mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
1. Support short names for --server
parameter, The valid values are: letsencrypt, letsencrypt_test, buypass, buypass_test and zerossl
2. Support Zerossl.com acme protocol. 3. Add "--set-default-ca --server xxxx" command to set the default CA to use.
This commit is contained in:
parent
f96d91cb6c
commit
737e9e48ca
85
acme.sh
85
acme.sh
@ -23,11 +23,27 @@ _SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY"
|
|||||||
LETSENCRYPT_CA_V1="https://acme-v01.api.letsencrypt.org/directory"
|
LETSENCRYPT_CA_V1="https://acme-v01.api.letsencrypt.org/directory"
|
||||||
LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory"
|
LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory"
|
||||||
|
|
||||||
LETSENCRYPT_CA_V2="https://acme-v02.api.letsencrypt.org/directory"
|
CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory"
|
||||||
LETSENCRYPT_STAGING_CA_V2="https://acme-staging-v02.api.letsencrypt.org/directory"
|
CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
|
|
||||||
DEFAULT_CA=$LETSENCRYPT_CA_V2
|
CA_BUYPASS="https://api.buypass.com/acme/directory"
|
||||||
DEFAULT_STAGING_CA=$LETSENCRYPT_STAGING_CA_V2
|
CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
|
||||||
|
|
||||||
|
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
||||||
|
|
||||||
|
|
||||||
|
DEFAULT_CA=$CA_LETSENCRYPT_V2
|
||||||
|
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
||||||
|
|
||||||
|
CA_NAMES="
|
||||||
|
letsencrypt
|
||||||
|
letsencrypt_test,letsencrypttest
|
||||||
|
buypass
|
||||||
|
buypass_test,buypasstest
|
||||||
|
zerossl
|
||||||
|
"
|
||||||
|
|
||||||
|
CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL"
|
||||||
|
|
||||||
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
|
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
|
||||||
DEFAULT_ACCOUNT_EMAIL=""
|
DEFAULT_ACCOUNT_EMAIL=""
|
||||||
@ -140,6 +156,8 @@ _SUDO_WIKI="https://github.com/acmesh-official/acme.sh/wiki/sudo"
|
|||||||
|
|
||||||
_REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"
|
_REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"
|
||||||
|
|
||||||
|
_ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
|
||||||
|
|
||||||
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
||||||
|
|
||||||
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
||||||
@ -2577,11 +2595,16 @@ _initpath() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$ACME_VERSION" = "2" ]; then
|
if [ "$ACME_VERSION" = "2" ]; then
|
||||||
DEFAULT_CA="$LETSENCRYPT_CA_V2"
|
DEFAULT_CA="$CA_LETSENCRYPT_V2"
|
||||||
DEFAULT_STAGING_CA="$LETSENCRYPT_STAGING_CA_V2"
|
DEFAULT_STAGING_CA="$CA_LETSENCRYPT_V2_TEST"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$ACME_DIRECTORY" ]; then
|
if [ -z "$ACME_DIRECTORY" ]; then
|
||||||
|
default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
|
||||||
|
_debug default_acme_server "$default_acme_server"
|
||||||
|
if [ "$default_acme_server" ]; then
|
||||||
|
ACME_DIRECTORY="$default_acme_server"
|
||||||
|
else
|
||||||
if [ -z "$STAGE" ]; then
|
if [ -z "$STAGE" ]; then
|
||||||
ACME_DIRECTORY="$DEFAULT_CA"
|
ACME_DIRECTORY="$DEFAULT_CA"
|
||||||
else
|
else
|
||||||
@ -2589,6 +2612,7 @@ _initpath() {
|
|||||||
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY"
|
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
_debug ACME_DIRECTORY "$ACME_DIRECTORY"
|
_debug ACME_DIRECTORY "$ACME_DIRECTORY"
|
||||||
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
||||||
@ -6301,6 +6325,7 @@ Commands:
|
|||||||
--createCSR, -ccsr Create CSR , professional use.
|
--createCSR, -ccsr Create CSR , professional use.
|
||||||
--deactivate Deactivate the domain authz, professional use.
|
--deactivate Deactivate the domain authz, professional use.
|
||||||
--set-notify Set the cron notification hook, level or mode.
|
--set-notify Set the cron notification hook, level or mode.
|
||||||
|
--set-default-ca Used with '--server' , to set the default CA to use to use.
|
||||||
|
|
||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
@ -6344,7 +6369,7 @@ Parameters:
|
|||||||
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
||||||
--config-home Specifies the home dir to save all the configurations.
