mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
commit
5e574a355d
23
.github/workflows/PebbleStrict.yml
vendored
23
.github/workflows/PebbleStrict.yml
vendored
@ -37,3 +37,26 @@ jobs:
|
|||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- name: Run acmetest
|
- name: Run acmetest
|
||||||
run: cd ../acmetest && ./letest.sh
|
run: cd ../acmetest && ./letest.sh
|
||||||
|
|
||||||
|
PebbleStrict_IPCert:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
TestingDomain: 10.30.50.1
|
||||||
|
ACME_DIRECTORY: https://localhost:14000/dir
|
||||||
|
HTTPS_INSECURE: 1
|
||||||
|
Le_HTTPPort: 5002
|
||||||
|
Le_TLSPort: 5001
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
TEST_CA: "Pebble Intermediate CA"
|
||||||
|
TEST_IPCERT: 1
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Install tools
|
||||||
|
run: sudo apt-get install -y socat
|
||||||
|
- name: Run Pebble
|
||||||
|
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
|
||||||
|
- name: Clone acmetest
|
||||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
|
- name: Run acmetest
|
||||||
|
run: cd ../acmetest && ./letest.sh
|
@ -55,6 +55,7 @@ RUN for verb in help \
|
|||||||
deactivate-account \
|
deactivate-account \
|
||||||
set-notify \
|
set-notify \
|
||||||
set-default-ca \
|
set-default-ca \
|
||||||
|
set-default-chain \
|
||||||
; do \
|
; do \
|
||||||
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
|
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
|
||||||
; done
|
; done
|
||||||
|
83
acme.sh
83
acme.sh
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
VER=3.0.1
|
VER=3.0.2
|
||||||
|
|
||||||
PROJECT_NAME="acme.sh"
|
PROJECT_NAME="acme.sh"
|
||||||
|
|
||||||
@ -59,6 +59,9 @@ VTYPE_HTTP="http-01"
|
|||||||
VTYPE_DNS="dns-01"
|
VTYPE_DNS="dns-01"
|
||||||
VTYPE_ALPN="tls-alpn-01"
|
VTYPE_ALPN="tls-alpn-01"
|
||||||
|
|
||||||
|
ID_TYPE_DNS="dns"
|
||||||
|
ID_TYPE_IP="ip"
|
||||||
|
|
||||||
LOCAL_ANY_ADDRESS="0.0.0.0"
|
LOCAL_ANY_ADDRESS="0.0.0.0"
|
||||||
|
|
||||||
DEFAULT_RENEW=60
|
DEFAULT_RENEW=60
|
||||||
@ -426,13 +429,11 @@ _secure_debug3() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_upper_case() {
|
_upper_case() {
|
||||||
# shellcheck disable=SC2018,SC2019
|
tr '[:lower:]' '[:upper:]'
|
||||||
tr 'a-z' 'A-Z'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_lower_case() {
|
_lower_case() {
|
||||||
# shellcheck disable=SC2018,SC2019
|
tr '[:upper:]' '[:lower:]'
|
||||||
tr 'A-Z' 'a-z'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_startswith() {
|
_startswith() {
|
||||||
@ -1222,19 +1223,27 @@ _createcsr() {
|
|||||||
|
|
||||||
if [ "$acmeValidationv1" ]; then
|
if [ "$acmeValidationv1" ]; then
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf"
|
_debug2 domainlist "$domainlist"
|
||||||
|
alt=""
|
||||||
|
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||||
|
if [ "$alt" ]; then
|
||||||
|
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
|
else
|
||||||
|
alt="$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
|
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
|
||||||
#single domain
|
#single domain
|
||||||
_info "Single domain" "$domain"
|
_info "Single domain" "$domain"
|
||||||
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf"
|
printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf"
|
||||||
else
|
else
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
_debug2 domainlist "$domainlist"
|
_debug2 domainlist "$domainlist"
|
||||||
if _contains "$domainlist" ","; then
|
alt="$(_getIdType "$domain" | _upper_case):$domain"
|
||||||
alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")"
|
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||||
else
|
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
