Merge pull request #3800 from acmesh-official/dev

sync
This commit is contained in:
neil 2021-11-10 09:22:45 +08:00 committed by GitHub
commit 5e574a355d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 140 additions and 19 deletions

View File

@ -37,3 +37,26 @@ jobs:
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest - name: Run acmetest
run: cd ../acmetest && ./letest.sh run: cd ../acmetest && ./letest.sh
PebbleStrict_IPCert:
runs-on: ubuntu-latest
env:
TestingDomain: 10.30.50.1
ACME_DIRECTORY: https://localhost:14000/dir
HTTPS_INSECURE: 1
Le_HTTPPort: 5002
Le_TLSPort: 5001
TEST_LOCAL: 1
TEST_CA: "Pebble Intermediate CA"
TEST_IPCERT: 1
steps:
- uses: actions/checkout@v2
- name: Install tools
run: sudo apt-get install -y socat
- name: Run Pebble
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
- name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && ./letest.sh

View File

@ -55,6 +55,7 @@ RUN for verb in help \
deactivate-account \ deactivate-account \
set-notify \ set-notify \
set-default-ca \ set-default-ca \
set-default-chain \
; do \ ; do \
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
; done ; done

83
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=3.0.1 VER=3.0.2
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -59,6 +59,9 @@ VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01" VTYPE_DNS="dns-01"
VTYPE_ALPN="tls-alpn-01" VTYPE_ALPN="tls-alpn-01"
ID_TYPE_DNS="dns"
ID_TYPE_IP="ip"
LOCAL_ANY_ADDRESS="0.0.0.0" LOCAL_ANY_ADDRESS="0.0.0.0"
DEFAULT_RENEW=60 DEFAULT_RENEW=60
@ -426,13 +429,11 @@ _secure_debug3() {
} }
_upper_case() { _upper_case() {
# shellcheck disable=SC2018,SC2019 tr '[:lower:]' '[:upper:]'
tr 'a-z' 'A-Z'
} }
_lower_case() { _lower_case() {
# shellcheck disable=SC2018,SC2019 tr '[:upper:]' '[:lower:]'
tr 'A-Z' 'a-z'
} }
_startswith() { _startswith() {
@ -1222,19 +1223,27 @@ _createcsr() {
if [ "$acmeValidationv1" ]; then if [ "$acmeValidationv1" ]; then
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf" _debug2 domainlist "$domainlist"
alt=""
for dl in $(echo "$domainlist" | tr "," ' '); do
if [ "$alt" ]; then
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
else
alt="$(_getIdType "$dl" | _upper_case):$dl"
fi
done
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf" printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf"
else else
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
_debug2 domainlist "$domainlist" _debug2 domainlist "$domainlist"
if _contains "$domainlist" ","; then alt="$(_getIdType "$domain" | _upper_case):$domain"
alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")" for dl in $(echo "$domainlist" | tr "," ' '); do
else alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
alt="DNS:$(_idn "$domain"),DNS:$domainlist" done
fi
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
printf -- "\nsubjectAltName=$alt" >>"$csrconf" printf -- "\nsubjectAltName=$alt" >>"$csrconf"
@ -4174,6 +4183,36 @@ _match_issuer() {
_contains "$_rootissuer" "$_missuer" _contains "$_rootissuer" "$_missuer"
} }
#ip
_isIPv4() {
for seg in $(echo "$1" | tr '.' ' '); do
if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then
continue
fi
return 1
done
return 0
}
#ip6
_isIPv6() {
_contains "$1" ":"
}
#ip
_isIP() {
_isIPv4 "$1" || _isIPv6 "$1"
}
#identifier
_getIdType() {
if _isIP "$1"; then
echo "$ID_TYPE_IP"
else
echo "$ID_TYPE_DNS"
fi
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
@ -4330,7 +4369,7 @@ issue() {
dvsep=',' dvsep=','
if [ -z "$vlist" ]; then if [ -z "$vlist" ]; then
#make new order request #make new order request
_identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}" _identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}"
_w_index=1 _w_index=1
while true; do while true; do
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")" d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
@ -4339,7 +4378,7 @@ issue() {
if [ -z "$d" ]; then if [ -z "$d" ]; then
break break
fi fi
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}" _identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
done done
_debug2 _identifiers "$_identifiers" _debug2 _identifiers "$_identifiers"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
@ -5674,8 +5713,16 @@ installcronjob() {
if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then
lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY" lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY"
else else
_err "Can not install cronjob, $PROJECT_ENTRY not found." _debug "_SCRIPT_" "$_SCRIPT_"
return 1 _script="$(_readlink "$_SCRIPT_")"
_debug _script "$_script"
if [ -f "$_script" ]; then
_info "Using the current script from: $_script"
lesh="$_script"
else
_err "Can not install cronjob, $PROJECT_ENTRY not found."
return 1
fi
fi fi
if [ "$_c_home" ]; then if [ "$_c_home" ]; then
_c_entry="--config-home \"$_c_home\" " _c_entry="--config-home \"$_c_home\" "
@ -5902,7 +5949,7 @@ _deactivate() {
_initAPI _initAPI
fi fi
_identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" _identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
_err "Can not get domain new order." _err "Can not get domain new order."
return 1 return 1
@ -5938,7 +5985,7 @@ _deactivate() {
thumbprint="$(__calc_account_thumbprint)" thumbprint="$(__calc_account_thumbprint)"
fi fi
_debug "Trigger validation." _debug "Trigger validation."
vtype="$VTYPE_DNS" vtype="$(_getIdType "$_d_domain")"
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
_debug entry "$entry" _debug entry "$entry"
if [ -z "$entry" ]; then if [ -z "$entry" ]; then

