This commit is contained in:
neil 2020-08-16 17:36:24 +08:00
parent 0b531e9fbc
commit bd04638d27

54
acme.sh
View File

@ -1473,7 +1473,7 @@ createDomainKey() {
_initpath "$domain" "$_cdl" _initpath "$domain" "$_cdl"
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
if _createkey "$_cdl" "$CERT_KEY_PATH"; then if _createkey "$_cdl" "$CERT_KEY_PATH"; then
_savedomainconf Le_Keylength "$_cdl" _savedomainconf Le_Keylength "$_cdl"
_info "The domain key is here: $(__green $CERT_KEY_PATH)" _info "The domain key is here: $(__green $CERT_KEY_PATH)"
@ -1483,7 +1483,7 @@ createDomainKey() {
return 1 return 1
fi fi
else else
if [ "$IS_RENEW" ]; then if [ "$_ACME_IS_RENEW" ]; then
_info "Domain key exists, skip" _info "Domain key exists, skip"
return 0 return 0
else else
@ -1509,7 +1509,7 @@ createCSR() {
_initpath "$domain" "$_isEcc" _initpath "$domain" "$_isEcc"
if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then
_info "CSR exists, skip" _info "CSR exists, skip"
return return
fi fi
@ -2585,7 +2585,7 @@ _initpath() {
. "$ACCOUNT_CONF_PATH" . "$ACCOUNT_CONF_PATH"
fi fi
if [ "$ACME_IN_CRON" ]; then if [ "$_ACME_IN_CRON" ]; then
if [ ! "$_USER_PATH_EXPORTED" ]; then if [ ! "$_USER_PATH_EXPORTED" ]; then
_USER_PATH_EXPORTED=1 _USER_PATH_EXPORTED=1
export PATH="$USER_PATH:$PATH" export PATH="$USER_PATH:$PATH"
@ -2599,7 +2599,7 @@ _initpath() {
if [ -z "$ACME_DIRECTORY" ]; then if [ -z "$ACME_DIRECTORY" ]; then
if [ "$STAGE" ]; then if [ "$STAGE" ]; then
ACME_DIRECTORY="$DEFAULT_STAGING_CA" ACME_DIRECTORY="$DEFAULT_STAGING_CA"
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY" _info "Using ACME_DIRECTORY: $ACME_DIRECTORY"
else else
default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER") default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
_debug default_acme_server "$default_acme_server" _debug default_acme_server "$default_acme_server"
@ -3387,7 +3387,7 @@ _on_issue_err() {
) )
fi fi
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then if [ "$_ACME_IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
_err "$_DNS_MANUAL_ERR" _err "$_DNS_MANUAL_ERR"
fi fi
@ -3419,7 +3419,7 @@ _on_issue_success() {
fi fi
#run renew hook #run renew hook
if [ "$IS_RENEW" ] && [ "$_chk_renew_hook" ]; then if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
_info "Run renew hook:'$_chk_renew_hook'" _info "Run renew hook:'$_chk_renew_hook'"
if ! ( if ! (
export CERT_PATH export CERT_PATH
@ -4037,7 +4037,7 @@ issue() {
_challenge_alias="${14}" _challenge_alias="${14}"
_preferred_chain="${15}" _preferred_chain="${15}"
if [ ! "$IS_RENEW" ]; then if [ -z "$_ACME_IS_RENEW" ]; then
_initpath "$_main_domain" "$_key_length" _initpath "$_main_domain" "$_key_length"
mkdir -p "$DOMAIN_PATH" mkdir -p "$DOMAIN_PATH"
fi fi
@ -4689,7 +4689,8 @@ $_authorizations_map"
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
if [ "$ACME_VERSION" = "2" ]; then if [ "$ACME_VERSION" = "2" ]; then
_info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize" _info "Lets finalize the order."
_info "Le_OrderFinalize" "$Le_OrderFinalize"
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
_err "Sign failed." _err "Sign failed."
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook"
@ -4760,7 +4761,8 @@ $_authorizations_map"
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook"
return 1 return 1
fi fi
_info "Downloading cert, Le_LinkCert: $Le_LinkCert" _info "Downloading cert."
_info "Le_LinkCert" "$Le_LinkCert"
if ! _send_signed_request "$Le_LinkCert"; then if ! _send_signed_request "$Le_LinkCert"; then
_err "Sign failed, can not download cert:$Le_LinkCert." _err "Sign failed, can not download cert:$Le_LinkCert."
_err "$response" _err "$response"
@ -4842,7 +4844,7 @@ $_authorizations_map"
_info "Your cert key is in $(__green " $CERT_KEY_PATH ")" _info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
fi fi
if [ ! "$USER_PATH" ] || [ ! "$ACME_IN_CRON" ]; then if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then
USER_PATH="$PATH" USER_PATH="$PATH"
_saveaccountconf "USER_PATH" "$USER_PATH" _saveaccountconf "USER_PATH" "$USER_PATH"
fi fi
@ -5033,12 +5035,12 @@ renew() {
return "$RENEW_SKIP" return "$RENEW_SKIP"
fi fi
if [ "$ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
_info "Skip invalid cert for: $Le_Domain" _info "Skip invalid cert for: $Le_Domain"
return $RENEW_SKIP return $RENEW_SKIP
fi fi
IS_RENEW="1" _ACME_IS_RENEW="1"
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)" Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
Le_PreHook="$(_readdomainconf Le_PreHook)" Le_PreHook="$(_readdomainconf Le_PreHook)"
Le_PostHook="$(_readdomainconf Le_PostHook)" Le_PostHook="$(_readdomainconf Le_PostHook)"
@ -5054,7 +5056,7 @@ renew() {
res="$?" res="$?"