|
--config-home Specifies the home dir to save all the configurations.
|
||||||
--useragent Specifies the user agent string. it will be saved for future use too.
|
--useragent Specifies the user agent string. it will be saved for future use too.
|
||||||
--accountemail Specifies the account email, only valid for the '--install' and '--update-account' command.
|
--accountemail, -m Specifies the account email, only valid for the '--install' and '--update-account' command.
|
||||||
--accountkey Specifies the account key path, only valid for the '--install' command.
|
--accountkey Specifies the account key path, only valid for the '--install' command.
|
||||||
--days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
|
--days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
|
||||||
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
||||||
@ -6510,6 +6535,39 @@ _checkSudo() {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#server
|
||||||
|
_selectServer() {
|
||||||
|
_server="$1"
|
||||||
|
_server_lower="$(echo "$_server" | _lower_case)"
|
||||||
|
_sindex=0
|
||||||
|
for snames in $CA_NAMES; do
|
||||||
|
snames="$(echo "$snames" | _lower_case)"
|
||||||
|
_sindex="$(_math $_sindex + 1)"
|
||||||
|
_debug2 "_selectServer try snames" "$snames"
|
||||||
|
for sname in $(echo "$snames" | tr ',' ' '); do
|
||||||
|
if [ "$_server_lower" = "$sname" ]; then
|
||||||
|
_debug2 "_selectServer match $sname"
|
||||||
|
_serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
|
||||||
|
_debug "Selected server: $_serverdir"
|
||||||
|
ACME_DIRECTORY="$_serverdir"
|
||||||
|
export ACME_DIRECTORY
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
done
|
||||||
|
ACME_DIRECTORY="$_server"
|
||||||
|
export ACME_DIRECTORY
|
||||||
|
}
|
||||||
|
|
||||||
|
#set default ca to $ACME_DIRECTORY
|
||||||
|
setdefaultca() {
|
||||||
|
if [ -z "$ACME_DIRECTORY" ]; then
|
||||||
|
_err "Please give a --server parameter."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_saveaccountconf "DEFAULT_ACME_SERVER" "$ACME_DIRECTORY"
|
||||||
|
}
|
||||||
|
|
||||||
_process() {
|
_process() {
|
||||||
_CMD=""
|
_CMD=""
|
||||||
_domain=""
|
_domain=""
|
||||||
@ -6652,6 +6710,9 @@ _process() {
|
|||||||
--set-notify)
|
--set-notify)
|
||||||
_CMD="setnotify"
|
_CMD="setnotify"
|
||||||
;;
|
;;
|
||||||
|
--set-default-ca)
|
||||||
|
_CMD="setdefaultca"
|
||||||
|
;;
|
||||||
--domain | -d)
|
--domain | -d)
|
||||||
_dvalue="$2"
|
_dvalue="$2"
|
||||||
|
|
||||||
@ -6690,9 +6751,8 @@ _process() {
|
|||||||
STAGE="1"
|
STAGE="1"
|
||||||
;;
|
;;
|
||||||
--server)
|
--server)
|
||||||
ACME_DIRECTORY="$2"
|
_server="$2"
|
||||||
_server="$ACME_DIRECTORY"
|
_selectServer "$_server"
|
||||||
export ACME_DIRECTORY
|
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--debug)
|
--debug)
|
||||||
@ -6849,7 +6909,7 @@ _process() {
|
|||||||
USER_AGENT="$_useragent"
|
USER_AGENT="$_useragent"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--accountemail)
|
--accountemail | -m)
|
||||||
_accountemail="$2"
|
_accountemail="$2"
|
||||||
ACCOUNT_EMAIL="$_accountemail"
|
ACCOUNT_EMAIL="$_accountemail"
|
||||||
shift
|
shift
|
||||||
@ -7179,6 +7239,9 @@ _process() {
|
|||||||
setnotify)
|
setnotify)
|
||||||
setnotify "$_notify_hook" "$_notify_level" "$_notify_mode"
|
setnotify "$_notify_hook" "$_notify_level" "$_notify_mode"
|
||||||
;;
|
;;
|
||||||
|
setdefaultca)
|
||||||
|
setdefaultca
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
if [ "$_CMD" ]; then
|
if [ "$_CMD" ]; then
|
||||||
_err "Invalid command: $_CMD"
|
_err "Invalid command: $_CMD"
|
||||||
|
Loading…
Reference in New Issue
Block a user