mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
Support NotBefore and NotAfter
Add `--valid-from` and `--valid-to`: https://github.com/acmesh-official/acme.sh/wiki/Validity
This commit is contained in:
parent
bcc984fc09
commit
de4c4eedd8
131
acme.sh
131
acme.sh
@ -177,6 +177,8 @@ _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
|
|||||||
|
|
||||||
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
|
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
|
||||||
|
|
||||||
|
_VALIDITY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Validity"
|
||||||
|
|
||||||
_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
|
_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
|
||||||
|
|
||||||
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
||||||
@ -1603,12 +1605,12 @@ _durl_replace_base64() {
|
|||||||
|
|
||||||
_time2str() {
|
_time2str() {
|
||||||
#BSD
|
#BSD
|
||||||
if date -u -r "$1" 2>/dev/null; then
|
if date -u -r "$1" -j "+%Y-%m-%dT%H:%M:%SZ" 2>/dev/null; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#Linux
|
#Linux
|
||||||
if date -u -d@"$1" 2>/dev/null; then
|
if date -u --date=@"$1" "+%Y-%m-%dT%H:%M:%SZ" 2>/dev/null; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -1619,7 +1621,7 @@ _time2str() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
#Busybox
|
#Busybox
|
||||||
if echo "$1" | awk '{ print strftime("%c", $0); }' 2>/dev/null; then
|
if echo "$1" | awk '{ print strftime("%Y-%m-%dT%H:%M:%SZ", $0); }' 2>/dev/null; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -1778,6 +1780,22 @@ _time() {
|
|||||||
date -u "+%s"
|
date -u "+%s"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#support 2 formats:
|
||||||
|
# 2022-04-01 08:10:33 to 1648800633
|
||||||
|
#or 2022-04-01T08:10:33Z to 1648800633
|
||||||
|
_date2time() {
|
||||||
|
#Linux
|
||||||
|
if date -u -d "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
#Mac/BSD
|
||||||
|
if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
_err "Can not parse _date2time $1"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
_utc_date() {
|
_utc_date() {
|
||||||
date -u "+%Y-%m-%d %H:%M:%S"
|
date -u "+%Y-%m-%d %H:%M:%S"
|
||||||
}
|
}
|
||||||
@ -3768,7 +3786,7 @@ updateaccount() {
|
|||||||
|
|
||||||
if [ "$code" = '200' ]; then
|
if [ "$code" = '200' ]; then
|
||||||
echo "$response" >"$ACCOUNT_JSON_PATH"
|
echo "$response" >"$ACCOUNT_JSON_PATH"
|
||||||
_info "account update success for $_accUri."
|
_info "Account update success for $_accUri."
|
||||||
else
|
else
|
||||||
_info "Error. The account was not updated."
|
_info "Error. The account was not updated."
|
||||||
return 1
|
return 1
|
||||||
@ -4207,6 +4225,40 @@ _getIdType() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# beginTime dateTo
|
||||||
|
# beginTime is full string format("2022-04-01T08:10:33Z"), beginTime can be empty, to use current time
|
||||||
|
# dateTo can be ether in full string format("2022-04-01T08:10:33Z") or in delta format(+5d or +20h)
|
||||||
|
_convertValidaty() {
|
||||||
|
_beginTime="$1"
|
||||||
|
_dateTo="$2"
|
||||||
|
_debug2 "_beginTime" "$_beginTime"
|
||||||
|
_debug2 "_dateTo" "$_dateTo"
|
||||||
|
|
||||||
|
if _startswith "$_dateTo" "+"; then
|
||||||
|
_v_begin=$(_time)
|
||||||
|
if [ "$_beginTime" ]; then
|
||||||
|
_v_begin="$(_date2time "$_beginTime")"
|
||||||
|
fi
|
||||||
|
_debug2 "_v_begin" "$_v_begin"
|
||||||
|
if _endswith "$_dateTo" "h"; then
|
||||||
|
_v_end=$(_math "$_v_begin + 60 * 60 * $(echo "$_dateTo" | tr -d '+h')")
|
||||||
|
elif _endswith "$_dateTo" "d"; then
|
||||||
|
_v_end=$(_math "$_v_begin + 60 * 60 * 24 * $(echo "$_dateTo" | tr -d '+d')")
|
||||||
|
else
|
||||||
|
_err "Not recognized format for _dateTo: $_dateTo"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 "_v_end" "$_v_end"
|
||||||
|
_time2str "$_v_end"
|
||||||
|
else
|
||||||
|
if [ "$(_time)" -gt "$(_date2time "$_dateTo")" ]; then
|
||||||
|
_err "The validaty to is in the past: _dateTo = $_dateTo"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
echo "$_dateTo"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
@ -4240,6 +4292,8 @@ issue() {
|
|||||||
_local_addr="${13}"
|
_local_addr="${13}"
|
||||||
_challenge_alias="${14}"
|
_challenge_alias="${14}"
|
||||||
_preferred_chain="${15}"
|
_preferred_chain="${15}"
|
||||||
|
_valid_from="${16}"
|
||||||
|
_valid_to="${17}"
|
||||||
|
|
||||||
if [ -z "$_ACME_IS_RENEW" ]; then
|
if [ -z "$_ACME_IS_RENEW" ]; then
|
||||||
_initpath "$_main_domain" "$_key_length"
|
_initpath "$_main_domain" "$_key_length"
|
||||||
@ -4381,12 +4435,52 @@ issue() {
|
|||||||
_identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
|
_identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
|
||||||
done
|
done
|
||||||
_debug2 _identifiers "$_identifiers"
|
_debug2 _identifiers "$_identifiers"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
_notBefore=""
|
||||||
|
_notAfter=""
|
||||||
|
|
||||||
|
if [ "$_valid_from" ]; then
|
||||||
|
_savedomainconf "Le_Valid_From" "$_valid_from"
|
||||||
|
_debug2 "_valid_from" "$_valid_from"
