$LE_WORKING_DIR/ca" - - if [ -z "$LE_TEMP_DIR" ] ; then + + if [ -z "$LE_TEMP_DIR" ]; then LE_TEMP_DIR="$LE_WORKING_DIR/tmp" fi } @@ -1654,161 +1636,160 @@ _initpath() { __initHome - if [ -f "$ACCOUNT_CONF_PATH" ] ; then + if [ -f "$ACCOUNT_CONF_PATH" ]; then . "$ACCOUNT_CONF_PATH" fi - if [ "$IN_CRON" ] ; then - if [ ! "$_USER_PATH_EXPORTED" ] ; then + if [ "$IN_CRON" ]; then + if [ ! "$_USER_PATH_EXPORTED" ]; then _USER_PATH_EXPORTED=1 export PATH="$USER_PATH:$PATH" fi fi - - if [ -z "$CA_HOME" ] ; then + + if [ -z "$CA_HOME" ]; then CA_HOME="$DEFAULT_CA_HOME" fi - if [ -z "$API" ] ; then - if [ -z "$STAGE" ] ; then + if [ -z "$API" ]; then + if [ -z "$STAGE" ]; then API="$DEFAULT_CA" else API="$STAGE_CA" _info "Using stage api:$API" - fi + fi fi - + _API_HOST="$(echo "$API" | cut -d : -f 2 | tr -d '/')" CA_DIR="$CA_HOME/$_API_HOST" - + _DEFAULT_CA_CONF="$CA_DIR/ca.conf" - - if [ -z "$CA_CONF" ] ; then + + if [ -z "$CA_CONF" ]; then CA_CONF="$_DEFAULT_CA_CONF" fi - - if [ -f "$CA_CONF" ] ; then + + if [ -f "$CA_CONF" ]; then . "$CA_CONF" fi - if [ -z "$ACME_DIR" ] ; then + if [ -z "$ACME_DIR" ]; then ACME_DIR="/home/.acme" fi - - if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then + + if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then APACHE_CONF_BACKUP_DIR="$LE_WORKING_DIR" fi - - if [ -z "$USER_AGENT" ] ; then + + if [ -z "$USER_AGENT" ]; then USER_AGENT="$DEFAULT_USER_AGENT" fi - - if [ -z "$HTTP_HEADER" ] ; then + + if [ -z "$HTTP_HEADER" ]; then HTTP_HEADER="$LE_WORKING_DIR/http.header" fi _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" _OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json" - + _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key" _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json" - if [ -z "$ACCOUNT_KEY_PATH" ] ; then + if [ -z "$ACCOUNT_KEY_PATH" ]; then ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH" fi - - if [ -z "$ACCOUNT_JSON_PATH" ] ; then + + if [ -z "$ACCOUNT_JSON_PATH" ]; then ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" fi - - + _DEFAULT_CERT_HOME="$LE_WORKING_DIR" - if [ -z "$CERT_HOME" ] ; then + if [ -z "$CERT_HOME" ]; then CERT_HOME="$_DEFAULT_CERT_HOME" fi - if [ -z "$1" ] ; then + if [ -z "$1" ]; then return 0 fi - + mkdir -p "$CA_DIR" - + domain="$1" _ilength="$2" - if [ -z "$DOMAIN_PATH" ] ; then + if [ -z "$DOMAIN_PATH" ]; then domainhome="$CERT_HOME/$domain" domainhomeecc="$CERT_HOME/$domain$ECC_SUFFIX" - + DOMAIN_PATH="$domainhome" - - if _isEccKey "$_ilength" ; then + + if _isEccKey "$_ilength"; then DOMAIN_PATH="$domainhomeecc" else - if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ] ; then + if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ]; then _info "The domain '$domain' seems to have a ECC cert already, please add '$(__red "--ecc")' parameter if you want to use that cert." fi fi _debug DOMAIN_PATH "$DOMAIN_PATH" fi - - if [ ! -d "$DOMAIN_PATH" ] ; then - if ! mkdir -p "$DOMAIN_PATH" ; then + + if [ ! -d "$DOMAIN_PATH" ]; then + if ! mkdir -p "$DOMAIN_PATH"; then _err "Can not create domain path: $DOMAIN_PATH" return 1 fi fi - - if [ -z "$DOMAIN_CONF" ] ; then + + if [ -z "$DOMAIN_CONF" ]; then DOMAIN_CONF="$DOMAIN_PATH/$domain.conf" fi - - if [ -z "$DOMAIN_SSL_CONF" ] ; then + + if [ -z "$DOMAIN_SSL_CONF" ]; then DOMAIN_SSL_CONF="$DOMAIN_PATH/$domain.csr.conf" fi - - if [ -z "$CSR_PATH" ] ; then + + if [ -z "$CSR_PATH" ]; then CSR_PATH="$DOMAIN_PATH/$domain.csr" fi - if [ -z "$CERT_KEY_PATH" ] ; then + if [ -z "$CERT_KEY_PATH" ]; then CERT_KEY_PATH="$DOMAIN_PATH/$domain.key" fi - if [ -z "$CERT_PATH" ] ; then + if [ -z "$CERT_PATH" ]; then CERT_PATH="$DOMAIN_PATH/$domain.cer" fi - if [ -z "$CA_CERT_PATH" ] ; then + if [ -z "$CA_CERT_PATH" ]; then CA_CERT_PATH="$DOMAIN_PATH/ca.cer" fi - if [ -z "$CERT_FULLCHAIN_PATH" ] ; then + if [ -z "$CERT_FULLCHAIN_PATH" ]; then CERT_FULLCHAIN_PATH="$DOMAIN_PATH/fullchain.cer" fi - if [ -z "$CERT_PFX_PATH" ] ; then + if [ -z "$CERT_PFX_PATH" ]; then CERT_PFX_PATH="$DOMAIN_PATH/$domain.pfx" fi - - if [ -z "$TLS_CONF" ] ; then + + if [ -z "$TLS_CONF" ]; then TLS_CONF="$DOMAIN_PATH/tls.valdation.conf" fi - if [ -z "$TLS_CERT" ] ; then + if [ -z "$TLS_CERT" ]; then TLS_CERT="$DOMAIN_PATH/tls.valdation.cert" fi - if [ -z "$TLS_KEY" ] ; then + if [ -z "$TLS_KEY" ]; then TLS_KEY="$DOMAIN_PATH/tls.valdation.key" fi - if [ -z "$TLS_CSR" ] ; then + if [ -z "$TLS_CSR" ]; then TLS_CSR="$DOMAIN_PATH/tls.valdation.csr" fi - + } _exec() { - if [ -z "$_EXEC_TEMP_ERR" ] ; then + if [ -z "$_EXEC_TEMP_ERR" ]; then _EXEC_TEMP_ERR="$(_mktemp)" fi - if [ "$_EXEC_TEMP_ERR" ] ; then + if [ "$_EXEC_TEMP_ERR" ]; then "$@" 2>"$_EXEC_TEMP_ERR" else - "$@" + "$@" fi } @@ -1818,39 +1799,39 @@ _exec_err() { _apachePath() { _APACHECTL="apachectl" - if ! _exists apachectl ; then - if _exists apache2ctl ; then - _APACHECTL="apache2ctl" + if ! _exists apachectl; then + if _exists apache2ctl; then + _APACHECTL="apache2ctl" else _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'" _err "Please use webroot mode to try again." return 1 fi fi - - if ! _exec $_APACHECTL -V >/dev/null ; then + + if ! _exec $_APACHECTL -V >/dev/null; then _exec_err return 1 fi - - if [ "$APACHE_HTTPD_CONF" ] ; then + + if [ "$APACHE_HTTPD_CONF" ]; then _saveaccountconf APACHE_HTTPD_CONF "$APACHE_HTTPD_CONF" httpdconf="$APACHE_HTTPD_CONF" httpdconfname="$(basename $httpdconfname)" else - httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )" + httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"')" _debug httpdconfname "$httpdconfname" - - if [ -z "$httpdconfname" ] ; then + + if [ -z "$httpdconfname" ]; then _err "Can not read apache config file." return 1 fi - - if _startswith "$httpdconfname" '/' ; then + + if _startswith "$httpdconfname" '/'; then httpdconf="$httpdconfname" httpdconfname="$(basename $httpdconfname)" else - httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )" + httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"')" _debug httpdroot "$httpdroot" httpdconf="$httpdroot/$httpdconfname" httpdconfname="$(basename $httpdconfname)" @@ -1858,7 +1839,7 @@ _apachePath() { fi _debug httpdconf "$httpdconf" _debug httpdconfname "$httpdconfname" - if [ ! -f "$httpdconf" ] ; then + if [ ! -f "$httpdconf" ]; then _err "Apache Config file not found" "$httpdconf" return 1 fi @@ -1866,52 +1847,52 @@ _apachePath() { } _restoreApache() { - if [ -z "$usingApache" ] ; then + if [ -z "$usingApache" ]; then return 0 fi _initpath - if ! _apachePath ; then + if ! _apachePath; then return 1 fi - - if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then + + if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ]; then _debug "No config file to restore." return 0 fi - - cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" > "$httpdconf" + + cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf" _debug "Restored: $httpdconf." - if ! _exec $_APACHECTL -t ; then + if ! _exec $_APACHECTL -t; then _exec_err _err "Sorry, restore apache config error, please contact me." - return 1; + return 1 fi _debug "Restored successfully." rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" - return 0 + return 0 } _setApache() { _initpath - if ! _apachePath ; then + if ! _apachePath; then return 1 fi #test the conf first _info "Checking if there is an error in the apache config file before starting." - - if ! _exec $_APACHECTL -t >/dev/null ; then + + if ! _exec $_APACHECTL -t >/dev/null; then _exec_err _err "The apache config file has error, please fix it first, then try again." _err "Don't worry, there is nothing changed to your system." - return 1; + return 1 else _info "OK" fi - + #backup the conf _debug "Backup apache config file" "$httpdconf" - if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/" ; then + if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." _err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT" return 1 @@ -1919,22 +1900,22 @@ _setApache() { _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" _info "In case there is an error that can not be restored automatically, you may try restore it yourself." _info "The backup file will be deleted on sucess, just forget it." - + #add alias - - apacheVer="$($_APACHECTL -V | grep "Server version:" | cut -d : -f 2 | cut -d " " -f 2 | cut -d '/' -f 2 )" + + apacheVer="$($_APACHECTL -V | grep "Server version:" | cut -d : -f 2 | cut -d " " -f 2 | cut -d '/' -f 2)" _debug "apacheVer" "$apacheVer" apacheMajer="$(echo "$apacheVer" | cut -d . -f 1)" apacheMinor="$(echo "$apacheVer" | cut -d . -f 2)" - if [ "$apacheVer" ] && [ "$apacheMajer$apacheMinor" -ge "24" ] ; then + if [ "$apacheVer" ] && [ "$apacheMajer$apacheMinor" -ge "24" ]; then echo " Alias /.well-known/acme-challenge $ACME_DIR Require all granted - " >> "$httpdconf" + " >>"$httpdconf" else echo " Alias /.well-known/acme-challenge $ACME_DIR @@ -1943,30 +1924,30 @@ Alias /.well-known/acme-challenge $ACME_DIR Order allow,deny Allow from all - " >> "$httpdconf" + " >>"$httpdconf" fi - _msg="$($_APACHECTL -t 2>&1 )" - if [ "$?" != "0" ] ; then + _msg="$($_APACHECTL -t 2>&1)" + if [ "$?" != "0" ]; then _err "Sorry, apache config error" - if _restoreApache ; then + if _restoreApache; then _err "The apache config file is restored." else _err "Sorry, The apache config file can not be restored, please report bug." fi - return 1; + return 1 fi - - if [ ! -d "$ACME_DIR" ] ; then + + if [ ! -d "$ACME_DIR" ]; then mkdir -p "$ACME_DIR" chmod 755 "$ACME_DIR" fi - - if ! _exec $_APACHECTL graceful ; then - _exec_err + + if ! _exec $_APACHECTL graceful; then + _exec_err _err "$_APACHECTL graceful error, please contact me." _restoreApache - return 1; + return 1 fi usingApache="1" return 0 @@ -1977,7 +1958,7 @@ _clearup() { serverproc="" _restoreApache _clearupdns - if [ -z "$DEBUG" ] ; then + if [ -z "$DEBUG" ]; then rm -f "$TLS_CONF" rm -f "$TLS_CERT" rm -f "$TLS_KEY" @@ -1987,154 +1968,152 @@ _clearup() { _clearupdns() { _debug "_clearupdns" - if [ "$dnsadded" != 1 ] || [ -z "$vlist" ] ; then + if [ "$dnsadded" != 1 ] || [ -z "$vlist" ]; then _debug "Dns not added, skip." return fi - ventries=$(echo "$vlist" | tr ',' ' ' ) - for ventry in $ventries - do + ventries=$(echo "$vlist" | tr ',' ' ') + for ventry in $ventries; do d=$(echo $ventry | cut -d $sep -f 1) keyauthorization=$(echo $ventry | cut -d $sep -f 2) vtype=$(echo $ventry | cut -d $sep -f 4) _currentRoot=$(echo $ventry | cut -d $sep -f 5) - if [ "$keyauthorization" = "$STATE_VERIFIED" ] ; then + if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." continue fi - if [ "$vtype" != "$VTYPE_DNS" ] ; then + if [ "$vtype" != "$VTYPE_DNS" ]; then _info "Skip $d for $vtype" continue fi - + d_api="$(_findHook $d dnsapi $_currentRoot)" _debug d_api "$d_api" - - if [ -z "$d_api" ] ; then + + if [ -z "$d_api" ]; then _info "Not Found domain api file: $d_api" continue fi - + ( - if ! . $d_api ; then + if ! . $d_api; then _err "Load file $d_api error. Please check your api file and try again." return 1 fi - + rmcommand="${_currentRoot}_rm" - if ! _exists $rmcommand ; then + if ! _exists $rmcommand; then _err "It seems that your api file doesn't define $rmcommand" return 1 fi - + txtdomain="_acme-challenge.