View File

@ -100,6 +100,7 @@ synology_dsm_deploy() {
if [ -z "$token" ]; then if [ -z "$token" ]; then
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme." _err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
_err "Check your username and password." _err "Check your username and password."
_err "If two-factor authentication is enabled for the user, you have to choose another user."
return 1 return 1
fi fi
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p') sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')

48
notify/feishu.sh Normal file
View File

@ -0,0 +1,48 @@
#!/usr/bin/env sh
#Support feishu webhooks api
#required
#FEISHU_WEBHOOK="xxxx"
#optional
#FEISHU_KEYWORD="yyyy"
# subject content statusCode
feishu_send() {
_subject="$1"
_content="$2"
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
_debug "_subject" "$_subject"
_debug "_content" "$_content"
_debug "_statusCode" "$_statusCode"
FEISHU_WEBHOOK="${FEISHU_WEBHOOK:-$(_readaccountconf_mutable FEISHU_WEBHOOK)}"
if [ -z "$FEISHU_WEBHOOK" ]; then
FEISHU_WEBHOOK=""
_err "You didn't specify a feishu webhooks FEISHU_WEBHOOK yet."
_err "You can get yours from https://www.feishu.cn"
return 1
fi
_saveaccountconf_mutable FEISHU_WEBHOOK "$FEISHU_WEBHOOK"
FEISHU_KEYWORD="${FEISHU_KEYWORD:-$(_readaccountconf_mutable FEISHU_KEYWORD)}"
if [ "$FEISHU_KEYWORD" ]; then
_saveaccountconf_mutable FEISHU_KEYWORD "$FEISHU_KEYWORD"
fi
_content=$(echo "$_content" | _json_encode)
_subject=$(echo "$_subject" | _json_encode)
_data="{\"msg_type\": \"text\", \"content\": {\"text\": \"[$FEISHU_KEYWORD]\n$_subject\n$_content\"}}"
response="$(_post "$_data" "$FEISHU_WEBHOOK" "" "POST" "application/json")"
if [ "$?" = "0" ] && _contains "$response" "StatusCode\":0"; then
_info "feishu webhooks event fired success."
return 0
fi
_err "feishu webhooks event fired error."
_err "$response"
return 1
}

View File

@ -62,7 +62,7 @@ mail_send() {
fi fi
contenttype="text/plain; charset=utf-8" contenttype="text/plain; charset=utf-8"
subject="=?UTF-8?B?$(echo "$_subject" | _base64)?=" subject="=?UTF-8?B?$(printf -- "%b" "$_subject" | _base64)?="
result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1) result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1)
# shellcheck disable=SC2181 # shellcheck disable=SC2181
@ -131,6 +131,7 @@ _mail_body() {
echo "To: $MAIL_TO" echo "To: $MAIL_TO"
echo "Subject: $subject" echo "Subject: $subject"
echo "Content-Type: $contenttype" echo "Content-Type: $contenttype"
echo "MIME-Version: 1.0"
echo echo
;; ;;
esac esac