alt="DNS:$(_idn "$domain"),DNS:$domainlist"
|
done
|
||||||
fi
|
|
||||||
#multi
|
#multi
|
||||||
_info "Multi domain" "$alt"
|
_info "Multi domain" "$alt"
|
||||||
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
@ -4174,6 +4183,36 @@ _match_issuer() {
|
|||||||
_contains "$_rootissuer" "$_missuer"
|
_contains "$_rootissuer" "$_missuer"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ip
|
||||||
|
_isIPv4() {
|
||||||
|
for seg in $(echo "$1" | tr '.' ' '); do
|
||||||
|
if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
done
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#ip6
|
||||||
|
_isIPv6() {
|
||||||
|
_contains "$1" ":"
|
||||||
|
}
|
||||||
|
|
||||||
|
#ip
|
||||||
|
_isIP() {
|
||||||
|
_isIPv4 "$1" || _isIPv6 "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
#identifier
|
||||||
|
_getIdType() {
|
||||||
|
if _isIP "$1"; then
|
||||||
|
echo "$ID_TYPE_IP"
|
||||||
|
else
|
||||||
|
echo "$ID_TYPE_DNS"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
@ -4330,7 +4369,7 @@ issue() {
|
|||||||
dvsep=','
|
dvsep=','
|
||||||
if [ -z "$vlist" ]; then
|
if [ -z "$vlist" ]; then
|
||||||
#make new order request
|
#make new order request
|
||||||
_identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}"
|
_identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}"
|
||||||
_w_index=1
|
_w_index=1
|
||||||
while true; do
|
while true; do
|
||||||
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
||||||
@ -4339,7 +4378,7 @@ issue() {
|
|||||||
if [ -z "$d" ]; then
|
if [ -z "$d" ]; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}"
|
_identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
|
||||||
done
|
done
|
||||||
_debug2 _identifiers "$_identifiers"
|
_debug2 _identifiers "$_identifiers"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||||
@ -5674,8 +5713,16 @@ installcronjob() {
|
|||||||
if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then
|
if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then
|
||||||
lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY"
|
lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY"
|
||||||
else
|
else
|
||||||
_err "Can not install cronjob, $PROJECT_ENTRY not found."
|
_debug "_SCRIPT_" "$_SCRIPT_"
|
||||||
return 1
|
_script="$(_readlink "$_SCRIPT_")"
|
||||||
|
_debug _script "$_script"
|
||||||
|
if [ -f "$_script" ]; then
|
||||||
|
_info "Using the current script from: $_script"
|
||||||
|
lesh="$_script"
|
||||||
|
else
|
||||||
|
_err "Can not install cronjob, $PROJECT_ENTRY not found."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
if [ "$_c_home" ]; then
|
if [ "$_c_home" ]; then
|
||||||
_c_entry="--config-home \"$_c_home\" "
|
_c_entry="--config-home \"$_c_home\" "
|
||||||
@ -5902,7 +5949,7 @@ _deactivate() {
|
|||||||
_initAPI
|
_initAPI
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}"
|
_identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||||
_err "Can not get domain new order."
|
_err "Can not get domain new order."
|
||||||
return 1
|
return 1
|
||||||
@ -5938,7 +5985,7 @@ _deactivate() {
|
|||||||
thumbprint="$(__calc_account_thumbprint)"
|
thumbprint="$(__calc_account_thumbprint)"
|
||||||
fi
|
fi
|
||||||
_debug "Trigger validation."
|
_debug "Trigger validation."
|
||||||
vtype="$VTYPE_DNS"
|
vtype="$(_getIdType "$_d_domain")"
|
||||||
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
||||||
_debug entry "$entry"
|
_debug entry "$entry"
|
||||||
if [ -z "$entry" ]; then
|
if [ -z "$entry" ]; then
|
||||||
|
@ -100,6 +100,7 @@ synology_dsm_deploy() {
|
|||||||
if [ -z "$token" ]; then
|
if [ -z "$token" ]; then
|
||||||
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
|
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
|
||||||
_err "Check your username and password."