$d" - - if ! $rmcommand $txtdomain ; then + + if ! $rmcommand $txtdomain; then _err "Error removing txt for domain:$txtdomain" return 1 fi ) - + done } # webroot removelevel tokenfile _clearupwebbroot() { __webroot="$1" - if [ -z "$__webroot" ] ; then + if [ -z "$__webroot" ]; then _debug "no webroot specified, skip" return 0 fi - + _rmpath="" - if [ "$2" = '1' ] ; then + if [ "$2" = '1' ]; then _rmpath="$__webroot/.well-known" - elif [ "$2" = '2' ] ; then + elif [ "$2" = '2' ]; then _rmpath="$__webroot/.well-known/acme-challenge" - elif [ "$2" = '3' ] ; then + elif [ "$2" = '3' ]; then _rmpath="$__webroot/.well-known/acme-challenge/$3" else _debug "Skip for removelevel:$2" fi - - if [ "$_rmpath" ] ; then - if [ "$DEBUG" ] ; then + + if [ "$_rmpath" ]; then + if [ "$DEBUG" ]; then _debug "Debugging, skip removing: $_rmpath" else rm -rf "$_rmpath" fi fi - + return 0 } _on_before_issue() { _debug _on_before_issue - if _hasfield "$Le_Webroot" "$NO_VALUE" ; then - if ! _exists "nc" ; then + if _hasfield "$Le_Webroot" "$NO_VALUE"; then + if ! _exists "nc"; then _err "Please install netcat(nc) tools first." return 1 fi fi _debug Le_LocalAddress "$Le_LocalAddress" - - alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) + + alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') _index=1 _currentRoot="" _addrIndex=1 - for d in $alldomains - do + for d in $alldomains; do _debug "Check for domain" $d _currentRoot="$(_getfield "$Le_Webroot" $_index)" _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) _checkport="" - if [ "$_currentRoot" = "$NO_VALUE" ] ; then + if [ "$_currentRoot" = "$NO_VALUE" ]; then _info "Standalone mode." - if [ -z "$Le_HTTPPort" ] ; then + if [ -z "$Le_HTTPPort" ]; then Le_HTTPPort=80 else - _savedomainconf "Le_HTTPPort" "$Le_HTTPPort" + _savedomainconf "Le_HTTPPort" "$Le_HTTPPort" fi _checkport="$Le_HTTPPort" - elif [ "$_currentRoot" = "$W_TLS" ] ; then + elif [ "$_currentRoot" = "$W_TLS" ]; then _info "Standalone tls mode." - if [ -z "$Le_TLSPort" ] ; then + if [ -z "$Le_TLSPort" ]; then Le_TLSPort=443 else - _savedomainconf "Le_TLSPort" "$Le_TLSPort" + _savedomainconf "Le_TLSPort" "$Le_TLSPort" fi _checkport="$Le_TLSPort" fi - - if [ "$_checkport" ] ; then + + if [ "$_checkport" ]; then _debug _checkport "$_checkport" _checkaddr="$(_getfield "$Le_LocalAddress" $_addrIndex)" _debug _checkaddr "$_checkaddr" - + _addrIndex="$(_math $_addrIndex + 1)" - + _netprc="$(_ss "$_checkport" | grep "$_checkport")" netprc="$(echo "$_netprc" | grep "$_checkaddr")" - if [ -z "$netprc" ] ; then + if [ -z "$netprc" ]; then netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS")" fi - if [ "$netprc" ] ; then + if [ "$netprc" ]; then _err "$netprc" - _err "tcp port $_checkport is already used by $(echo "$netprc" | cut -d : -f 4)" + _err "tcp port $_checkport is already used by $(echo "$netprc" | cut -d : -f 4)" _err "Please stop it first" return 1 fi fi done - if _hasfield "$Le_Webroot" "apache" ; then - if ! _setApache ; then + if _hasfield "$Le_Webroot" "apache"; then + if ! _setApache; then _err "set up apache error. Report error to me." return 1 fi @@ -2143,11 +2122,11 @@ _on_before_issue() { fi #run pre hook - if [ "$Le_PreHook" ] ; then + if [ "$Le_PreHook" ]; then _info "Run pre hook:'$Le_PreHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_PreHook" - ) ; then + ); then _err "Error when run pre hook." return 1 fi @@ -2156,23 +2135,23 @@ _on_before_issue() { _on_issue_err() { _debug _on_issue_err - if [ "$LOG_FILE" ] ; then + if [ "$LOG_FILE" ]; then _err "Please check log file for more details: $LOG_FILE" else _err "Please use add '--debug' or '--log' to check more details." _err "See: $_DEBUG_WIKI" fi - - if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ] ; then + + if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ]; then _debug "$(_dlg_versions)" fi - + #run the post hook - if [ "$Le_PostHook" ] ; then + if [ "$Le_PostHook" ]; then _info "Run post hook:'$Le_PostHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_PostHook" - ) ; then + ); then _err "Error when run post hook." return 1 fi @@ -2182,27 +2161,27 @@ _on_issue_err() { _on_issue_success() { _debug _on_issue_success #run the post hook - if [ "$Le_PostHook" ] ; then + if [ "$Le_PostHook" ]; then _info "Run post hook:'$Le_PostHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_PostHook" - ) ; then + ); then _err "Error when run post hook." return 1 fi fi - + #run renew hook - if [ "$IS_RENEW" ] && [ "$Le_RenewHook" ] ; then + if [ "$IS_RENEW" ] && [ "$Le_RenewHook" ]; then _info "Run renew hook:'$Le_RenewHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_RenewHook" - ) ; then + ); then _err "Error when run renew hook." return 1 fi - fi - + fi + } updateaccount() { @@ -2220,70 +2199,67 @@ __calcAccountKeyHash() { [ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 } - #keylength _regAccount() { _initpath _reg_length="$1" - - + if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" fi - + if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH" mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" fi - - if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then - if ! _create_account_key "$_reg_length" ; then + + if [ ! -f "$ACCOUNT_KEY_PATH" ]; then + if ! _create_account_key "$_reg_length"; then _err "Create account key error." return 1 fi fi - - if ! _calcjwk "$ACCOUNT_KEY_PATH" ; then + + if ! _calcjwk "$ACCOUNT_KEY_PATH"; then return 1 fi _updateTos="" _reg_res="new-reg" - while true ; - do + while true; do _debug AGREEMENT "$AGREEMENT" - + regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}' - if [ "$ACCOUNT_EMAIL" ] ; then + if [ "$ACCOUNT_EMAIL" ]; then regjson='{"resource": "'$_reg_res'", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}' fi - if [ -z "$_updateTos" ] ; then + if [ -z "$_updateTos" ]; then _info "Registering account" - if ! _send_signed_request "$API/acme/new-reg" "$regjson" ; then + if ! _send_signed_request "$API/acme/new-reg" "$regjson"; then _err "Register account Error: $response" return 1 fi - if [ "$code" = "" ] || [ "$code" = '201' ] ; then - echo "$response" > $ACCOUNT_JSON_PATH + if [ "$code" = "" ] || [ "$code" = '201' ]; then + echo "$response" >$ACCOUNT_JSON_PATH _info "Registered" - elif [ "$code" = '409' ] ; then + elif [ "$code" = '409' ]; then _info "Already registered" else _err "Register account Error: $response" return 1 fi - _accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2| tr -d "\r\n")" + _accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")" _debug "_accUri" "$_accUri" _tos="$(echo "$responseHeaders" | grep "^Link:.*rel=\"terms-of-service\"" | _head_n 1 | _egrep_o "<.*>" | tr -d '<>')" _debug "_tos" "$_tos" - if [ -z "$_tos" ] ; then + if [ -z "$_tos" ]; then _debug "Use default tos: $DEFAULT_AGREEMENT" _tos="$DEFAULT_AGREEMENT" fi @@ -2293,16 +2269,16 @@ _regAccount() { _reg_res="reg" continue fi - + else _debug "Update tos: $_tos" - if ! _send_signed_request "$_accUri" "$regjson" ; then + if ! _send_signed_request "$_accUri" "$regjson"; then _err "Update tos error." return 1 fi - if [ "$code" = '202' ] ; then + if [ "$code" = '202' ]; then _info "Update success." - + CA_KEY_HASH="$(__calcAccountKeyHash)" _debug "Calc CA_KEY_HASH" "$CA_KEY_HASH" _savecaconf CA_KEY_HASH "$CA_KEY_HASH" @@ -2316,28 +2292,27 @@ _regAccount() { } - # domain folder file _findHook() { _hookdomain="$1" _hookcat="$2" _hookname="$3" - - if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ] ; then + + if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ]; then d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname" - elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ] ; then + elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ]; then d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" - elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname" - elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ]; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" - elif [ -f "$LE_WORKING_DIR/$_hookname" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookname" - elif [ -f "$LE_WORKING_DIR/$_hookname.sh" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookname.sh" ]; then d_api="$LE_WORKING_DIR/$_hookname.sh" - elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookcat/$_hookname" - elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname.sh" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname.sh" ]; then d_api="$LE_WORKING_DIR/$_hookcat/$_hookname.sh" fi @@ -2348,29 +2323,29 @@ _findHook() { __get_domain_new_authz() { _gdnd="$1" _info "Getting new-authz for domain" "$_gdnd" - + _Max_new_authz_retry_times=5 _authz_i=0 - while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ] ; do + while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do _info "Try new-authz for the $_authz_i time." - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}" ; then + if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then _err "Can not get domain new authz." return 1 fi - if ! _contains "$response" "An error occurred while processing your request" ; then + if ! _contains "$response" "An error occurred while processing your request"; then _info "The new-authz request is ok." break fi _authz_i="$(_math "$_authz_i" + 1)" _info "The server is busy, Sleep $_authz_i to retry." _sleep "$_authz_i" - done; + done - if [ "$_authz_i" = "$_Max_new_authz_retry_times" ] ; then + if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then _debug "new-authz retry reach the max $_Max_new_authz_retry_times times." fi - - if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then + + if [ ! -z "$code" ] && [ ! "$code" = '201' ]; then _err "new-authz error: $response" return 1 fi @@ -2379,7 +2354,7 @@ __get_domain_new_authz() { #webroot, domain domainlist keylength issue() { - if [ -z "$2" ] ; then + if [ -z "$2" ]; then _usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ " return 1 fi @@ -2396,36 +2371,36 @@ issue() { Le_PostHook="${11}" Le_RenewHook="${12}" Le_LocalAddress="${13}" - + #remove these later. - if [ "$Le_Webroot" = "dns-cf" ] ; then + if [ "$Le_Webroot" = "dns-cf" ]; then Le_Webroot="dns_cf" fi - if [ "$Le_Webroot" = "dns-dp" ] ; then + if [ "$Le_Webroot" = "dns-dp" ]; then Le_Webroot="dns_dp" fi - if [ "$Le_Webroot" = "dns-cx" ] ; then + if [ "$Le_Webroot" = "dns-cx" ]; then Le_Webroot="dns_cx" fi _debug "Using api: $API" - - if [ ! "$IS_RENEW" ] ; then + + if [ ! "$IS_RENEW" ]; then _initpath $Le_Domain "$Le_Keylength" mkdir -p "$DOMAIN_PATH" fi - if [ -f "$DOMAIN_CONF" ] ; then + if [ -f "$DOMAIN_CONF" ]; then Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) _debug Le_NextRenewTime "$Le_NextRenewTime" - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ $(_time) -lt $Le_NextRenewTime ] ; then + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ $(_time) -lt $Le_NextRenewTime ]; then _saved_domain=$(_readdomainconf Le_Domain) _debug _saved_domain "$_saved_domain" _saved_alt=$(_readdomainconf Le_Alt) _debug _saved_alt "$_saved_alt" - if [ "$_saved_domain,$_saved_alt" = "$Le_Domain,$Le_Alt" ] ; then + if [ "$_saved_domain,$_saved_alt" = "$Le_Domain,$Le_Alt" ]; then _info "Domains not changed." _info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" - _info "Add '$(__red '--force')' to force to renew." + _info "Add '$(__red '--force')' to force to renew." return $RENEW_SKIP else _info "Domains have changed." @@ -2433,40 +2408,40 @@ issue() { fi fi - _savedomainconf "Le_Domain" "$Le_Domain" - _savedomainconf "Le_Alt" "$Le_Alt" - _savedomainconf "Le_Webroot" "$Le_Webroot" - - _savedomainconf "Le_PreHook" "$Le_PreHook" - _savedomainconf "Le_PostHook" "$Le_PostHook" - _savedomainconf "Le_RenewHook" "$Le_RenewHook" - - if [ "$Le_LocalAddress" ] ; then - _savedomainconf "Le_LocalAddress" "$Le_LocalAddress" + _savedomainconf "Le_Domain" "$Le_Domain" + _savedomainconf "Le_Alt" "$Le_Alt" + _savedomainconf "Le_Webroot" "$Le_Webroot" + + _savedomainconf "Le_PreHook" "$Le_PreHook" + _savedomainconf "Le_PostHook" "$Le_PostHook" + _savedomainconf "Le_RenewHook" "$Le_RenewHook" + + if [ "$Le_LocalAddress" ]; then + _savedomainconf "Le_LocalAddress" "$Le_LocalAddress" else _cleardomainconf "Le_LocalAddress" fi Le_API="$API" _savedomainconf "Le_API" "$Le_API" - - if [ "$Le_Alt" = "$NO_VALUE" ] ; then + + if [ "$Le_Alt" = "$NO_VALUE" ]; then Le_Alt="" fi - - if [ "$Le_Keylength" = "$NO_VALUE" ] ; then + + if [ "$Le_Keylength" = "$NO_VALUE" ]; then Le_Keylength="" fi - - if ! _on_before_issue ; then + + if ! _on_before_issue; then _err "_on_before_issue." return 1 fi _saved_account_key_hash="$(_readcaconf "CA_KEY_HASH")" _debug2 _saved_account_key_hash "$_saved_account_key_hash" - - if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then + + if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then if ! _regAccount "$_accountkeylength"; then _on_issue_err return 1 @@ -2475,13 +2450,13 @@ issue() { _debug "_saved_account_key_hash is not changed, skip register account." fi - if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then + if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then _info "Signing from existing CSR." else _key=$(_readdomainconf Le_Keylength) _debug "Read key length:$_key" - if [ ! -f "$CERT_KEY_PATH" ] || [ "$Le_Keylength" != "$_key" ] ; then - if ! createDomainKey $Le_Domain $Le_Keylength ; then + if [ ! -f "$CERT_KEY_PATH" ] || [ "$Le_Keylength" != "$_key" ]; then + if ! createDomainKey $Le_Domain $Le_Keylength; then _err "Create domain key error." _clearup _on_issue_err @@ -2489,7 +2464,7 @@ issue() { fi fi - if ! _createcsr "$Le_Domain" "$Le_Alt" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" ; then + if ! _createcsr "$Le_Domain" "$Le_Alt" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then _err "Create CSR error." _clearup _on_issue_err @@ -2497,50 +2472,49 @@ issue() { fi fi - _savedomainconf "Le_Keylength" "$Le_Keylength" - + _savedomainconf "Le_Keylength" "$Le_Keylength" + vlist="$Le_Vlist" _info "Getting domain auth token for each domain" sep='#' - if [ -z "$vlist" ] ; then - alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) + if [ -z "$vlist" ]; then + alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') _index=1 _currentRoot="" - for d in $alldomains - do + for d in $alldomains; do _info "Getting webroot for domain" $d _w="$(echo $Le_Webroot | cut -d , -f $_index)" _info _w "$_w" - if [ "$_w" ] ; then + if [ "$_w" ]; then _currentRoot="$_w" fi _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) - + vtype="$VTYPE_HTTP" - if _startswith "$_currentRoot" "dns" ; then + if _startswith "$_currentRoot" "dns"; then vtype="$VTYPE_DNS" fi - - if [ "$_currentRoot" = "$W_TLS" ] ; then + + if [ "$_currentRoot" = "$W_TLS" ]; then vtype="$VTYPE_TLS" fi - - if ! __get_domain_new_authz "$d" ; then + + if ! __get_domain_new_authz "$d"; then _clearup _on_issue_err return 1 fi - - if [ -z "$thumbprint" ] ; then - accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) + + if [ -z "$thumbprint" ]; then + accountkey_json=$(printf "%s" "$jwk" | tr -d ' ') thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) fi - - entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" + + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" - if [ -z "$entry" ] ; then + if [ -z "$entry" ]; then _err "Error, can not get domain token $d" _clearup _on_issue_err @@ -2548,44 +2522,41 @@ issue() { fi token="$(printf "%s\n" "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" _debug token $token - - uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" + + uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" _debug uri $uri keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" - - if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1 ; then + if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1; then _info "$d is already verified, skip." keyauthorization=$STATE_VERIFIED _debug keyauthorization "$keyauthorization" fi - dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" _debug dvlist "$dvlist" - + vlist="$vlist$dvlist," done #add entry dnsadded="" - ventries=$(echo "$vlist" | tr ',' ' ' ) - for ventry in $ventries - do + ventries=$(echo "$vlist" | tr ',' ' ') + for ventry in $ventries; do d=$(echo $ventry | cut -d $sep -f 1) keyauthorization=$(echo $ventry | cut -d $sep -f 2) vtype=$(echo $ventry | cut -d $sep -f 4) _currentRoot=$(echo $ventry | cut -d $sep -f 5) - if [ "$keyauthorization" = "$STATE_VERIFIED" ] ; then + if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." continue fi - if [ "$vtype" = "$VTYPE_DNS" ] ; then + if [ "$vtype" = "$VTYPE_DNS" ]; then dnsadded='0' txtdomain="_acme-challenge.