fi fi
IS_RENEW="" _ACME_IS_RENEW=""
return "$res" return "$res"
} }
@ -5094,7 +5096,7 @@ renewAll() {
_error_level="$NOTIFY_LEVEL_RENEW" _error_level="$NOTIFY_LEVEL_RENEW"
_notify_code=0 _notify_code=0
fi fi
if [ "$ACME_IN_CRON" ]; then if [ "$_ACME_IN_CRON" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
_send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0
@ -5108,7 +5110,7 @@ renewAll() {
_error_level="$NOTIFY_LEVEL_SKIP" _error_level="$NOTIFY_LEVEL_SKIP"
_notify_code=$RENEW_SKIP _notify_code=$RENEW_SKIP
fi fi
if [ "$ACME_IN_CRON" ]; then if [ "$_ACME_IN_CRON" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
_send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" _send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP"
@ -5123,7 +5125,7 @@ renewAll() {
_error_level="$NOTIFY_LEVEL_ERROR" _error_level="$NOTIFY_LEVEL_ERROR"
_notify_code=1 _notify_code=1
fi fi
if [ "$ACME_IN_CRON" ]; then if [ "$_ACME_IN_CRON" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
_send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1
@ -5144,7 +5146,7 @@ renewAll() {
done done
_debug _error_level "$_error_level" _debug _error_level "$_error_level"
_debug _set_level "$_set_level" _debug _set_level "$_set_level"
if [ "$ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then if [ "$_ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then
_msg_subject="Renew" _msg_subject="Renew"
if [ "$_error_msg" ]; then if [ "$_error_msg" ]; then
@ -5442,7 +5444,7 @@ _installcert() {
if [ "$_real_cert" ]; then if [ "$_real_cert" ]; then
_info "Installing cert to:$_real_cert" _info "Installing cert to:$_real_cert"
if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_cert" "$_backup_path/cert.bak" cp "$_real_cert" "$_backup_path/cert.bak"
fi fi
cat "$CERT_PATH" >"$_real_cert" || return 1 cat "$CERT_PATH" >"$_real_cert" || return 1
@ -5454,7 +5456,7 @@ _installcert() {
echo "" >>"$_real_ca" echo "" >>"$_real_ca"
cat "$CA_CERT_PATH" >>"$_real_ca" || return 1 cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
else else
if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_ca" "$_backup_path/ca.bak" cp "$_real_ca" "$_backup_path/ca.bak"
fi fi
cat "$CA_CERT_PATH" >"$_real_ca" || return 1 cat "$CA_CERT_PATH" >"$_real_ca" || return 1
@ -5463,7 +5465,7 @@ _installcert() {
if [ "$_real_key" ]; then if [ "$_real_key" ]; then
_info "Installing key to:$_real_key" _info "Installing key to:$_real_key"
if [ -f "$_real_key" ] && [ ! "$IS_RENEW" ]; then if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_key" "$_backup_path/key.bak" cp "$_real_key" "$_backup_path/key.bak"
fi fi
if [ -f "$_real_key" ]; then if [ -f "$_real_key" ]; then
@ -5476,7 +5478,7 @@ _installcert() {
if [ "$_real_fullchain" ]; then if [ "$_real_fullchain" ]; then
_info "Installing full chain to:$_real_fullchain" _info "Installing full chain to:$_real_fullchain"
if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_fullchain" "$_backup_path/fullchain.bak" cp "$_real_fullchain" "$_backup_path/fullchain.bak"
fi fi
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
@ -6093,7 +6095,7 @@ install() {
_debug "Skip install cron job" _debug "Skip install cron job"
fi fi
if [ "$ACME_IN_CRON" != "1" ]; then if [ "$_ACME_IN_CRON" != "1" ]; then
if ! _precheck "$_nocron"; then if ! _precheck "$_nocron"; then
_err "Pre-check failed, can not install." _err "Pre-check failed, can not install."
return 1 return 1
@ -6150,7 +6152,7 @@ install() {
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY" _info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
if [ "$ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then if [ "$_ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
_installalias "$_c_home" _installalias "$_c_home"
fi fi
@ -6248,7 +6250,7 @@ _uninstallalias() {
} }
cron() { cron() {
export ACME_IN_CRON=1 export _ACME_IN_CRON=1
_initpath _initpath
_info "$(__green "===Starting cron===")" _info "$(__green "===Starting cron===")"
if [ "$AUTO_UPGRADE" = "1" ]; then if [ "$AUTO_UPGRADE" = "1" ]; then
@ -6269,7 +6271,7 @@ cron() {
fi fi
renewAll renewAll
_ret="$?" _ret="$?"
ACME_IN_CRON="" _ACME_IN_CRON=""
_info "$(__green "===End cron===")" _info "$(__green "===End cron===")"
exit $_ret exit $_ret
} }