|
_err "Check your username and password."
|
||||||
|
_err "If two-factor authentication is enabled for the user, you have to choose another user."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
|
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
|
||||||
|
48
notify/feishu.sh
Normal file
48
notify/feishu.sh
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
#Support feishu webhooks api
|
||||||
|
|
||||||
|
#required
|
||||||
|
#FEISHU_WEBHOOK="xxxx"
|
||||||
|
|
||||||
|
#optional
|
||||||
|
#FEISHU_KEYWORD="yyyy"
|
||||||
|
|
||||||
|
# subject content statusCode
|
||||||
|
feishu_send() {
|
||||||
|
_subject="$1"
|
||||||
|
_content="$2"
|
||||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
|
||||||
|
_debug "_subject" "$_subject"
|
||||||
|
_debug "_content" "$_content"
|
||||||
|
_debug "_statusCode" "$_statusCode"
|
||||||
|
|
||||||
|
FEISHU_WEBHOOK="${FEISHU_WEBHOOK:-$(_readaccountconf_mutable FEISHU_WEBHOOK)}"
|
||||||
|
if [ -z "$FEISHU_WEBHOOK" ]; then
|
||||||
|
FEISHU_WEBHOOK=""
|
||||||
|
_err "You didn't specify a feishu webhooks FEISHU_WEBHOOK yet."
|
||||||
|
_err "You can get yours from https://www.feishu.cn"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_saveaccountconf_mutable FEISHU_WEBHOOK "$FEISHU_WEBHOOK"
|
||||||
|
|
||||||
|
FEISHU_KEYWORD="${FEISHU_KEYWORD:-$(_readaccountconf_mutable FEISHU_KEYWORD)}"
|
||||||
|
if [ "$FEISHU_KEYWORD" ]; then
|
||||||
|
_saveaccountconf_mutable FEISHU_KEYWORD "$FEISHU_KEYWORD"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_content=$(echo "$_content" | _json_encode)
|
||||||
|
_subject=$(echo "$_subject" | _json_encode)
|
||||||
|
_data="{\"msg_type\": \"text\", \"content\": {\"text\": \"[$FEISHU_KEYWORD]\n$_subject\n$_content\"}}"
|
||||||
|
|
||||||
|
response="$(_post "$_data" "$FEISHU_WEBHOOK" "" "POST" "application/json")"
|
||||||
|
|
||||||
|
if [ "$?" = "0" ] && _contains "$response" "StatusCode\":0"; then
|
||||||
|
_info "feishu webhooks event fired success."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
_err "feishu webhooks event fired error."
|
||||||
|
_err "$response"
|
||||||
|
return 1
|
||||||
|
}
|
@ -62,7 +62,7 @@ mail_send() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
contenttype="text/plain; charset=utf-8"
|
contenttype="text/plain; charset=utf-8"
|
||||||
subject="=?UTF-8?B?$(echo "$_subject" | _base64)?="
|
subject="=?UTF-8?B?$(printf -- "%b" "$_subject" | _base64)?="
|
||||||
result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1)
|
result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1)
|
||||||
|
|
||||||
# shellcheck disable=SC2181
|
# shellcheck disable=SC2181
|
||||||
@ -131,6 +131,7 @@ _mail_body() {
|
|||||||
echo "To: $MAIL_TO"
|
echo "To: $MAIL_TO"
|
||||||
echo "Subject: $subject"
|
echo "Subject: $subject"
|
||||||
echo "Content-Type: $contenttype"
|
echo "Content-Type: $contenttype"
|
||||||
|
echo "MIME-Version: 1.0"
|
||||||
echo
|
echo
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
Loading…
Reference in New Issue
Block a user