$d" _debug txtdomain "$txtdomain" @@ -2595,8 +2566,8 @@ issue() { d_api="$(_findHook $d dnsapi $_currentRoot)" _debug d_api "$d_api" - - if [ "$d_api" ] ; then + + if [ "$d_api" ]; then _info "Found domain api file: $d_api" else _err "Add the following TXT record:" @@ -2606,26 +2577,26 @@ issue() { _err "so the resulting subdomain will be: $txtdomain" continue fi - + ( - if ! . $d_api ; then + if ! . $d_api; then _err "Load file $d_api error. Please check your api file and try again." return 1 fi - + addcommand="${_currentRoot}_add" - if ! _exists $addcommand ; then + if ! _exists $addcommand; then _err "It seems that your api file is not correct, it must have a function named: $addcommand" return 1 fi - - if ! $addcommand $txtdomain $txt ; then + + if ! $addcommand $txtdomain $txt; then _err "Error add txt for domain:$txtdomain" return 1 fi ) - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _clearup _on_issue_err return 1 @@ -2634,41 +2605,40 @@ issue() { fi done - if [ "$dnsadded" = '0' ] ; then - _savedomainconf "Le_Vlist" "$vlist" + if [ "$dnsadded" = '0' ]; then + _savedomainconf "Le_Vlist" "$vlist" _debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." _err "Please add the TXT records to the domains, and retry again." _clearup _on_issue_err return 1 fi - + fi - - if [ "$dnsadded" = '1' ] ; then - if [ -z "$Le_DNSSleep" ] ; then + + if [ "$dnsadded" = '1' ]; then + if [ -z "$Le_DNSSleep" ]; then Le_DNSSleep=$DEFAULT_DNS_SLEEP else - _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" + _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" fi _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect" _sleep $Le_DNSSleep fi - + _debug "ok, let's start to verify" _ncIndex=1 - ventries=$(echo "$vlist" | tr ',' ' ' ) - for ventry in $ventries - do + ventries=$(echo "$vlist" | tr ',' ' ') + for ventry in $ventries; do d=$(echo $ventry | cut -d $sep -f 1) keyauthorization=$(echo $ventry | cut -d $sep -f 2) uri=$(echo $ventry | cut -d $sep -f 3) vtype=$(echo $ventry | cut -d $sep -f 4) _currentRoot=$(echo $ventry | cut -d $sep -f 5) - if [ "$keyauthorization" = "$STATE_VERIFIED" ] ; then + if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." continue fi @@ -2682,14 +2652,13 @@ issue() { _debug "_currentRoot" "$_currentRoot" - - if [ "$vtype" = "$VTYPE_HTTP" ] ; then - if [ "$_currentRoot" = "$NO_VALUE" ] ; then + if [ "$vtype" = "$VTYPE_HTTP" ]; then + if [ "$_currentRoot" = "$NO_VALUE" ]; then _info "Standalone mode server" - _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex" )" + _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" _ncIndex="$(_math $_ncIndex + 1)" _startserver "$keyauthorization" "$_ncaddr" & - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _clearup _on_issue_err return 1 @@ -2699,13 +2668,13 @@ issue() { _debug serverproc $serverproc else - if [ "$_currentRoot" = "apache" ] ; then + if [ "$_currentRoot" = "apache" ]; then wellknown_path="$ACME_DIR" else wellknown_path="$_currentRoot/.well-known/acme-challenge" - if [ ! -d "$_currentRoot/.well-known" ] ; then + if [ ! -d "$_currentRoot/.well-known" ]; then removelevel='1' - elif [ ! -d "$_currentRoot/.well-known/acme-challenge" ] ; then + elif [ ! -d "$_currentRoot/.well-known/acme-challenge" ]; then removelevel='2' else removelevel='3' @@ -2718,7 +2687,7 @@ issue() { mkdir -p "$wellknown_path" - if ! printf "%s" "$keyauthorization" > "$wellknown_path/$token" ; then + if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then _err "$d:Can not write token to file : $wellknown_path/$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup @@ -2726,18 +2695,18 @@ issue() { return 1 fi - if [ ! "$usingApache" ] ; then - if webroot_owner=$(_stat $_currentRoot) ; then + if [ ! "$usingApache" ]; then + if webroot_owner=$(_stat $_currentRoot); then _debug "Changing owner/group of .well-known to $webroot_owner" chown -R $webroot_owner "$_currentRoot/.well-known" else - _debug "not chaning owner/group of webroot"; + _debug "not chaning owner/group of webroot" fi fi - + fi - - elif [ "$vtype" = "$VTYPE_TLS" ] ; then + + elif [ "$vtype" = "$VTYPE_TLS" ]; then #create A #_hash_A="$(printf "%s" $token | _digest "sha256" "hex" )" #_debug2 _hash_A "$_hash_A" @@ -2747,21 +2716,21 @@ issue() { #_debug2 _y "$_y" #_SAN_A="$_x.$_y.token.acme.invalid" #_debug2 _SAN_A "$_SAN_A" - + #create B - _hash_B="$(printf "%s" $keyauthorization | _digest "sha256" "hex" )" + _hash_B="$(printf "%s" $keyauthorization | _digest "sha256" "hex")" _debug2 _hash_B "$_hash_B" _x="$(echo $_hash_B | cut -c 1-32)" _debug2 _x "$_x" _y="$(echo $_hash_B | cut -c 33-64)" _debug2 _y "$_y" - + #_SAN_B="$_x.$_y.ka.acme.invalid" - + _SAN_B="$_x.$_y.acme.invalid" _debug2 _SAN_B "$_SAN_B" - - _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex" )" + + _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" _ncIndex="$(_math $_ncIndex + 1)" if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then _err "Start tls server error." @@ -2771,43 +2740,43 @@ issue() { return 1 fi fi - - if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" ; then + + if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"; then _err "$d:Can not get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - - if [ ! -z "$code" ] && [ ! "$code" = '202' ] ; then + + if [ ! -z "$code" ] && [ ! "$code" = '202' ]; then _err "$d:Challenge error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - + waittimes=0 - if [ -z "$MAX_RETRY_TIMES" ] ; then + if [ -z "$MAX_RETRY_TIMES" ]; then MAX_RETRY_TIMES=30 fi - - while true ; do + + while true; do waittimes=$(_math $waittimes + 1) - if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ] ; then + if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ]; then _err "$d:Timeout" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - + _debug "sleep 2 secs to verify" sleep 2 _debug "checking" response="$(_get $uri)" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup @@ -2815,171 +2784,168 @@ issue() { return 1 fi _debug2 original "$response" - - response="$(echo "$response" | _normalizeJson )" + + response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" - - status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') - if [ "$status" = "valid" ] ; then + + status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') + if [ "$status" = "valid" ]; then _info "Success" _stopserver $serverproc serverproc="" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - break; + break fi - - if [ "$status" = "invalid" ] ; then - error="$(echo "$response" | tr -d "\r\n" | _egrep_o '"error":\{[^\}]*')" - _debug2 error "$error" - errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" - _debug2 errordetail "$errordetail" - if [ "$errordetail" ] ; then - _err "$d:Verify error:$errordetail" - else - _err "$d:Verify error:$error" - fi - if [ "$DEBUG" ] ; then - if [ "$vtype" = "$VTYPE_HTTP" ] ; then - _debug "Debug: get token url." - _get "http://$d/.well-known/acme-challenge/$token" "" 1 - fi - fi - _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - _clearup - _on_issue_err - return 1; - fi - - if [ "$status" = "pending" ] ; then - _info "Pending" - else - _err "$d:Verify error:$response" + + if [ "$status" = "invalid" ]; then + error="$(echo "$response" | tr -d "\r\n" | _egrep_o '"error":\{[^\}]*')" + _debug2 error "$error" + errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" + _debug2 errordetail "$errordetail" + if [ "$errordetail" ]; then + _err "$d:Verify error:$errordetail" + else + _err "$d:Verify error:$error" + fi + if [ "$DEBUG" ]; then + if [ "$vtype" = "$VTYPE_HTTP" ]; then + _debug "Debug: get token url." + _get "http://$d/.well-known/acme-challenge/$token" "" 1 + fi + fi _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - + + if [ "$status" = "pending" ]; then + _info "Pending" + else + _err "$d:Verify error:$response" + _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearup + _on_issue_err + return 1 + fi + done - + done _clearup _info "Verify finished, start to sign." der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _urlencode)" - - if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" ; then + + if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then _err "Sign failed." _on_issue_err return 1 fi - + _rcert="$response" Le_LinkCert="$(grep -i '^Location.*$' $HTTP_HEADER | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" - _savedomainconf "Le_LinkCert" "$Le_LinkCert" + _savedomainconf "Le_LinkCert" "$Le_LinkCert" + + if [ "$Le_LinkCert" ]; then + echo "$BEGIN_CERT" >"$CERT_PATH" - if [ "$Le_LinkCert" ] ; then - echo "$BEGIN_CERT" > "$CERT_PATH" - #if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then # _debug "Get cert failed. Let's try last response." # printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" #fi - - if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" ; then + + if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then _debug "Try cert link." - _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" + _get "$Le_LinkCert" | _base64 "multiline" >>"$CERT_PATH" fi - echo "$END_CERT" >> "$CERT_PATH" + echo "$END_CERT" >>"$CERT_PATH" _info "$(__green "Cert success.")" cat "$CERT_PATH" - - _info "Your cert is in $( __green " $CERT_PATH ")" - if [ -f "$CERT_KEY_PATH" ] ; then - _info "Your cert key is in $( __green " $CERT_KEY_PATH ")" + _info "Your cert is in $(__green " $CERT_PATH ")" + + if [ -f "$CERT_KEY_PATH" ]; then + _info "Your cert key is in $(__green " $CERT_KEY_PATH ")" fi cp "$CERT_PATH" "$CERT_FULLCHAIN_PATH" - if [ ! "$USER_PATH" ] || [ ! "$IN_CRON" ] ; then + if [ ! "$USER_PATH" ] || [ ! "$IN_CRON" ]; then USER_PATH="$PATH" _saveaccountconf "USER_PATH" "$USER_PATH" fi fi - - if [ -z "$Le_LinkCert" ] ; then - response="$(echo $response | _dbase64 "multiline" | _normalizeJson )" - _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" + if [ -z "$Le_LinkCert" ]; then + response="$(echo $response | _dbase64 "multiline" | _normalizeJson)" + _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" _on_issue_err return 1 fi - - _cleardomainconf "Le_Vlist" - - Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | _head_n 1 | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) - if ! _contains "$Le_LinkIssuer" ":" ; then + + _cleardomainconf "Le_Vlist" + + Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | _head_n 1 | cut -d " " -f 2 | cut -d ';' -f 1 | tr -d '<>') + if ! _contains "$Le_LinkIssuer" ":"; then Le_LinkIssuer="$API$Le_LinkIssuer" fi - - _savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" - - if [ "$Le_LinkIssuer" ] ; then - echo "$BEGIN_CERT" > "$CA_CERT_PATH" - _get "$Le_LinkIssuer" | _base64 "multiline" >> "$CA_CERT_PATH" - echo "$END_CERT" >> "$CA_CERT_PATH" - _info "The intermediate CA cert is in $( __green " $CA_CERT_PATH ")" - cat "$CA_CERT_PATH" >> "$CERT_FULLCHAIN_PATH" - _info "And the full chain certs is there: $( __green " $CERT_FULLCHAIN_PATH ")" + + _savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" + + if [ "$Le_LinkIssuer" ]; then + echo "$BEGIN_CERT" >"$CA_CERT_PATH" + _get "$Le_LinkIssuer" | _base64 "multiline" >>"$CA_CERT_PATH" + echo "$END_CERT" >>"$CA_CERT_PATH" + _info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")" + cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH" + _info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")" fi - + Le_CertCreateTime=$(_time) - _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" - - Le_CertCreateTimeStr=$(date -u ) - _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" - - if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ] ; then + _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" + + Le_CertCreateTimeStr=$(date -u) + _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" + + if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ]; then Le_RenewalDays=$MAX_RENEW else - _savedomainconf "Le_RenewalDays" "$Le_RenewalDays" + _savedomainconf "Le_RenewalDays" "$Le_RenewalDays" fi - - if [ "$CA_BUNDLE" ] ; then + + if [ "$CA_BUNDLE" ]; then _saveaccountconf CA_BUNDLE "$CA_BUNDLE" else _clearaccountconf "CA_BUNDLE" fi - if [ "$HTTPS_INSECURE" ] ; then + if [ "$HTTPS_INSECURE" ]; then _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" else - _clearaccountconf "HTTPS_INSECURE" + _clearaccountconf "HTTPS_INSECURE" fi - if [ "$Le_Listen_V4" ] ; then - _savedomainconf "Le_Listen_V4" "$Le_Listen_V4" + if [ "$Le_Listen_V4" ]; then + _savedomainconf "Le_Listen_V4" "$Le_Listen_V4" _cleardomainconf Le_Listen_V6 - elif [ "$Le_Listen_V6" ] ; then - _savedomainconf "Le_Listen_V6" "$Le_Listen_V6" + elif [ "$Le_Listen_V6" ]; then + _savedomainconf "Le_Listen_V6" "$Le_Listen_V6" _cleardomainconf Le_Listen_V4 fi - - Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) - - - Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime ) - _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" - - Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) - _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" - + Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) + + Le_NextRenewTimeStr=$(_time2str $Le_NextRenewTime) + _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" + + Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) + _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" + _on_issue_success - if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ] ; then + if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ]; then _installcert fi @@ -2988,7 +2954,7 @@ issue() { #domain [isEcc] renew() { Le_Domain="$1" - if [ -z "$Le_Domain" ] ; then + if [ -z "$Le_Domain" ]; then _usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]" return 1 fi @@ -2998,39 +2964,39 @@ renew() { _initpath $Le_Domain "$_isEcc" _info "$(__green "Renew: '$Le_Domain'")" - if [ ! -f "$DOMAIN_CONF" ] ; then + if [ ! -f "$DOMAIN_CONF" ]; then _info "'$Le_Domain' is not a issued domain, skip." - return 0; + return 0 fi - - if [ "$Le_RenewalDays" ] ; then + + if [ "$Le_RenewalDays" ]; then _savedomainconf Le_RenewalDays "$Le_RenewalDays" fi . "$DOMAIN_CONF" - - if [ "$Le_API" ] ; then + + if [ "$Le_API" ]; then API="$Le_API" fi - - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ] ; then + + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" _info "Add '$(__red '--force')' to force to renew." return $RENEW_SKIP fi - + IS_RENEW="1" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" res=$? - if [ "$res" != "0" ] ; then + if [ "$res" != "0" ]; then return $res fi - - if [ "$Le_DeployHook" ] ; then + + if [ "$Le_DeployHook" ]; then deploy $Le_Domain "$Le_DeployHook" "$Le_Keylength" res=$? fi - + IS_RENEW="" return $res @@ -3043,10 +3009,10 @@ renewAll() { _debug "_stopRenewOnError" "$_stopRenewOnError" _ret="0" - for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do + for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do d=$(echo $d | cut -d '/' -f 1) ( - if _endswith $d "$ECC_SUFFIX" ; then + if _endswith $d "$ECC_SUFFIX"; then _isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2) d=$(echo $d | cut -d "$ECC_SEP" -f 1) fi @@ -3054,10 +3020,10 @@ renewAll() { ) rc="$?" _debug "Return code: $rc" - if [ "$rc" != "0" ] ; then - if [ "$rc" = "$RENEW_SKIP" ] ; then + if [ "$rc" != "0" ]; then + if [ "$rc" = "$RENEW_SKIP" ]; then _info "Skipped $d" - elif [ "$_stopRenewOnError" ] ; then + elif [ "$_stopRenewOnError" ]; then _err "Error renew $d, stop now." return $rc else @@ -3069,9 +3035,8 @@ renewAll() { return $_ret } - #csr webroot -signcsr(){ +signcsr() { _csrfile="$1" _csrW="$2" if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then @@ -3082,50 +3047,49 @@ signcsr(){ _initpath _csrsubj=$(_readSubjectFromCSR "$_csrfile") - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi _debug _csrsubj "$_csrsubj" _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not read domain list from csr: $_csrfile" return 1 fi _debug "_csrdomainlist" "$_csrdomainlist" - - - if [ -z "$_csrsubj" ] ; then + + if [ -z "$_csrsubj" ]; then _csrsubj="$(_getfield "$_csrdomainlist" 1)" _debug _csrsubj "$_csrsubj" _csrdomainlist="$(echo "$_csrdomainlist" | cut -d , -f 2-)" _debug "_csrdomainlist" "$_csrdomainlist" fi - - if [ -z "$_csrsubj" ] ; then + + if [ -z "$_csrsubj" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi - + _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrkeylength" ] ; then + if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then _err "Can not read key length from csr: $_csrfile" return 1 fi - + _initpath "$_csrsubj" "$_csrkeylength" mkdir -p "$DOMAIN_PATH" - + _info "Copy csr to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" - + issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" - + } showcsr() { - _csrfile="$1" + _csrfile="$1" _csrd="$2" if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then _usage "Usage: $PROJECT_ENTRY --showcsr --csr mycsr.csr" @@ -3133,17 +3097,17 @@ showcsr() { fi _initpath - + _csrsubj=$(_readSubjectFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrsubj" ] ; then + if [ "$?" != "0" ] || [ -z "$_csrsubj" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi - + _info "Subject=$_csrsubj" _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not read domain list from csr: $_csrfile" return 1 fi @@ -3151,9 +3115,8 @@ showcsr() { _info "SubjectAltNames=$_csrdomainlist" - _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrkeylength" ] ; then + if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then _err "Can not read key length from csr: $_csrfile" return 1 fi @@ -3163,88 +3126,87 @@ showcsr() { list() { _raw="$1" _initpath - + _sep="|" - if [ "$_raw" ] ; then - printf "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew\n" - for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do + if [ "$_raw" ]; then + printf "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew\n" + for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do d=$(echo $d | cut -d '/' -f 1) ( - if _endswith $d "$ECC_SUFFIX" ; then + if _endswith $d "$ECC_SUFFIX"; then _isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2) d=$(echo $d | cut -d "$ECC_SEP" -f 1) fi _initpath $d "$_isEcc" - if [ -f "$DOMAIN_CONF" ] ; then + if [ -f "$DOMAIN_CONF" ]; then . "$DOMAIN_CONF" printf "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr\n" fi ) done else - if _exists column ; then + if _exists column; then list "raw" | column -t -s "$_sep" else list "raw" | tr "$_sep" '\t' fi fi - } deploy() { Le_Domain="$1" Le_DeployHook="$2" _isEcc="$3" - if [ -z "$Le_DeployHook" ] ; then + if [ -z "$Le_DeployHook" ]; then _usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] " return 1 fi _initpath $Le_Domain "$_isEcc" - if [ ! -d "$DOMAIN_PATH" ] ; then + if [ ! -d "$DOMAIN_PATH" ]; then _err "Domain is not valid:'$Le_Domain'" return 1 fi _deployApi="$(_findHook $Le_Domain deploy $Le_DeployHook)" - if [ -z "$_deployApi" ] ; then + if [ -z "$_deployApi" ]; then _err "The deploy hook $Le_DeployHook is not found." return 1 fi _debug _deployApi "$_deployApi" - + _savedomainconf Le_DeployHook "$Le_DeployHook" - + if ! ( - if ! . $_deployApi ; then + if ! . $_deployApi; then _err "Load file $_deployApi error. Please check your api file and try again." return 1 fi - + d_command="${Le_DeployHook}_deploy" - if ! _exists $d_command ; then + if ! _exists $d_command; then _err "It seems that your api file is not correct, it must have a function named: $d_command" return 1 fi - - if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH" ; then + + if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then _err "Error deploy for domain:$Le_Domain" _on_issue_err return 1 fi - ) ; then + ); then _err "Deploy error." return 1 else _info "$(__green Success)" fi - + } installcert() { Le_Domain="$1" - if [ -z "$Le_Domain" ] ; then + if [ -z "$Le_Domain" ]; then _usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]" return 1 fi @@ -3257,7 +3219,7 @@ installcert() { _isEcc="$7" _initpath $Le_Domain "$_isEcc" - if [ ! -d "$DOMAIN_PATH" ] ; then + if [ ! -d "$DOMAIN_PATH" ]; then _err "Domain is not valid:'$Le_Domain'" return 1 fi @@ -3265,90 +3227,87 @@ installcert() { _installcert } - _installcert() { - _savedomainconf "Le_RealCertPath" "$Le_RealCertPath" - _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" - _savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" - _savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd" - _savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath" - - if [ "$Le_RealCertPath" = "$NO_VALUE" ] ; then + _savedomainconf "Le_RealCertPath" "$Le_RealCertPath" + _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" + _savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" + _savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd" + _savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath" + + if [ "$Le_RealCertPath" = "$NO_VALUE" ]; then Le_RealCertPath="" fi - if [ "$Le_RealKeyPath" = "$NO_VALUE" ] ; then + if [ "$Le_RealKeyPath" = "$NO_VALUE" ]; then Le_RealKeyPath="" fi - if [ "$Le_RealCACertPath" = "$NO_VALUE" ] ; then + if [ "$Le_RealCACertPath" = "$NO_VALUE" ]; then Le_RealCACertPath="" fi - if [ "$Le_ReloadCmd" = "$NO_VALUE" ] ; then + if [ "$Le_ReloadCmd" = "$NO_VALUE" ]; then Le_ReloadCmd="" fi - if [ "$Le_RealFullChainPath" = "$NO_VALUE" ] ; then + if [ "$Le_RealFullChainPath" = "$NO_VALUE" ]; then Le_RealFullChainPath="" fi - + _installed="0" - if [ "$Le_RealCertPath" ] ; then + if [ "$Le_RealCertPath" ]; then _installed=1 _info "Installing cert to:$Le_RealCertPath" - if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealCertPath" "$Le_RealCertPath".bak fi - cat "$CERT_PATH" > "$Le_RealCertPath" + cat "$CERT_PATH" >"$Le_RealCertPath" fi - - if [ "$Le_RealCACertPath" ] ; then + + if [ "$Le_RealCACertPath" ]; then _installed=1 _info "Installing CA to:$Le_RealCACertPath" - if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ] ; then - echo "" >> "$Le_RealCACertPath" - cat "$CA_CERT_PATH" >> "$Le_RealCACertPath" + if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ]; then + echo "" >>"$Le_RealCACertPath" + cat "$CA_CERT_PATH" >>"$Le_RealCACertPath" else - if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak fi - cat "$CA_CERT_PATH" > "$Le_RealCACertPath" + cat "$CA_CERT_PATH" >"$Le_RealCACertPath" fi fi - - if [ "$Le_RealKeyPath" ] ; then + if [ "$Le_RealKeyPath" ]; then _installed=1 _info "Installing key to:$Le_RealKeyPath" - if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak fi - cat "$CERT_KEY_PATH" > "$Le_RealKeyPath" + cat "$CERT_KEY_PATH" >"$Le_RealKeyPath" fi - - if [ "$Le_RealFullChainPath" ] ; then + + if [ "$Le_RealFullChainPath" ]; then _installed=1 _info "Installing full chain to:$Le_RealFullChainPath" - if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak fi - cat "$CERT_FULLCHAIN_PATH" > "$Le_RealFullChainPath" - fi + cat "$CERT_FULLCHAIN_PATH" >"$Le_RealFullChainPath" + fi - if [ "$Le_ReloadCmd" ] ; then + if [ "$Le_ReloadCmd" ]; then _installed=1 _info "Run Le_ReloadCmd: $Le_ReloadCmd" - if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") ; then + if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd"); then _info "$(__green "Reload success")" else _err "Reload error for :$Le_Domain" fi fi - } installcronjob() { _initpath - if ! _exists "crontab" ; then + if ! _exists "crontab"; then _err "crontab doesn't exist, so, we can not install cron jobs." _err "All your certs will not be renewed automatically." _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday." @@ -3356,20 +3315,26 @@ installcronjob() { fi _info "Installing cron job" - if ! crontab -l | grep "$PROJECT_ENTRY --cron" ; then - if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ] ; then + if ! crontab -l | grep "$PROJECT_ENTRY --cron"; then + if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY" else _err "Can not install cronjob, $PROJECT_ENTRY not found." return 1 fi - if _exists uname && uname -a | grep solaris >/dev/null ; then - crontab -l | { cat; echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"; } | crontab -- + if _exists uname && uname -a | grep solaris >/dev/null; then + crontab -l | { + cat + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" + } | crontab -- else - crontab -l | { cat; echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"; } | crontab - + crontab -l | { + cat + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" + } | crontab - fi fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Install cron job failed. You need to manually renew your certs." _err "Or you can add cronjob by yourself:" _err "$lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" @@ -3378,78 +3343,78 @@ installcronjob() { } uninstallcronjob() { - if ! _exists "crontab" ; then + if ! _exists "crontab"; then return fi _info "Removing cron job" cr="$(crontab -l | grep "$PROJECT_ENTRY --cron")" - if [ "$cr" ] ; then - if _exists uname && uname -a | grep solaris >/dev/null ; then + if [ "$cr" ]; then + if _exists uname && uname -a | grep solaris >/dev/null; then crontab -l | sed "/$PROJECT_ENTRY --cron/d" | crontab -- else crontab -l | sed "/$PROJECT_ENTRY --cron/d" | crontab - fi LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')" _info LE_WORKING_DIR "$LE_WORKING_DIR" - fi + fi _initpath } revoke() { Le_Domain="$1" - if [ -z "$Le_Domain" ] ; then + if [ -z "$Le_Domain" ]; then _usage "Usage: $PROJECT_ENTRY --revoke -d domain.com" return 1 fi - + _isEcc="$2" _initpath $Le_Domain "$_isEcc" - if [ ! -f "$DOMAIN_CONF" ] ; then + if [ ! -f "$DOMAIN_CONF" ]; then _err "$Le_Domain is not a issued domain, skip." - return 1; + return 1 fi - - if [ ! -f "$CERT_PATH" ] ; then + + if [ ! -f "$CERT_PATH" ]; then _err "Cert for $Le_Domain $CERT_PATH is not found, skip." return 1 fi - - cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}"| tr -d "\r\n" | _urlencode)" - if [ -z "$cert" ] ; then + cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _urlencode)" + + if [ -z "$cert" ]; then _err "Cert for $Le_Domain is empty found, skip." return 1 fi - + data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" uri="$API/acme/revoke-cert" - if [ -f "$CERT_KEY_PATH" ] ; then + if [ -f "$CERT_KEY_PATH" ]; then _info "Try domain key first." if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then - if [ -z "$response" ] ; then + if [ -z "$response" ]; then _info "Revoke success." rm -f $CERT_PATH return 0 - else + else _err "Revoke error by domain key." _err "$response" fi fi - else + else _info "Domain key file doesn't exists." fi - + _info "Try account key." - if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH" ; then - if [ -z "$response" ] ; then + if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH"; then + if [ -z "$response" ]; then _info "Revoke success." rm -f $CERT_PATH return 0 - else + else _err "Revoke error." _debug "$response" fi @@ -3457,67 +3422,63 @@ revoke() { return 1 } - #domain vtype _deactivate() { _d_domain="$1" _d_type="$2" _initpath - + _d_i=0 _d_max_retry=9 - while [ "$_d_i" -lt "$_d_max_retry" ] ; - do + while [ "$_d_i" -lt "$_d_max_retry" ]; do _info "Deactivate: $_d_domain" _d_i="$(_math $_d_i + 1)" - - - if ! __get_domain_new_authz "$_d_domain" ; then + + if ! __get_domain_new_authz "$_d_domain"; then _err "Can not get domain new authz token." return 1 fi - + authzUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")" _debug "authzUri" "$authzUri" - if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then + if [ ! -z "$code" ] && [ ! "$code" = '201' ]; then _err "new-authz error: $response" return 1 fi - - entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"status":"valid","uri"[^\}]*')" + + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"status":"valid","uri"[^\}]*')" _debug entry "$entry" - - if [ -z "$entry" ] ; then + + if [ -z "$entry" ]; then _info "No more valid entry found." break fi - + _vtype="$(printf "%s\n" "$entry" | _egrep_o '"type": *"[^"]*"' | cut -d : -f 2 | tr -d '"')" _debug _vtype $_vtype _info "Found $_vtype" - - uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" + uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" _debug uri $uri - - if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ] ; then + + if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then _info "Skip $_vtype" continue fi - + _info "Deactivate: $_vtype" - - if ! _send_signed_request "$authzUri" "{\"resource\": \"authz\", \"status\":\"deactivated\"}" ; then + + if ! _send_signed_request "$authzUri" "{\"resource\": \"authz\", \"status\":\"deactivated\"}"; then _err "Can not deactivate $_vtype." return 1 fi - + _info "Deactivate: $_vtype success." - + done _debug "$_d_i" - if [ "$_d_i" -lt "$_d_max_retry" ] ; then + if [ "$_d_i" -lt "$_d_max_retry" ]; then _info "Deactivated success!" else _err "Deactivate failed." @@ -3530,16 +3491,15 @@ deactivate() { _d_type="$2" _initpath _debug _d_domain_list "$_d_domain_list" - if [ -z "$(echo $_d_domain_list | cut -d , -f 1 )" ] ; then + if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then _usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]" return 1 fi - for _d_dm in $(echo "$_d_domain_list" | tr ',' ' ' ) ; - do - if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ] ; then + for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do + if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ]; then continue fi - if ! _deactivate "$_d_dm" $_d_type ; then + if ! _deactivate "$_d_dm" $_d_type; then return 1 fi done @@ -3547,7 +3507,7 @@ deactivate() { # Detect profile file if not specified as environment variable _detect_profile() { - if [ -n "$PROFILE" -a -f "$PROFILE" ] ; then + if [ -n "$PROFILE" -a -f "$PROFILE" ]; then echo "$PROFILE" return fi @@ -3555,36 +3515,36 @@ _detect_profile() { DETECTED_PROFILE='' SHELLTYPE="$(basename "/$SHELL")" - if [ "$SHELLTYPE" = "bash" ] ; then - if [ -f "$HOME/.bashrc" ] ; then + if [ "$SHELLTYPE" = "bash" ]; then + if [ -f "$HOME/.bashrc" ]; then DETECTED_PROFILE="$HOME/.bashrc" - elif [ -f "$HOME/.bash_profile" ] ; then + elif [ -f "$HOME/.bash_profile" ]; then DETECTED_PROFILE="$HOME/.bash_profile" fi - elif [ "$SHELLTYPE" = "zsh" ] ; then + elif [ "$SHELLTYPE" = "zsh" ]; then DETECTED_PROFILE="$HOME/.zshrc" fi - if [ -z "$DETECTED_PROFILE" ] ; then - if [ -f "$HOME/.profile" ] ; then + if [ -z "$DETECTED_PROFILE" ]; then + if [ -f "$HOME/.profile" ]; then DETECTED_PROFILE="$HOME/.profile" - elif [ -f "$HOME/.bashrc" ] ; then + elif [ -f "$HOME/.bashrc" ]; then DETECTED_PROFILE="$HOME/.bashrc" - elif [ -f "$HOME/.bash_profile" ] ; then + elif [ -f "$HOME/.bash_profile" ]; then DETECTED_PROFILE="$HOME/.bash_profile" - elif [ -f "$HOME/.zshrc" ] ; then + elif [ -f "$HOME/.zshrc" ]; then DETECTED_PROFILE="$HOME/.zshrc" fi fi - if [ ! -z "$DETECTED_PROFILE" ] ; then + if [ ! -z "$DETECTED_PROFILE" ]; then echo "$DETECTED_PROFILE" fi } _initconf() { _initpath - if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then + if [ ! -f "$ACCOUNT_CONF_PATH" ]; then echo "#ACCOUNT_CONF_PATH=xxxx #Account configurations: @@ -3644,75 +3604,75 @@ _initconf() { #PDNS_Token=\"0123456789ABCDEF\" #PDNS_Ttl=60 - " > $ACCOUNT_CONF_PATH + " >$ACCOUNT_CONF_PATH fi } # nocron _precheck() { _nocron="$1" - - if ! _exists "curl" && ! _exists "wget"; then + + if ! _exists "curl" && ! _exists "wget"; then _err "Please install curl or wget first, we need to access http resources." return 1 fi - - if [ -z "$_nocron" ] ; then - if ! _exists "crontab" ; then + + if [ -z "$_nocron" ]; then + if ! _exists "crontab"; then _err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'." _err "We need to set cron job to renew the certs automatically." _err "Otherwise, your certs will not be able to be renewed automatically." - if [ -z "$FORCE" ] ; then + if [ -z "$FORCE" ]; then _err "Please add '--force' and try install again to go without crontab." _err "./$PROJECT_ENTRY --install --force" return 1 fi fi fi - - if ! _exists "openssl" ; then + + if ! _exists "openssl"; then _err "Please install openssl first." _err "We need openssl to generate keys." return 1 fi - - if ! _exists "nc" ; then + + if ! _exists "nc"; then _err "It is recommended to install nc first, try to install 'nc' or 'netcat'." _err "We use nc for standalone server if you use standalone mode." _err "If you don't use standalone mode, just ignore this warning." fi - + return 0 } _setShebang() { _file="$1" _shebang="$2" - if [ -z "$_shebang" ] ; then + if [ -z "$_shebang" ]; then _usage "Usage: file shebang" return 1 fi cp "$_file" "$_file.tmp" - echo "$_shebang" > "$_file" - sed -n 2,99999p "$_file.tmp" >> "$_file" - rm -f "$_file.tmp" + echo "$_shebang" >"$_file" + sed -n 2,99999p "$_file.tmp" >>"$_file" + rm -f "$_file.tmp" } _installalias() { _initpath _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env" - if [ "$_upgrading" ] && [ "$_upgrading" = "1" ] ; then - echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" > "$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.*$||" > "$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" > "$_envfile" + if [ "$_upgrading" ] && [ "$_upgrading" = "1" ]; then + echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" >"$_envfile" + echo "$(cat $_envfile)" | sed "s|^alias le.*$||" >"$_envfile" + echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" >"$_envfile" fi _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" _profile="$(_detect_profile)" - if [ "$_profile" ] ; then + if [ "$_profile" ]; then _debug "Found profile: $_profile" _info "Installing alias to '$_profile'" _setopt "$_profile" ". \"$_envfile\"" @@ -3720,25 +3680,24 @@ _installalias() { else _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" fi - #for csh _cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" _csh_profile="$HOME/.cshrc" - if [ -f "$_csh_profile" ] ; then + if [ -f "$_csh_profile" ]; then _info "Installing alias to '$_csh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" - _setopt "$_csh_profile" "source \"$_cshfile\"" + _setopt "$_csh_profile" "source \"$_cshfile\"" fi - + #for tcsh _tcsh_profile="$HOME/.tcshrc" - if [ -f "$_tcsh_profile" ] ; then + if [ -f "$_tcsh_profile" ]; then _info "Installing alias to '$_tcsh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" - _setopt "$_tcsh_profile" "source \"$_cshfile\"" + _setopt "$_tcsh_profile" "source \"$_cshfile\"" fi } @@ -3746,36 +3705,35 @@ _installalias() { # nocron install() { - if [ -z "$LE_WORKING_DIR" ] ; then + if [ -z "$LE_WORKING_DIR" ]; then LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" fi - + _nocron="$1" - if ! _initpath ; then + if ! _initpath; then _err "Install failed." return 1 fi - if [ "$_nocron" ] ; then + if [ "$_nocron" ]; then _debug "Skip install cron job" fi - - if ! _precheck "$_nocron" ; then + + if ! _precheck "$_nocron"; then _err "Pre-check failed, can not install." return 1 fi - + #convert from le - if [ -d "$HOME/.le" ] ; then - for envfile in "le.env" "le.sh.env" - do - if [ -f "$HOME/.le/$envfile" ] ; then - if grep "le.sh" "$HOME/.le/$envfile" >/dev/null ; then - _upgrading="1" - _info "You are upgrading from le.sh" - _info "Renaming \"$HOME/.le\" to $LE_WORKING_DIR" - mv "$HOME/.le" "$LE_WORKING_DIR" - mv "$LE_WORKING_DIR/$envfile" "$LE_WORKING_DIR/$PROJECT_ENTRY.env" - break; + if [ -d "$HOME/.le" ]; then + for envfile in "le.env" "le.sh.env"; do + if [ -f "$HOME/.le/$envfile" ]; then + if grep "le.sh" "$HOME/.le/$envfile" >/dev/null; then + _upgrading="1" + _info "You are upgrading from le.sh" + _info "Renaming \"$HOME/.le\" to $LE_WORKING_DIR" + mv "$HOME/.le" "$LE_WORKING_DIR" + mv "$LE_WORKING_DIR/$envfile" "$LE_WORKING_DIR/$PROJECT_ENTRY.env" + break fi fi done @@ -3783,16 +3741,16 @@ install() { _info "Installing to $LE_WORKING_DIR" - if ! mkdir -p "$LE_WORKING_DIR" ; then + if ! mkdir -p "$LE_WORKING_DIR"; then _err "Can not create working dir: $LE_WORKING_DIR" return 1 fi - + chmod 700 "$LE_WORKING_DIR" cp $PROJECT_ENTRY "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Install failed, can not copy $PROJECT_ENTRY" return 1 fi @@ -3801,43 +3759,42 @@ install() { _installalias - for subf in $_SUB_FOLDERS ; do - if [ -d "$subf" ] ; then + for subf in $_SUB_FOLDERS; do + if [ -d "$subf" ]; then mkdir -p $LE_WORKING_DIR/$subf - cp $subf/* $LE_WORKING_DIR/$subf/ + cp $subf/* $LE_WORKING_DIR/$subf/ fi done - - if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then + if [ ! -f "$ACCOUNT_CONF_PATH" ]; then _initconf fi - if [ "$_DEFAULT_ACCOUNT_CONF_PATH" != "$ACCOUNT_CONF_PATH" ] ; then + if [ "$_DEFAULT_ACCOUNT_CONF_PATH" != "$ACCOUNT_CONF_PATH" ]; then _setopt "$_DEFAULT_ACCOUNT_CONF_PATH" "ACCOUNT_CONF_PATH" "=" "\"$ACCOUNT_CONF_PATH\"" fi - if [ "$_DEFAULT_CERT_HOME" != "$CERT_HOME" ] ; then + if [ "$_DEFAULT_CERT_HOME" != "$CERT_HOME" ]; then _saveaccountconf "CERT_HOME" "$CERT_HOME" fi - if [ "$_DEFAULT_ACCOUNT_KEY_PATH" != "$ACCOUNT_KEY_PATH" ] ; then + if [ "$_DEFAULT_ACCOUNT_KEY_PATH" != "$ACCOUNT_KEY_PATH" ]; then _saveaccountconf "ACCOUNT_KEY_PATH" "$ACCOUNT_KEY_PATH" fi - - if [ -z "$_nocron" ] ; then + + if [ -z "$_nocron" ]; then installcronjob fi - if [ -z "$NO_DETECT_SH" ] ; then + if [ -z "$NO_DETECT_SH" ]; then #Modify shebang - if _exists bash ; then + if _exists bash; then _info "Good, bash is found, so change the shebang to use bash as prefered." _shebang='#!