diff --git a/le.sh b/le.sh index 081f73ea..cd53c3e0 100755 --- a/le.sh +++ b/le.sh @@ -1,17 +1,12 @@ #!/bin/bash -WORKING_DIR=~/.le - -CURL_HEADER="" -HEADER="" -HEADERPLACE="" -ACCOUNT_EMAIL="" DEFAULT_CA="https://acme-v01.api.letsencrypt.org" +DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" -API=$DEFAULT_CA - +API="$DEFAULT_CA" +AGREEMENT="$DEFAULT_AGREEMENT" _debug() { @@ -213,8 +208,35 @@ _setopt() { _debug "$(grep -H -n "^$__opt$__sep" $__conf)" } +_startserver() { + content="$1" + while true ; do + if [ -z "$DEBUG" ] ; then + echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 > /dev/null + else + echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 + fi + done +} + +_stopserver() { + pid="$1" + if [ "$pid" ] ; then + if [ -z "$DEBUG" ] ; then + kill -s 9 $pid 2>&1 + killall -s 9 nc 2>&1 + else + kill -s 9 $pid 2>&1 > /dev/null + killall -s 9 nc 2>&1 > /dev/null + fi + fi +} + _initpath() { - WORKING_DIR=~/.le + if [ -z "$WORKING_DIR" ]; then + WORKING_DIR=~/.le + fi + domain=$1 mkdir -p $WORKING_DIR ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc @@ -260,9 +282,23 @@ issue() { fi fi - if [ -z "$Le_Webroot" ] ; then - echo Usage: $0 webroot a.com [b.com,c.com] [key-length] - return 1 + if [ "$Le_Webroot" == "no" ] ; then + _info "Standalone mode." + if ! command -v "nc" > /dev/null ; then + _err "Please install netcat(nc) tools first." + return 1 + fi + if ! command -v "netstat" > /dev/null ; then + _err "Please install netstat first." + return 1 + fi + netprc="$(netstat -antpl | grep ':80 ')" + if [ "$netprc" ] ; then + _err "$netprc" + _err "tcp port 80 is already used by $(echo "$netprc" | cut -d '/' -f 2)" + _err "Please stop it first" + return 1 + fi fi createAccountKey $Le_Domain $Le_Keylength @@ -294,9 +330,9 @@ issue() { _info "Registering account" - regjson='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}' + regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}' if [ "$ACCOUNT_EMAIL" ] ; then - regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}' + regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}' fi _send_signed_request "$API/acme/new-reg" "$regjson" @@ -337,13 +373,20 @@ issue() { keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" - wellknown_path="$Le_Webroot/.well-known/acme-challenge" - _debug wellknown_path "$wellknown_path" - - mkdir -p "$wellknown_path" - wellknown_path="$wellknown_path/$token" - echo -n "$keyauthorization" > $wellknown_path - + if [ "$Le_Webroot" == "no" ] ; then + _info "Standalone mode server" + _startserver "$keyauthorization" & 2>&1 >/dev/null + serverproc="$!" + sleep 2 + _debug serverproc $serverproc + else + wellknown_path="$Le_Webroot/.well-known/acme-challenge" + _debug wellknown_path "$wellknown_path" + + mkdir -p "$wellknown_path" + wellknown_path="$wellknown_path/$token" + echo -n "$keyauthorization" > $wellknown_path + fi wellknown_url="http://$d/.well-known/acme-challenge/$token" _debug wellknown_url "$wellknown_url" @@ -352,6 +395,7 @@ issue() { if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then _err "challenge error: $d" + _stopserver $serverproc return 1 fi @@ -362,6 +406,7 @@ issue() { if ! _get $uri ; then _err "Verify error:$resource" + _stopserver $serverproc return 1 fi @@ -374,6 +419,7 @@ issue() { if [ "$status" == "invalid" ] ; then error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) _err "Verify error:$error" + _stopserver $serverproc return 1; fi @@ -381,10 +427,12 @@ issue() { _info "Verify pending:$d" else _err "Verify error:$response" + _stopserver $serverproc return 1 fi - done + done + _stopserver $serverproc done _info "Verify finished, start to sign."