mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
commit
ad8940ad73
23
.github/workflows/PebbleStrict.yml
vendored
23
.github/workflows/PebbleStrict.yml
vendored
@ -35,5 +35,28 @@ jobs:
|
|||||||
run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
|
run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
|
- name: Run acmetest
|
||||||
|
run: cd ../acmetest && ./letest.sh
|
||||||
|
|
||||||
|
PebbleStrict_IPCert:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
TestingDomain: 10.30.50.1
|
||||||
|
ACME_DIRECTORY: https://localhost:14000/dir
|
||||||
|
HTTPS_INSECURE: 1
|
||||||
|
Le_HTTPPort: 5002
|
||||||
|
Le_TLSPort: 5001
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
TEST_CA: "Pebble Intermediate CA"
|
||||||
|
TEST_IPCERT: 1
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Install tools
|
||||||
|
run: sudo apt-get install -y socat
|
||||||
|
- name: Run Pebble
|
||||||
|
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
|
||||||
|
- name: Clone acmetest
|
||||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- name: Run acmetest
|
- name: Run acmetest
|
||||||
run: cd ../acmetest && ./letest.sh
|
run: cd ../acmetest && ./letest.sh
|
69
acme.sh
69
acme.sh
@ -59,6 +59,9 @@ VTYPE_HTTP="http-01"
|
|||||||
VTYPE_DNS="dns-01"
|
VTYPE_DNS="dns-01"
|
||||||
VTYPE_ALPN="tls-alpn-01"
|
VTYPE_ALPN="tls-alpn-01"
|
||||||
|
|
||||||
|
ID_TYPE_DNS="dns"
|
||||||
|
ID_TYPE_IP="ip"
|
||||||
|
|
||||||
LOCAL_ANY_ADDRESS="0.0.0.0"
|
LOCAL_ANY_ADDRESS="0.0.0.0"
|
||||||
|
|
||||||
DEFAULT_RENEW=60
|
DEFAULT_RENEW=60
|
||||||
@ -426,13 +429,11 @@ _secure_debug3() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_upper_case() {
|
_upper_case() {
|
||||||
# shellcheck disable=SC2018,SC2019
|
tr '[:lower:]' '[:upper:]'
|
||||||
tr 'a-z' 'A-Z'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_lower_case() {
|
_lower_case() {
|
||||||
# shellcheck disable=SC2018,SC2019
|
tr '[:upper:]' '[:lower:]'
|
||||||
tr 'A-Z' 'a-z'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_startswith() {
|
_startswith() {
|
||||||
@ -1222,19 +1223,27 @@ _createcsr() {
|
|||||||
|
|
||||||
if [ "$acmeValidationv1" ]; then
|
if [ "$acmeValidationv1" ]; then
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf"
|
_debug2 domainlist "$domainlist"
|
||||||
|
alt=""
|
||||||
|
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||||
|
if [ "$alt" ]; then
|
||||||
|
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
|
else
|
||||||
|
alt="$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
|
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
|
||||||
#single domain
|
#single domain
|
||||||
_info "Single domain" "$domain"
|
_info "Single domain" "$domain"
|
||||||
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf"
|
printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf"
|
||||||
else
|
else
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
_debug2 domainlist "$domainlist"
|
_debug2 domainlist "$domainlist"
|
||||||
if _contains "$domainlist" ","; then
|
alt="$(_getIdType "$domain" | _upper_case):$domain"
|
||||||
alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")"
|
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||||
else
|
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||||
alt="DNS:$(_idn "$domain"),DNS:$domainlist"
|
done
|
||||||
fi
|
|
||||||
#multi
|
#multi
|
||||||
_info "Multi domain" "$alt"
|
_info "Multi domain" "$alt"
|
||||||
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
@ -4174,6 +4183,36 @@ _match_issuer() {
|
|||||||
_contains "$_rootissuer" "$_missuer"
|
_contains "$_rootissuer" "$_missuer"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ip
|
||||||
|
_isIPv4() {
|
||||||
|
for seg in $(echo "$1" | tr '.' ' '); do
|
||||||
|
if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
done
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#ip6
|
||||||
|
_isIPv6() {
|
||||||
|
_contains "$1" ":"
|
||||||
|
}
|
||||||
|
|
||||||
|
#ip
|
||||||
|
_isIP() {
|
||||||
|
_isIPv4 "$1" || _isIPv6 "$1"
|
||||||
|
}
|
||||||
|
|
||||||
|
#identifier
|
||||||
|
_getIdType() {
|
||||||
|
if _isIP "$1"; then
|
||||||
|
echo "$ID_TYPE_IP"
|
||||||
|
else
|
||||||
|
echo "$ID_TYPE_DNS"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
@ -4330,7 +4369,7 @@ issue() {
|
|||||||
dvsep=','
|
dvsep=','
|
||||||
if [ -z "$vlist" ]; then
|
if [ -z "$vlist" ]; then
|
||||||
#make new order request
|
#make new order request
|
||||||
_identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}"
|
_identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}"
|
||||||
_w_index=1
|
_w_index=1
|
||||||
while true; do
|
while true; do
|
||||||
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
||||||
@ -4339,7 +4378,7 @@ issue() {
|
|||||||
if [ -z "$d" ]; then
|
if [ -z "$d" ]; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}"
|
_identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
|
||||||
done
|
done
|
||||||
_debug2 _identifiers "$_identifiers"
|
_debug2 _identifiers "$_identifiers"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||||
@ -5902,7 +5941,7 @@ _deactivate() {
|
|||||||
_initAPI
|
_initAPI
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}"
|
_identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||||
_err "Can not get domain new order."
|
_err "Can not get domain new order."
|
||||||
return 1
|
return 1
|
||||||
@ -5938,7 +5977,7 @@ _deactivate() {
|
|||||||
thumbprint="$(__calc_account_thumbprint)"
|
thumbprint="$(__calc_account_thumbprint)"
|
||||||
fi
|
fi
|
||||||
_debug "Trigger validation."
|
_debug "Trigger validation."
|
||||||
vtype="$VTYPE_DNS"
|
vtype="$(_getIdType "$_d_domain")"
|
||||||
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
||||||
_debug entry "$entry"
|
_debug entry "$entry"
|
||||||
if [ -z "$entry" ]; then
|
if [ -z "$entry" ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user