/usr/bin/env bash' _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" - for subf in $_SUB_FOLDERS ; do - if [ -d "$LE_WORKING_DIR/$subf" ] ; then - for _apifile in "$LE_WORKING_DIR/$subf/"*.sh ; do + for subf in $_SUB_FOLDERS; do + if [ -d "$LE_WORKING_DIR/$subf" ]; then + for _apifile in "$LE_WORKING_DIR/$subf/"*.sh; do _setShebang "$_apifile" "$_shebang" done fi @@ -3851,13 +3808,13 @@ install() { # nocron uninstall() { _nocron="$1" - if [ -z "$_nocron" ] ; then + if [ -z "$_nocron" ]; then uninstallcronjob fi _initpath _uninstallalias - + rm -f $LE_WORKING_DIR/$PROJECT_ENTRY _info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself." @@ -3867,24 +3824,24 @@ _uninstallalias() { _initpath _profile="$(_detect_profile)" - if [ "$_profile" ] ; then + if [ "$_profile" ]; then _info "Uninstalling alias from: '$_profile'" text="$(cat $_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" > "$_profile" + echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" >"$_profile" fi _csh_profile="$HOME/.cshrc" - if [ -f "$_csh_profile" ] ; then + if [ -f "$_csh_profile" ]; then _info "Uninstalling alias from: '$_csh_profile'" text="$(cat $_csh_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_csh_profile" + echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" >"$_csh_profile" fi - + _tcsh_profile="$HOME/.tcshrc" - if [ -f "$_tcsh_profile" ] ; then + if [ -f "$_tcsh_profile" ]; then _info "Uninstalling alias from: '$_csh_profile'" text="$(cat $_tcsh_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_tcsh_profile" + echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" >"$_tcsh_profile" fi } @@ -3892,20 +3849,20 @@ _uninstallalias() { cron() { IN_CRON=1 _initpath - if [ "$AUTO_UPGRADE" = "1" ] ; then + if [ "$AUTO_UPGRADE" = "1" ]; then export LE_WORKING_DIR ( - if ! upgrade ; then - _err "Cron:Upgrade failed!" - return 1 - fi + if ! upgrade; then + _err "Cron:Upgrade failed!" + return 1 + fi ) . $LE_WORKING_DIR/$PROJECT_ENTRY >/dev/null - if [ -t 1 ] ; then + if [ -t 1 ]; then __INTERACTIVE="1" fi - + _info "Auto upgraded to: $VER" fi renewAll @@ -4008,31 +3965,31 @@ Parameters: _installOnline() { _info "Installing from online archive." _nocron="$1" - if [ ! "$BRANCH" ] ; then + if [ ! "$BRANCH" ]; then BRANCH="master" fi target="$PROJECT/archive/$BRANCH.tar.gz" _info "Downloading $target" localname="$BRANCH.tar.gz" - if ! _get "$target" > $localname ; then + if ! _get "$target" >$localname; then _err "Download error." return 1 fi ( - _info "Extracting $localname" - tar xzf $localname - - cd "$PROJECT_NAME-$BRANCH" - chmod +x $PROJECT_ENTRY - if ./$PROJECT_ENTRY install "$_nocron" ; then - _info "Install success!" - fi - - cd .. - - rm -rf "$PROJECT_NAME-$BRANCH" - rm -f "$localname" + _info "Extracting $localname" + tar xzf $localname + + cd "$PROJECT_NAME-$BRANCH" + chmod +x $PROJECT_ENTRY + if ./$PROJECT_ENTRY install "$_nocron"; then + _info "Install success!" + fi + + cd .. + + rm -rf "$PROJECT_NAME-$BRANCH" + rm -f "$localname" ) } @@ -4042,7 +3999,7 @@ upgrade() { export LE_WORKING_DIR cd "$LE_WORKING_DIR" _installOnline "nocron" - ) ; then + ); then _info "Upgrade success!" exit 0 else @@ -4052,24 +4009,24 @@ upgrade() { } _processAccountConf() { - if [ "$_useragent" ] ; then + if [ "$_useragent" ]; then _saveaccountconf "USER_AGENT" "$_useragent" - elif [ "$USER_AGENT" ] && [ "$USER_AGENT" != "$DEFAULT_USER_AGENT" ] ; then + elif [ "$USER_AGENT" ] && [ "$USER_AGENT" != "$DEFAULT_USER_AGENT" ]; then _saveaccountconf "USER_AGENT" "$USER_AGENT" fi - - if [ "$_accountemail" ] ; then + + if [ "$_accountemail" ]; then _saveaccountconf "ACCOUNT_EMAIL" "$_accountemail" - elif [ "$ACCOUNT_EMAIL" ] && [ "$ACCOUNT_EMAIL" != "$DEFAULT_ACCOUNT_EMAIL" ] ; then + elif [ "$ACCOUNT_EMAIL" ] && [ "$ACCOUNT_EMAIL" != "$DEFAULT_ACCOUNT_EMAIL" ]; then _saveaccountconf "ACCOUNT_EMAIL" "$ACCOUNT_EMAIL" fi - - if [ "$_auto_upgrade" ] ; then + + if [ "$_auto_upgrade" ]; then _saveaccountconf "AUTO_UPGRADE" "$_auto_upgrade" - elif [ "$AUTO_UPGRADE" ] ; then + elif [ "$AUTO_UPGRADE" ]; then _saveaccountconf "AUTO_UPGRADE" "$AUTO_UPGRADE" fi - + } _process() { @@ -4111,339 +4068,339 @@ _process() { _auto_upgrade="" _listen_v4="" _listen_v6="" - while [ ${#} -gt 0 ] ; do + while [ ${#} -gt 0 ]; do case "${1}" in - - --help|-h) + + --help | -h) showhelp return ;; - --version|-v) + --version | -v) version return ;; - --install) + --install) _CMD="install" ;; - --uninstall) + --uninstall) _CMD="uninstall" ;; - --upgrade) + --upgrade) _CMD="upgrade" ;; - --issue) + --issue) _CMD="issue" ;; - --deploy) + --deploy) _CMD="deploy" ;; - --signcsr) + --signcsr) _CMD="signcsr" ;; - --showcsr) + --showcsr) _CMD="showcsr" ;; - --installcert|-i) + --installcert | -i) _CMD="installcert" ;; - --renew|-r) + --renew | -r) _CMD="renew" ;; - --renewAll|--renewall) + --renewAll | --renewall) _CMD="renewAll" ;; - --revoke) + --revoke) _CMD="revoke" ;; - --list) + --list) _CMD="list" ;; - --installcronjob) + --installcronjob) _CMD="installcronjob" ;; - --uninstallcronjob) + --uninstallcronjob) _CMD="uninstallcronjob" ;; - --cron) + --cron) _CMD="cron" ;; - --toPkcs) + --toPkcs) _CMD="toPkcs" - ;; - --createAccountKey|--createaccountkey|-cak) + ;; + --createAccountKey | --createaccountkey | -cak) _CMD="createAccountKey" ;; - --createDomainKey|--createdomainkey|-cdk) + --createDomainKey | --createdomainkey | -cdk) _CMD="createDomainKey" ;; - --createCSR|--createcsr|-ccr) + --createCSR | --createcsr | -ccr) _CMD="createCSR" ;; - --deactivate) + --deactivate) _CMD="deactivate" ;; - --updateaccount) + --updateaccount) _CMD="updateaccount" ;; - --registeraccount) + --registeraccount) _CMD="registeraccount" ;; - --domain|-d) + --domain | -d) _dvalue="$2" - - if [ "$_dvalue" ] ; then - if _startswith "$_dvalue" "-" ; then + + if [ "$_dvalue" ]; then + if _startswith "$_dvalue" "-"; then _err "'$_dvalue' is not a valid domain for parameter '$1'" return 1 fi - if _is_idn "$_dvalue" && ! _exists idn ; then + if _is_idn "$_dvalue" && ! _exists idn; then _err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first." return 1 fi - - if [ -z "$_domain" ] ; then + + if [ -z "$_domain" ]; then _domain="$_dvalue" else - if [ "$_altdomains" = "$NO_VALUE" ] ; then + if [ "$_altdomains" = "$NO_VALUE" ]; then _altdomains="$_dvalue" else _altdomains="$_altdomains,$_dvalue" fi fi fi - + shift ;; - --force|-f) + --force | -f) FORCE="1" ;; - --staging|--test) + --staging | --test) STAGE="1" ;; - --debug) - if [ -z "$2" ] || _startswith "$2" "-" ; then + --debug) + if [ -z "$2" ] || _startswith "$2" "-"; then DEBUG="1" else DEBUG="$2" shift - fi + fi ;; - --webroot|-w) + --webroot | -w) wvalue="$2" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi shift - ;; - --standalone) + ;; + --standalone) wvalue="$NO_VALUE" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --local-address) + --local-address) lvalue="$2" _local_address="$_local_address$lvalue," shift ;; - --apache) + --apache) wvalue="apache" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --tls) + --tls) wvalue="$W_TLS" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --dns) + --dns) wvalue="dns" - if ! _startswith "$2" "-" ; then + if ! _startswith "$2" "-"; then wvalue="$2" shift fi - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --dnssleep) + --dnssleep) _dnssleep="$2" Le_DNSSleep="$_dnssleep" shift ;; - - --keylength|-k) + + --keylength | -k) _keylength="$2" shift ;; - --accountkeylength|-ak) + --accountkeylength | -ak) _accountkeylength="$2" shift ;; - --certpath) + --certpath) _certpath="$2" shift ;; - --keypath) + --keypath) _keypath="$2" shift ;; - --capath) + --capath) _capath="$2" shift ;; - --fullchainpath) + --fullchainpath) _fullchainpath="$2" shift ;; - --reloadcmd|--reloadCmd) + --reloadcmd | --reloadCmd) _reloadcmd="$2" shift ;; - --password) + --password) _password="$2" shift ;; - --accountconf) + --accountconf) _accountconf="$2" ACCOUNT_CONF_PATH="$_accountconf" shift ;; - --home) + --home) LE_WORKING_DIR="$2" shift ;; - --certhome) + --certhome) _certhome="$2" CERT_HOME="$_certhome" shift - ;; - --useragent) + ;; + --useragent) _useragent="$2" USER_AGENT="$_useragent" shift ;; - --accountemail ) + --accountemail) _accountemail="$2" ACCOUNT_EMAIL="$_accountemail" shift ;; - --accountkey ) + --accountkey) _accountkey="$2" ACCOUNT_KEY_PATH="$_accountkey" shift ;; - --days ) + --days) _days="$2" Le_RenewalDays="$_days" shift ;; - --httpport ) + --httpport) _httpport="$2" Le_HTTPPort="$_httpport" shift ;; - --tlsport ) + --tlsport) _tlsport="$2" Le_TLSPort="$_tlsport" shift ;; - - --listraw ) + + --listraw) _listraw="raw" - ;; - --stopRenewOnError|--stoprenewonerror|-se ) + ;; + --stopRenewOnError | --stoprenewonerror | -se) _stopRenewOnError="1" ;; - --insecure) + --insecure) _insecure="1" HTTPS_INSECURE="1" ;; - --ca-bundle) + --ca-bundle) _ca_bundle="$(readlink -f $2)" CA_BUNDLE="$_ca_bundle" shift ;; - --nocron) + --nocron) _nocron="1" ;; - --ecc) + --ecc) _ecc="isEcc" ;; - --csr) + --csr) _csr="$2" shift ;; - --pre-hook) + --pre-hook) _pre_hook="$2" shift ;; - --post-hook) + --post-hook) _post_hook="$2" shift ;; - --renew-hook) + --renew-hook) _renew_hook="$2" shift ;; - --deploy-hook) + --deploy-hook) _deploy_hook="$2" shift ;; - --ocsp-must-staple|--ocsp) + --ocsp-must-staple | --ocsp) Le_OCSP_Stable="1" ;; - --log|--logfile) + --log | --logfile) _log="1" _logfile="$2" - if _startswith "$_logfile" '-' ; then + if _startswith "$_logfile" '-'; then _logfile="" else shift fi LOG_FILE="$_logfile" - if [ -z "$LOG_LEVEL" ] ; then + if [ -z "$LOG_LEVEL" ]; then LOG_LEVEL="$DEFAULT_LOG_LEVEL" fi ;; - --log-level) + --log-level) _log_level="$2" LOG_LEVEL="$_log_level" shift ;; - --auto-upgrade) + --auto-upgrade) _auto_upgrade="$2" - if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-' ; then + if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then _auto_upgrade="1" else shift fi AUTO_UPGRADE="$_auto_upgrade" ;; - --listen-v4) + --listen-v4) _listen_v4="1" Le_Listen_V4="$_listen_v4" ;; - --listen-v6) + --listen-v6) _listen_v6="1" Le_Listen_V6="$_listen_v6" ;; - - *) + + *) _err "Unknown parameter : $1" return 1 ;; @@ -4452,29 +4409,29 @@ _process() { shift 1 done - if [ "${_CMD}" != "install" ] ; then + if [ "${_CMD}" != "install" ]; then __initHome if [ "$_log" ]; then - if [ -z "$_logfile" ] ; then + if [ -z "$_logfile" ]; then _logfile="$DEFAULT_LOG_FILE" fi fi - if [ "$_logfile" ] ; then + if [ "$_logfile" ]; then _saveaccountconf "LOG_FILE" "$_logfile" LOG_FILE="$_logfile" fi - if [ "$_log_level" ] ; then + if [ "$_log_level" ]; then _saveaccountconf "LOG_LEVEL" "$_log_level" LOG_LEVEL="$_log_level" fi - + _processAccountConf fi - + _debug2 LE_WORKING_DIR "$LE_WORKING_DIR" - - if [ "$DEBUG" ] ; then + + if [ "$DEBUG" ]; then version fi @@ -4483,7 +4440,7 @@ _process() { uninstall) uninstall "$_nocron" ;; upgrade) upgrade ;; issue) - issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" + issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" ;; deploy) deploy "$_domain" "$_deploy_hook" "$_ecc" @@ -4497,63 +4454,63 @@ _process() { installcert) installcert "$_domain" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_ecc" ;; - renew) + renew) renew "$_domain" "$_ecc" ;; - renewAll) + renewAll) renewAll "$_stopRenewOnError" ;; - revoke) + revoke) revoke "$_domain" "$_ecc" ;; - deactivate) + deactivate) deactivate "$_domain,$_altdomains" ;; - registeraccount) + registeraccount) registeraccount "$_accountkeylength" ;; - updateaccount) + updateaccount) updateaccount ;; - list) + list) list "$_listraw" ;; installcronjob) installcronjob ;; uninstallcronjob) uninstallcronjob ;; cron) cron ;; - toPkcs) + toPkcs) toPkcs "$_domain" "$_password" "$_ecc" ;; - createAccountKey) + createAccountKey) createAccountKey "$_accountkeylength" ;; - createDomainKey) + createDomainKey) createDomainKey "$_domain" "$_keylength" ;; - createCSR) + createCSR) createCSR "$_domain" "$_altdomains" "$_ecc" ;; *) _err "Invalid command: $_CMD" - showhelp; + showhelp return 1 - ;; + ;; esac _ret="$?" - if [ "$_ret" != "0" ] ; then + if [ "$_ret" != "0" ]; then return $_ret fi - - if [ "${_CMD}" = "install" ] ; then - if [ "$_log" ] ; then - if [ -z "$LOG_FILE" ] ; then + + if [ "${_CMD}" = "install" ]; then + if [ "$_log" ]; then + if [ -z "$LOG_FILE" ]; then LOG_FILE="$DEFAULT_LOG_FILE" fi _saveaccountconf "LOG_FILE" "$LOG_FILE" fi - - if [ "$_log_level" ] ; then + + if [ "$_log_level" ]; then _saveaccountconf "LOG_LEVEL" "$_log_level" fi _processAccountConf @@ -4561,24 +4518,15 @@ _process() { } - -if [ "$INSTALLONLINE" ] ; then +if [ "$INSTALLONLINE" ]; then INSTALLONLINE="" _installOnline $BRANCH exit fi - - - - main() { [ -z "$1" ] && showhelp && return - if _startswith "$1" '-' ; then _process "$@"; else "$@";fi + if _startswith "$1" '-'; then _process "$@"; else "$@"; fi } - main "$@" - - - diff --git a/deploy/myapi.sh b/deploy/myapi.sh index 52e313e7..5075fab8 100644 --- a/deploy/myapi.sh +++ b/deploy/myapi.sh @@ -6,8 +6,6 @@ #Which will be called by acme.sh to deploy the cert #returns 0 means success, otherwise error. - - ######## Public functions ##################### #domain keyfile certfile cafile fullchain @@ -17,17 +15,14 @@ myapi_deploy() { _ccert="$3" _cca="$4" _cfullchain="$5" - + _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - - + _err "Not implemented yet" return 1 } - - diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index b2dc7eb8..63acb28f 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -1,54 +1,52 @@ #!