mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
support ip cert: rfc https://tools.ietf.org/html/rfc8738
This commit is contained in:
parent
7d249b6d3b
commit
6ae8d10132
58
acme.sh
58
acme.sh
@ -59,6 +59,9 @@ VTYPE_HTTP="http-01"
|
|||||||
VTYPE_DNS="dns-01"
|
VTYPE_DNS="dns-01"
|
||||||
VTYPE_ALPN="tls-alpn-01"
|
VTYPE_ALPN="tls-alpn-01"
|
||||||
|
|
||||||
|
ID_TYPE_DNS="dns"
|
||||||
|
ID_TYPE_IP="ip"
|
||||||
|
|
||||||
LOCAL_ANY_ADDRESS="0.0.0.0"
|
LOCAL_ANY_ADDRESS="0.0.0.0"
|
||||||
|
|
||||||
DEFAULT_RENEW=60
|
DEFAULT_RENEW=60
|
||||||
@ -1222,19 +1225,26 @@ _createcsr() {
|
|||||||
|
|
||||||
if [ "$acmeValidationv1" ]; then
|
if [ "$acmeValidationv1" ]; then
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf"
|
_debug2 domainlist "$domainlist"
|
||||||
|
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||||
|
if [ "$alt" ]; then
|
||||||
|
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
|
else
|
||||||
|
alt="$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
|
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
|
||||||
#single domain
|
#single domain
|
||||||
_info "Single domain" "$domain"
|
_info "Single domain" "$domain"
|
||||||
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf"
|
printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf"
|
||||||
else
|
else
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
_debug2 domainlist "$domainlist"
|
_debug2 domainlist "$domainlist"
|
||||||
if _contains "$domainlist" ","; then
|
alt="$(_getIdType "$domain" | _upper_case):$domain"
|
||||||
alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")"
|
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||||
else
|
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
alt="DNS:$(_idn "$domain"),DNS:$domainlist"
|
done
|
||||||
fi
|
|
||||||
#multi
|
#multi
|
||||||
_info "Multi domain" "$alt"
|
_info "Multi domain" "$alt"
|
||||||
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
@ -4174,6 +4184,36 @@ _match_issuer() {
|
|||||||
_contains "$_rootissuer" "$_missuer"
|
_contains "$_rootissuer" "$_missuer"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ip
|
||||||
|
_isIPv4() {
|
||||||
|
for seg in $(echo "$1" | tr '.' ' '); do
|
||||||
|
if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
done
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#ip6
|
||||||
|
_isIPv6() {
|
||||||
|
_contains "$1" ":"
|
||||||
|
}
|
||||||
|
|
||||||
|
#ip
|
||||||
|
_isIP() {
|
||||||
|
_isIPv4 "$1" || _isIPv6 "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
#identifier
|
||||||
|
_getIdType() {
|
||||||
|
if _isIP "$1"; then
|
||||||
|
echo "$ID_TYPE_IP";
|
||||||
|
else
|
||||||
|
echo "$ID_TYPE_DNS";
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
@ -4330,7 +4370,7 @@ issue() {
|
|||||||
dvsep=','
|
dvsep=','
|
||||||
if [ -z "$vlist" ]; then
|
if [ -z "$vlist" ]; then
|
||||||
#make new order request
|
#make new order request
|
||||||
_identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}"
|
_identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}"
|
||||||
_w_index=1
|
_w_index=1
|
||||||
while true; do
|
while true; do
|
||||||
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
||||||
@ -4339,7 +4379,7 @@ issue() {
|
|||||||
if [ -z "$d" ]; then
|
if [ -z "$d" ]; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}"
|
_identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
|
||||||
done
|
done
|
||||||
_debug2 _identifiers "$_identifiers"
|
_debug2 _identifiers "$_identifiers"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||||
|
Loading…
Reference in New Issue
Block a user