From 9d548d81ac22f1613b4fe83b5e3b06a283fd2294 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:03:41 +0800 Subject: [PATCH 1/5] add more debug info --- acme.sh | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 28d80b1e..3f4fbebb 100755 --- a/acme.sh +++ b/acme.sh @@ -91,6 +91,30 @@ _printargs() { printf "\n" } +_dlg_versions() { + echo "Diagnosis versions: " + echo "openssl:" + if _exists openssl ; then + openssl version 2>&1 + else + echo "openssl doesn't exists." + fi + + echo "apache:" + if [ "$_APACHECTL" ] && _exists "$_APACHECTL" ; then + _APACHECTL -V 2>&1 + else + echo "apache doesn't exists." + fi + + echo "nc:" + if _exists "nc" ; then + nc -h 2>&1 + else + _debug "nc doesn't exists." + fi +} + _log() { [ -z "$LOG_FILE" ] && return @@ -2058,6 +2082,10 @@ _on_issue_err() { _err "See: $_DEBUG_WIKI" fi + if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ] ; then + _debug "$(_dlg_versions)" + fi + #run the post hook if [ "$Le_PostHook" ] ; then _info "Run post hook:'$Le_PostHook'" @@ -4358,7 +4386,9 @@ _process() { _processAccountConf fi - + + _debug2 LE_WORKING_DIR "$LE_WORKING_DIR" + if [ "$DEBUG" ] ; then version fi From 29b751095713fbd1f7a22242e652aa84ef2b380b Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:22:01 +0800 Subject: [PATCH 2/5] add sign error check. --- acme.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3f4fbebb..18453b6d 100755 --- a/acme.sh +++ b/acme.sh @@ -1185,7 +1185,13 @@ _send_signed_request() { protected64="$(printf "$protected" | _base64 | _urlencode)" _debug3 protected64 "$protected64" - sig=$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256" | _urlencode) + if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")" ; then + _err "Sign request failed." + return 1 + fi + _debug3 _sig_t "$_sig_t" + + sig="$(printf "%s" "$_sig_t" | _urlencode)" _debug3 sig "$sig" body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" From d22b7938dae42e92d0af60f060c56ea4354f851c Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:45:50 +0800 Subject: [PATCH 3/5] fix old version openssl issue for ecc key --- acme.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/acme.sh b/acme.sh index 18453b6d..b1703ec8 100755 --- a/acme.sh +++ b/acme.sh @@ -891,6 +891,26 @@ _calcjwk() { crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" + if [ -z "$crv" ] ; then + _debug "Let's try ASN1 OID" + crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + case "${crv_oid}" in + "prime256v1") + crv="P-256" + ;; + "secp384r1") + crv="P-384" + ;; + "secp521r1") + crv="P-521" + ;; + *) + _err "ECC oid : $crv_oid" + return 1 + ;; + _debug3 crv "$crv" + fi + pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi" From 067d586c1c2f17360d05ff79cae747f8bd7bc5a6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:47:45 +0800 Subject: [PATCH 4/5] typo --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index b1703ec8..2c1aacf4 100755 --- a/acme.sh +++ b/acme.sh @@ -908,6 +908,7 @@ _calcjwk() { _err "ECC oid : $crv_oid" return 1 ;; + esac _debug3 crv "$crv" fi From cae9cee295ccedeb5dda0f84042bcf9ed462f3d1 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:53:33 +0800 Subject: [PATCH 5/5] add debug info --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index 2c1aacf4..8e86b03e 100755 --- a/acme.sh +++ b/acme.sh @@ -894,6 +894,7 @@ _calcjwk() { if [ -z "$crv" ] ; then _debug "Let's try ASN1 OID" crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + _debug3 crv_oid "$crv_oid" case "${crv_oid}" in "prime256v1") crv="P-256"