/usr/bin/env sh - # #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" # #CF_Email="xxxx@sss.com" - CF_Api="https://api.cloudflare.com/client/v4" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cf_add(){ +dns_cf_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$CF_Key" ] || [ -z "$CF_Email" ] ; then + + if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then _err "You don't specify cloudflare api key and email yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf CF_Key "$CF_Key" _saveaccountconf CF_Email "$CF_Email" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain" - - if ! printf "$response" | grep \"success\":true > /dev/null ; then + + if ! printf "$response" | grep \"success\":true >/dev/null; then _err "Error" return 1 fi - + count=$(printf "%s\n" "$response" | _egrep_o \"count\":[^,]* | cut -d : -f 2) _debug count "$count" - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then _info "Adding record" - if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep $fulldomain > /dev/null ; then + if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then _info "Added, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect @@ -61,22 +59,21 @@ dns_cf_add(){ _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \"| head -n 1) + record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \" | head -n 1) _debug "record_id" $record_id - - _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" + + _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" if [ "$?" = "0" ]; then _info "Updated, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect - return 0; + return 0 fi _err "Update error" return 1 fi - -} +} #fulldomain dns_cf_rm() { @@ -84,7 +81,6 @@ dns_cf_rm() { } - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -95,20 +91,20 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; - fi - - if ! _cf_rest GET "zones?name=$h" ; then return 1 fi - - if printf $response | grep \"name\":\"$h\" >/dev/null ; then + + if ! _cf_rest GET "zones?name=$h"; then + return 1 + fi + + if printf $response | grep \"name\":\"$h\" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | head -n 1 | cut -d : -f 2 | tr -d \") - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -126,24 +122,22 @@ _cf_rest() { ep="$2" data="$3" _debug $ep - + _H1="X-Auth-Email: $CF_Email" _H2="X-Auth-Key: $CF_Key" _H3="Content-Type: application/json" - - if [ "$data" ] ; then + + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$CF_Api/$ep" "" $m)" else response="$(_get "$CF_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index ae162d62..81eb896d 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -6,10 +6,8 @@ # #CX_Secret="sADDsdasdgdsf" - CX_Api="https://www.cloudxns.net/api2" - #REST_API ######## Public functions ##################### @@ -17,54 +15,50 @@ CX_Api="https://www.cloudxns.net/api2" dns_cx_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ] ; then + + if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then _err "You don't specify cloudxns.com api key or secret yet." _err "Please create you key and try again." return 1 fi - + REST_API=$CX_Api - + #save the api key and email to the account conf file. _saveaccountconf CX_Key "$CX_Key" _saveaccountconf CX_Secret "$CX_Secret" - - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi - - existing_records $_domain $_sub_domain + + existing_records $_domain $_sub_domain _debug count "$count" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Error get existing records." return 1 fi - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then add_record $_domain $_sub_domain $txtvalue else update_record $_domain $_sub_domain $txtvalue fi - - if [ "$?" = "0" ] ; then + + if [ "$?" = "0" ]; then return 0 fi return 1 } - - #fulldomain dns_cx_rm() { fulldomain=$1 } - #usage: root sub #return if the sub record already exists. #echos the existing records count. @@ -73,24 +67,24 @@ existing_records() { _debug "Getting txt records" root=$1 sub=$2 - - if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100" ; then + + if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100"; then return 1 fi count=0 seg=$(printf "%s\n" "$response" | _egrep_o "{[^\{]*host\":\"$_sub_domain\"[^\}]*\}") _debug seg "$seg" - if [ -z "$seg" ] ; then + if [ -z "$seg" ]; then return 0 fi - if printf "$response" | grep '"type":"TXT"' > /dev/null ; then + if printf "$response" | grep '"type":"TXT"' >/dev/null; then count=1 record_id=$(printf "%s\n" "$seg" | _egrep_o \"record_id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug record_id "$record_id" - return 0 + return 0 fi - + } #add the txt record. @@ -100,13 +94,13 @@ add_record() { sub=$2 txtvalue=$3 fulldomain=$sub.$root - + _info "Adding record" - + if ! _rest POST "record" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then return 1 fi - + return 0 } @@ -117,19 +111,16 @@ update_record() { sub=$2 txtvalue=$3 fulldomain=$sub.$root - + _info "Updating record" - - if _rest PUT "record/$record_id" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}" ; then + + if _rest PUT "record/$record_id" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then return 0 fi - + return 1 } - - - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -140,25 +131,25 @@ _get_root() { domain=$1 i=2 p=1 - - if ! _rest GET "domain" ; then + + if ! _rest GET "domain"; then return 1 fi - - while [ '1' ] ; do + + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) _debug h "$h" - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - if printf "$response" | grep "$h." >/dev/null ; then - seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}" ) + if printf "$response" | grep "$h." >/dev/null; then + seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}") _debug seg "$seg" _domain_id=$(printf "%s" "$seg" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _debug _sub_domain $_sub_domain _domain=$h @@ -173,7 +164,6 @@ _get_root() { return 1 } - #Usage: method URI data _rest() { m=$1 @@ -181,38 +171,36 @@ _rest() { _debug $ep url="$REST_API/$ep" _debug url "$url" - - cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") + + cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") _debug cdate "$cdate" - + data="$3" _debug data "$data" - + sec="$CX_Key$url$data$cdate$CX_Secret" _debug sec "$sec" - hmac=$(printf "$sec"| openssl md5 |cut -d " " -f 2) + hmac=$(printf "$sec" | openssl md5 | cut -d " " -f 2) _debug hmac "$hmac" - + _H1="API-KEY: $CX_Key" _H2="API-REQUEST-DATE: $cdate" _H3="API-HMAC: $hmac" _H4="Content-Type: application/json" - if [ "$data" ] ; then + if [ "$data" ]; then response="$(_post "$data" "$url" "" $m)" else response="$(_get "$url")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" - if ! printf "$response" | grep '"message":"success"' > /dev/null ; then + if ! printf "$response" | grep '"message":"success"' >/dev/null; then return 1 fi return 0 } - - diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 898806bd..4ec8da69 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -18,7 +18,7 @@ dns_dp_add() { fulldomain=$1 txtvalue=$2 - if [ -z "$DP_Id" ] || [ -z "$DP_Key" ] ; then + if [ -z "$DP_Id" ] || [ -z "$DP_Key" ]; then _err "You don't specify dnspod api key and key id yet." _err "Please create you key and try again." return 1 @@ -39,12 +39,12 @@ dns_dp_add() { existing_records $_domain $_sub_domain _debug count "$count" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Error get existing records." return 1 fi - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then add_record $_domain $_sub_domain $txtvalue else update_record $_domain $_sub_domain $txtvalue @@ -149,9 +149,9 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid return 1; fi @@ -163,7 +163,7 @@ _get_root() { if printf "$response" | grep "Action completed successful" >/dev/null ; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _debug _sub_domain $_sub_domain _domain=$h @@ -189,14 +189,14 @@ _rest() { _debug url "$url" - if [ "$data" ] ; then + if [ "$data" ]; then _debug2 data "$data" response="$(_post $data "$url")" else response="$(_get "$url")" fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 0f399b41..51ca8db5 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -6,39 +6,37 @@ # #GD_Secret="asdfsdfsfsdfsdfdfsdf" - GD_Api="https://api.godaddy.com/v1" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_gd_add(){ +dns_gd_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ] ; then + + if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ]; then _err "You don't specify godaddy api key and secret yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf GD_Key "$GD_Key" _saveaccountconf GD_Secret "$GD_Secret" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _info "Adding record" - if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[{\"data\":\"$txtvalue\"}]"; then - if [ "$response" = "{}" ] ; then + if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[{\"data\":\"$txtvalue\"}]"; then + if [ "$response" = "{}" ]; then _info "Added, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect @@ -50,20 +48,15 @@ dns_gd_add(){ fi fi _err "Add txt record error." - + } - - #fulldomain dns_gd_rm() { fulldomain=$1 } - - - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -74,18 +67,18 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; - fi - - if ! _gd_rest GET "domains/$h" ; then return 1 fi - - if printf "$response" | grep '"code":"NOT_FOUND"' >/dev/null ; then + + if ! _gd_rest GET "domains/$h"; then + return 1 + fi + + if printf "$response" | grep '"code":"NOT_FOUND"' >/dev/null; then _debug "$h not found" else _sub_domain=$(printf $domain | cut -d . -f 1-$p) @@ -103,23 +96,21 @@ _gd_rest() { ep="$2" data="$3" _debug $ep - + _H1="Authorization: sso-key $GD_Key:$GD_Secret" _H2="Content-Type: application/json" - - if [ "$data" ] ; then + + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$GD_Api/$ep" "" $m)" else response="$(_get "$GD_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 34f7637c..847b9999 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -13,15 +13,15 @@ wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api" dns_lexicon_add() { fulldomain=$1 txtvalue=$2 - + domain=$(printf "$fulldomain" | cut -d . -f 2-999) - - if ! _exists $lexicon_cmd ; then + + if ! _exists $lexicon_cmd; then _err "Please install $lexicon_cmd first: $wiki" return 1 fi - - if [ -z "$PROVIDER" ] ; then + + if [ -z "$PROVIDER" ]; then _err "Please define env PROVIDER first: $wiki" return 1 fi @@ -29,34 +29,34 @@ dns_lexicon_add() { _savedomainconf PROVIDER "$PROVIDER" export PROVIDER - Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr [a-z] [A-Z]) + Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr [a-z] [A-Z]) eval Lx_name_v="\$$Lx_name" _debug "$Lx_name" "$Lx_name_v" - if [ "$Lx_name_v" ] ; then + if [ "$Lx_name_v" ]; then _saveaccountconf $Lx_name "$Lx_name_v" export "$Lx_name" fi - - Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr [a-z] [A-Z]) + + Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr [a-z] [A-Z]) eval Lx_token_v="\$$Lx_token" _debug "$Lx_token" "$Lx_token_v" - if [ "$Lx_token_v" ] ; then + if [ "$Lx_token_v" ]; then _saveaccountconf $Lx_token "$Lx_token_v" export "$Lx_token" fi - - Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr [a-z] [A-Z]) + + Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr [a-z] [A-Z]) eval Lx_password_v="\$$Lx_password" _debug "$Lx_password" "$Lx_password_v" - if [ "$Lx_password_v" ] ; then + if [ "$Lx_password_v" ]; then _saveaccountconf $Lx_password "$Lx_password_v" export "$Lx_password" fi - - Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr [a-z] [A-Z]) + + Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr [a-z] [A-Z]) eval Lx_domaintoken_v="\$$Lx_domaintoken" _debug "$Lx_domaintoken" "$Lx_domaintoken_v" - if [ "$Lx_domaintoken_v" ] ; then + if [ "$Lx_domaintoken_v" ]; then export "$Lx_domaintoken" _saveaccountconf $Lx_domaintoken "$Lx_domaintoken_v" fi @@ -65,14 +65,8 @@ dns_lexicon_add() { } - #fulldomain dns_lexicon_rm() { fulldomain=$1 } - - - - - diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index a59e0d0b..efd197c2 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -16,40 +16,40 @@ LUA_auth=$(printf $LUA_Email:$LUA_Key | _base64) dns_lua_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ] ; then + + if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ]; then _err "You don't specify luadns api key and email yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf LUA_Key "$LUA_Key" _saveaccountconf LUA_Email "$LUA_Email" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _LUA_rest GET "zones/${_domain_id}/records" - - if ! printf "$response" | grep \"id\": > /dev/null ; then + + if ! printf "$response" | grep \"id\": >/dev/null; then _err "Error" return 1 fi - + count=$(printf "%s\n" "$response" | _egrep_o \"name\":\"$fulldomain\" | wc -l) _debug count "$count" - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then _info "Adding record" - if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep $fulldomain > /dev/null ; then + if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then _info "Added" #todo: check if the record takes effect return 0 @@ -61,21 +61,20 @@ dns_lua_add() { _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2|cut -d, -f1 ) + record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2 | cut -d, -f1) _debug "record_id" $record_id - - _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" + + _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" if [ "$?" = "0" ]; then _info "Updated!" #todo: check if the record takes effect - return 0; + return 0 fi _err "Update error" return 1 fi - -} +} #fulldomain dns_lua_rm() { @@ -83,7 +82,6 @@ dns_lua_rm() { } - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -94,19 +92,19 @@ _get_root() { domain=$1 i=2 p=1 - if ! _LUA_rest GET "zones" ; then + if ! _LUA_rest GET "zones"; then + return 1 + fi + while [ '1' ]; do + h=$(printf $domain | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid return 1 fi - while [ '1' ] ; do - h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then - #not valid - return 1; - fi - - if printf $response | grep \"name\":\"$h\" >/dev/null ; then + + if printf $response | grep \"name\":\"$h\" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$h\" | cut -d : -f 2 | cut -d , -f 1) - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -124,22 +122,20 @@ _LUA_rest() { ep="$2" data="$3" _debug $ep - + _H1="Accept: application/json" _H2="Authorization: Basic $LUA_auth" - if [ "$data" ] ; then + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$LUA_Api/$ep" "" $m)" else response="$(_get "$LUA_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_myapi.sh b/dnsapi/dns_myapi.sh index 73b1ea85..813a2ed1 100755 --- a/dnsapi/dns_myapi.sh +++ b/dnsapi/dns_myapi.sh @@ -6,8 +6,6 @@ #Which will be called by acme.sh to add the txt record to your api system. #returns 0 means success, otherwise error. - - ######## Public functions ##################### #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -15,21 +13,18 @@ dns_myapi_add() { fulldomain=$1 txtvalue=$2 _err "Not implemented!" - return 1; + return 1 } - - #fulldomain dns_myapi_rm() { fulldomain=$1 } - #################### Private functions bellow ################################## _info() { - if [ -z "$2" ] ; then + if [ -z "$2" ]; then echo "[$(date)] $1" else echo "[$(date)] $1='$2'" @@ -42,7 +37,7 @@ _err() { } _debug() { - if [ -z "$DEBUG" ] ; then + if [ -z "$DEBUG" ]; then return fi _err "$@" @@ -50,8 +45,8 @@ _debug() { } _debug2() { - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _debug "$@" fi return -} \ No newline at end of file +} diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index b31d02fc..782c0830 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -1,6 +1,5 @@ #!/usr/bin/env sh - #Applcation Key #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" # @@ -10,10 +9,8 @@ #Consumer Key #OVH_CK="sdfsdfsdfsdfsdfdsf" - #OVH_END_POINT=ovh-eu - #'ovh-eu' OVH_EU='https://eu.api.ovh.com/1.0' @@ -35,121 +32,116 @@ SYS_CA='https://ca.api.soyoustart.com/1.0' #'runabove-ca' RAV_CA='https://api.runabove.com/1.0' - wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api" ovh_success="https://github.com/Neilpang/acme.sh/wiki/OVH-Success" - - _ovh_get_api() { _ogaep="$1" case "${_ogaep}" in - - ovh-eu|ovheu) - printf "%s" $OVH_EU - return - ;; - ovh-ca|ovhca) - printf "%s" $OVH_CA - return - ;; - kimsufi-eu|kimsufieu) - printf "%s" $KSF_EU - return - ;; - kimsufi-ca|kimsufica) - printf "%s" $KSF_CA - return - ;; - soyoustart-eu|soyoustarteu) - printf "%s" $SYS_EU - return - ;; - soyoustart-ca|soyoustartca) - printf "%s" $SYS_CA - return - ;; - runabove-ca|runaboveca) - printf "%s" $RAV_CA - return - ;; - - + + ovh-eu | ovheu) + printf "%s" $OVH_EU + return + ;; + ovh-ca | ovhca) + printf "%s" $OVH_CA + return + ;; + kimsufi-eu | kimsufieu) + printf "%s" $KSF_EU + return + ;; + kimsufi-ca | kimsufica) + printf "%s" $KSF_CA + return + ;; + soyoustart-eu | soyoustarteu) + printf "%s" $SYS_EU + return + ;; + soyoustart-ca | soyoustartca) + printf "%s" $SYS_CA + return + ;; + runabove-ca | runaboveca) + printf "%s" $RAV_CA + return + ;; + *) - _err "Unknown parameter : $1" - return 1 - ;; - esac + + _err "Unknown parameter : $1" + return 1 + ;; + esac } ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_ovh_add(){ +dns_ovh_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ] ; then + + if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then _err "You don't specify OVH application key and application secret yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf OVH_AK "$OVH_AK" _saveaccountconf OVH_AS "$OVH_AS" - - - if [ -z "$OVH_END_POINT" ] ; then + + if [ -z "$OVH_END_POINT" ]; then OVH_END_POINT="ovh-eu" fi _info "Using OVH endpoint: $OVH_END_POINT" - if [ "$OVH_END_POINT" != "ovh-eu" ] ; then - _saveaccountconf OVH_END_POINT "$OVH_END_POINT" + if [ "$OVH_END_POINT" != "ovh-eu" ]; then + _saveaccountconf OVH_END_POINT "$OVH_END_POINT" fi - - OVH_API="$(_ovh_get_api $OVH_END_POINT )" + + OVH_API="$(_ovh_get_api $OVH_END_POINT)" _debug OVH_API "$OVH_API" - if [ -z "$OVH_CK" ] ; then + if [ -z "$OVH_CK" ]; then _info "OVH consumer key is empty, Let's get one:" - if ! _ovh_authentication ; then + if ! _ovh_authentication; then _err "Can not get consumer key." fi #return and wait for retry. - return 1; + return 1 fi - - + _info "Checking authentication" - + response="$(_ovh_rest GET "domain/")" - if _contains "$response" "INVALID_CREDENTIAL" ; then + if _contains "$response" "INVALID_CREDENTIAL"; then _err "The consumer key is invalid: $OVH_CK" _err "Please retry to create a new one." - _clearaccountconf OVH_CK + _clearaccountconf OVH_CK return 1 fi _info "Consumer key is ok." - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain" - - if _contains "$response" '\[\]' || _contains "$response" "This service does not exist" ; then + + if _contains "$response" '\[\]' || _contains "$response" "This service does not exist"; then _info "Adding record" - if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then - if _contains "$response" "$txtvalue" ; then + if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then + if _contains "$response" "$txtvalue"; then _ovh_rest POST "domain/zone/$_domain/refresh" _debug "Refresh:$response" _info "Added, sleeping 10 seconds" @@ -161,27 +153,26 @@ dns_ovh_add(){ else _info "Updating record" record_id=$(printf "%s" "$response" | tr -d "[]" | cut -d , -f 1) - if [ -z "$record_id" ] ; then + if [ -z "$record_id" ]; then _err "Can not get record id." return 1 fi _debug "record_id" $record_id - if _ovh_rest PUT "domain/zone/$_domain/record/$record_id" "{\"target\":\"$txtvalue\",\"subDomain\":\"$_sub_domain\",\"ttl\":60}" ; then - if _contains "$response" "null" ; then + if _ovh_rest PUT "domain/zone/$_domain/record/$record_id" "{\"target\":\"$txtvalue\",\"subDomain\":\"$_sub_domain\",\"ttl\":60}"; then + if _contains "$response" "null"; then _ovh_rest POST "domain/zone/$_domain/refresh" _debug "Refresh:$response" _info "Updated, sleeping 10 seconds" sleep 10 - return 0; + return 0 fi fi _err "Update error" return 1 fi - -} +} #fulldomain dns_ovh_rm() { @@ -189,45 +180,43 @@ dns_ovh_rm() { } - #################### Private functions bellow ################################## _ovh_authentication() { - + _H1="X-Ovh-Application: $OVH_AK" _H2="Content-type: application/json" _H3="" _H4="" - + _ovhdata='{"accessRules": [{"method": "GET","path": "/*"},{"method": "POST","path": "/*"},{"method": "PUT","path": "/*"},{"method": "DELETE","path": "/*"}],"redirection":"'$ovh_success'"}' - + response="$(_post "$_ovhdata" "$OVH_API/auth/credential")" _debug3 response "$response" validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')" - if [ -z "$validationUrl" ] ; then + if [ -z "$validationUrl" ]; then _err "Unable to get validationUrl" return 1 fi _debug validationUrl "$validationUrl" - + consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" - if [ -z "$consumerKey" ] ; then + if [ -z "$consumerKey" ]; then _err "Unable to get consumerKey" return 1 fi _debug consumerKey "$consumerKey" - + OVH_CK="$consumerKey" _saveaccountconf OVH_CK "$OVH_CK" - - _info "Please open this link to do authentication: $(__green "$validationUrl" )" - _info "Here is a guide for you: $(__green "$wiki" )" + _info "Please open this link to do authentication: $(__green "$validationUrl")" + + _info "Here is a guide for you: $(__green "$wiki")" _info "Please retry after the authentication is done." } - #_acme-challenge.www.domain.com #returns # _sub_domain=_acme-challenge.www @@ -237,18 +226,18 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; - fi - - if ! _ovh_rest GET "domain/zone/$h" ; then return 1 fi - - if ! _contains "$response" "This service does not exist" >/dev/null ; then + + if ! _ovh_rest GET "domain/zone/$h"; then + return 1 + fi + + if ! _contains "$response" "This service does not exist" >/dev/null; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -273,8 +262,7 @@ _ovh_rest() { ep="$2" data="$3" _debug $ep - - + _ovh_url="$OVH_API/$ep" _debug2 _ovh_url "$_ovh_url" _ovh_t="$(_ovh_timestamp)" @@ -283,7 +271,6 @@ _ovh_rest() { _debug _ovh_p "$_ovh_p" _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)" _debug2 _ovh_hex "$_ovh_hex" - _H1="X-Ovh-Application: $OVH_AK" _H2="X-Ovh-Signature: \$1\$$_ovh_hex" @@ -291,19 +278,17 @@ _ovh_rest() { _H3="X-Ovh-Timestamp: $_ovh_t" _H4="X-Ovh-Consumer: $OVH_CK" _H5="Content-Type: application/json;charset=utf-8" - if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] ; then + if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ]; then _debug data "$data" response="$(_post "$data" "$_ovh_url" "" $m)" else response="$(_get "$_ovh_url")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index aa7a2c45..ec82bfe8 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -16,25 +16,25 @@ dns_pdns_add() { fulldomain=$1 txtvalue=$2 - if [ -z "$PDNS_Url" ] ; then + if [ -z "$PDNS_Url" ]; then _err "You don't specify PowerDNS address." _err "Please set PDNS_Url and try again." return 1 fi - if [ -z "$PDNS_ServerId" ] ; then + if [ -z "$PDNS_ServerId" ]; then _err "You don't specify PowerDNS server id." _err "Please set you PDNS_ServerId and try again." return 1 fi - if [ -z "$PDNS_Token" ] ; then + if [ -z "$PDNS_Token" ]; then _err "You don't specify PowerDNS token." _err "Please create you PDNS_Token and try again." return 1 fi - if [ -z "$PDNS_Ttl" ] ; then + if [ -z "$PDNS_Ttl" ]; then PDNS_Ttl=$DEFAULT_PDNS_TTL fi @@ -42,44 +42,42 @@ dns_pdns_add() { _saveaccountconf PDNS_Url "$PDNS_Url" _saveaccountconf PDNS_ServerId "$PDNS_ServerId" _saveaccountconf PDNS_Token "$PDNS_Token" - - if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ] ; then + + if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then _saveaccountconf PDNS_Ttl "$PDNS_Ttl" fi _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain "$_domain" - if ! set_record "$_domain" "$fulldomain" "$txtvalue" ; then + if ! set_record "$_domain" "$fulldomain" "$txtvalue"; then return 1 fi return 0 } - #fulldomain dns_pdns_rm() { fulldomain=$1 } - set_record() { _info "Adding record" root=$1 full=$2 txtvalue=$3 - if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"name\": \"$full.\", \"changetype\": \"REPLACE\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}" ; then + if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"name\": \"$full.\", \"changetype\": \"REPLACE\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then _err "Set txt record error." return 1 fi - if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify" ; then + if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify"; then _err "Notify servers error." return 1 fi @@ -95,17 +93,17 @@ _get_root() { i=1 p=1 - if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones" ; then + if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then _zones_response=$response fi - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then return 1 fi - if printf "$_zones_response" | grep "\"name\": \"$h.\"" >/dev/null ; then + if printf "$_zones_response" | grep "\"name\": \"$h.\"" >/dev/null; then _domain=$h return 0 fi @@ -124,18 +122,18 @@ _pdns_rest() { _H1="X-API-Key: $PDNS_Token" - if [ ! "$method" = "GET" ] ; then + if [ ! "$method" = "GET" ]; then _debug data "$data" response="$(_post "$data" "$PDNS_Url$ep" "" "$method")" else response="$(_get "$PDNS_Url$ep")" fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 -} \ No newline at end of file +}