|
||||||
|
_notBefore="$(_convertValidaty "" "$_valid_from")"
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
_err "Can not parse _valid_from: $_valid_from"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if [ "$(_time)" -gt "$(_date2time "$_notBefore")" ]; then
|
||||||
|
_notBefore=""
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_cleardomainconf "Le_Valid_From"
|
||||||
|
fi
|
||||||
|
_debug2 _notBefore "$_notBefore"
|
||||||
|
|
||||||
|
if [ "$_valid_to" ]; then
|
||||||
|
_debug2 "_valid_to" "$_valid_to"
|
||||||
|
_savedomainconf "Le_Valid_To" "$_valid_to"
|
||||||
|
_notAfter="$(_convertValidaty "$_notBefore" "$_valid_to")"
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
_err "Can not parse _valid_to: $_valid_to"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_cleardomainconf "Le_Valid_To"
|
||||||
|
fi
|
||||||
|
_debug2 "_notAfter" "$_notAfter"
|
||||||
|
|
||||||
|
_newOrderObj="{\"identifiers\": [$_identifiers]"
|
||||||
|
if [ "$_notBefore" ]; then
|
||||||
|
_newOrderObj="$_newOrderObj,\"notBefore\": \"$_notBefore\""
|
||||||
|
fi
|
||||||
|
if [ "$_notAfter" ]; then
|
||||||
|
_newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\""
|
||||||
|
fi
|
||||||
|
if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then
|
||||||
_err "Create new order error."
|
_err "Create new order error."
|
||||||
_clearup
|
_clearup
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)"
|
Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)"
|
||||||
_debug Le_LinkOrder "$Le_LinkOrder"
|
_debug Le_LinkOrder "$Le_LinkOrder"
|
||||||
Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)"
|
Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)"
|
||||||
@ -5086,13 +5180,15 @@ $_authorizations_map"
|
|||||||
else
|
else
|
||||||
_cleardomainconf Le_ForceNewDomainKey
|
_cleardomainconf Le_ForceNewDomainKey
|
||||||
fi
|
fi
|
||||||
|
if [ "$_notAfter" ]; then
|
||||||
|
Le_NextRenewTime=$(_date2time "$_notAfter")
|
||||||
|
Le_NextRenewTimeStr="$_notAfter"
|
||||||
|
else
|
||||||
Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60)
|
Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60)
|
||||||
|
|
||||||
Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime")
|
Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime")
|
||||||
_savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr"
|
|
||||||
|
|
||||||
Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400)
|
Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400)
|
||||||
|
fi
|
||||||
|
_savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr"
|
||||||
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime"
|
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime"
|
||||||
|
|
||||||
if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
|
if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then
|
||||||
@ -6629,6 +6725,11 @@ Parameters:
|
|||||||
If no match, the default offered chain will be used. (default: empty)
|
If no match, the default offered chain will be used. (default: empty)
|
||||||
See: $_PREFERRED_CHAIN_WIKI
|
See: $_PREFERRED_CHAIN_WIKI
|
||||||
|
|
||||||
|
--valid-to <date-time> Request the NotAfter field of the cert.
|
||||||
|
See: $_VALIDITY_WIKI
|
||||||
|
--valid-from <date-time> Request the NotBefore field of the cert.
|
||||||
|
See: $_VALIDITY_WIKI
|
||||||
|
|
||||||
-f, --force Force install, force cert renewal or override sudo restrictions.
|
-f, --force Force install, force cert renewal or override sudo restrictions.
|
||||||
--staging, --test Use staging server, for testing.
|
--staging, --test Use staging server, for testing.
|
||||||
--debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted.
|
--debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted.
|
||||||
@ -6989,6 +7090,8 @@ _process() {
|
|||||||
_eab_kid=""
|
_eab_kid=""
|
||||||
_eab_hmac_key=""
|
_eab_hmac_key=""
|
||||||
_preferred_chain=""
|
_preferred_chain=""
|
||||||
|
_valid_from=""
|
||||||
|
_valid_to=""
|
||||||
while [ ${#} -gt 0 ]; do
|
while [ ${#} -gt 0 ]; do
|
||||||
case "${1}" in
|
case "${1}" in
|
||||||
|
|
||||||
@ -7296,6 +7399,14 @@ _process() {
|
|||||||
Le_RenewalDays="$_days"
|
Le_RenewalDays="$_days"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--valid-from)
|
||||||
|
_valid_from="$2"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--valid-to)
|
||||||
|
_valid_to="$2"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
--httpport)
|
--httpport)
|
||||||
_httpport="$2"
|
_httpport="$2"
|
||||||
Le_HTTPPort="$_httpport"
|
Le_HTTPPort="$_httpport"
|
||||||
@ -7557,7 +7668,7 @@ _process() {
|
|||||||
uninstall) uninstall "$_nocron" ;;
|
uninstall) uninstall "$_nocron" ;;
|
||||||
upgrade) upgrade ;;
|
upgrade) upgrade ;;
|
||||||
issue)
|
issue)
|
||||||
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain"
|
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to"
|
||||||
;;
|
;;
|
||||||
deploy)
|
deploy)
|
||||||
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
||||||
|
Loading…
Reference in New Issue
Block a user