mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-18 04:11:46 +00:00
commit
e3cd96bf19
32
acme.sh
32
acme.sh
@ -435,8 +435,10 @@ _secure_debug3() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
__USE_TR_RAW="$([ "$(echo "abc" | tr a-z A-Z 2>/dev/null)" = "ABC" ] && echo 1 || echo 0)"
|
||||||
|
|
||||||
_upper_case() {
|
_upper_case() {
|
||||||
if _is_solaris; then
|
if [ "$__USE_TR_RAW" = "0" ]; then
|
||||||
tr '[:lower:]' '[:upper:]'
|
tr '[:lower:]' '[:upper:]'
|
||||||
else
|
else
|
||||||
# shellcheck disable=SC2018,SC2019
|
# shellcheck disable=SC2018,SC2019
|
||||||
@ -445,7 +447,7 @@ _upper_case() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_lower_case() {
|
_lower_case() {
|
||||||
if _is_solaris; then
|
if [ "$__USE_TR_RAW" = "0" ]; then
|
||||||
tr '[:upper:]' '[:lower:]'
|
tr '[:upper:]' '[:lower:]'
|
||||||
else
|
else
|
||||||
# shellcheck disable=SC2018,SC2019
|
# shellcheck disable=SC2018,SC2019
|
||||||
@ -5752,7 +5754,9 @@ _installcert() {
|
|||||||
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||||
cp "$_real_cert" "$_backup_path/cert.bak"
|
cp "$_real_cert" "$_backup_path/cert.bak"
|
||||||
fi
|
fi
|
||||||
cat "$CERT_PATH" >"$_real_cert" || return 1
|
if [ "$CERT_PATH" != "$_real_cert" ]; then
|
||||||
|
cat "$CERT_PATH" >"$_real_cert" || return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$_real_ca" ]; then
|
if [ "$_real_ca" ]; then
|
||||||
@ -5764,7 +5768,9 @@ _installcert() {
|
|||||||
if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||||
cp "$_real_ca" "$_backup_path/ca.bak"
|
cp "$_real_ca" "$_backup_path/ca.bak"
|
||||||
fi
|
fi
|
||||||
cat "$CA_CERT_PATH" >"$_real_ca" || return 1
|
if [ "$CA_CERT_PATH" != "$_real_ca" ]; then
|
||||||
|
cat "$CA_CERT_PATH" >"$_real_ca" || return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -5773,12 +5779,14 @@ _installcert() {
|
|||||||
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||||
cp "$_real_key" "$_backup_path/key.bak"
|
cp "$_real_key" "$_backup_path/key.bak"
|
||||||
fi
|
fi
|
||||||
if [ -f "$_real_key" ]; then
|
if [ "$CERT_KEY_PATH" != "$_real_key" ]; then
|
||||||
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
|
if [ -f "$_real_key" ]; then
|
||||||
else
|
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
|
||||||
touch "$_real_key" || return 1
|
else
|
||||||
chmod 600 "$_real_key"
|
touch "$_real_key" || return 1
|
||||||
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
|
chmod 600 "$_real_key"
|
||||||
|
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -5787,7 +5795,9 @@ _installcert() {
|
|||||||
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||||
cp "$_real_fullchain" "$_backup_path/fullchain.bak"
|
cp "$_real_fullchain" "$_backup_path/fullchain.bak"
|
||||||
fi
|
fi
|
||||||
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
|
if [ "$_real_fullchain" != "$CERT_FULLCHAIN_PATH" ]; then
|
||||||
|
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$_reload_cmd" ]; then
|
if [ "$_reload_cmd" ]; then
|
||||||
|
@ -53,7 +53,7 @@ qiniu_deploy() {
|
|||||||
sslcert_access_token="$(_make_access_token "$sslcert_path")"
|
sslcert_access_token="$(_make_access_token "$sslcert_path")"
|
||||||
_debug sslcert_access_token "$sslcert_access_token"
|
_debug sslcert_access_token "$sslcert_access_token"
|
||||||
export _H1="Authorization: QBox $sslcert_access_token"
|
export _H1="Authorization: QBox $sslcert_access_token"
|
||||||
sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline")
|
sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64)
|
||||||
|
|
||||||
if ! _contains "$sslcert_response" "certID"; then
|
if ! _contains "$sslcert_response" "certID"; then
|
||||||
_err "Error in creating certificate:"
|
_err "Error in creating certificate:"
|
||||||
@ -75,7 +75,7 @@ qiniu_deploy() {
|
|||||||
update_access_token="$(_make_access_token "$update_path")"
|
update_access_token="$(_make_access_token "$update_path")"
|
||||||
_debug update_access_token "$update_access_token"
|
_debug update_access_token "$update_access_token"
|
||||||
export _H1="Authorization: QBox $update_access_token"
|
export _H1="Authorization: QBox $update_access_token"
|
||||||
update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline")
|
update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64)
|
||||||
|
|
||||||
if _contains "$update_response" "error"; then
|
if _contains "$update_response" "error"; then
|
||||||
_err "Error in updating domain $domain httpsconf:"
|
_err "Error in updating domain $domain httpsconf:"
|
||||||
|
@ -155,31 +155,20 @@ _get_root() {
|
|||||||
i=1
|
i=1
|
||||||
p=1
|
p=1
|
||||||
|
|
||||||
if aws_rest GET "2013-04-01/hostedzone"; then
|
# iterate over names (a.b.c.d -> b.c.d -> c.d -> d)
|
||||||
while true; do
|
while true; do
|
||||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
_debug2 "Checking domain: $h"
|
_debug "Checking domain: $h"
|
||||||
if [ -z "$h" ]; then
|
if [ -z "$h" ]; then
|
||||||
if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then
|
_error "invalid domain"
|
||||||
_debug "IsTruncated"
|
return 1
|
||||||
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
fi
|
||||||
_debug "NextMarker" "$_nextMarker"
|
|
||||||
if aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"; then
|
|
||||||
_debug "Truncated request OK"
|
|
||||||
i=2
|
|
||||||
p=1
|
|
||||||
continue
|
|
||||||
else
|
|
||||||
_err "Truncated request error."
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
#not valid
|
|
||||||
_err "Invalid domain"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
# iterate over paginated result for list_hosted_zones
|
||||||
|
aws_rest GET "2013-04-01/hostedzone"
|
||||||
|
while true; do
|
||||||
if _contains "$response" "<Name>$h.</Name>"; then
|
if _contains "$response" "<Name>$h.</Name>"; then
|
||||||
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")"
|
hostedzone="$(echo "$response" | tr -d '\n' | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")"
|
||||||
_debug hostedzone "$hostedzone"
|
_debug hostedzone "$hostedzone"
|
||||||
if [ "$hostedzone" ]; then
|
if [ "$hostedzone" ]; then
|
||||||
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>")
|
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>")
|
||||||
@ -192,10 +181,19 @@ _get_root() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
p=$i
|
if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then
|
||||||
i=$(_math "$i" + 1)
|
_debug "IsTruncated"
|
||||||
|
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||||
|
_debug "NextMarker" "$_nextMarker"
|
||||||
|
else
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
_debug "Checking domain: $h - Next Page "
|
||||||
|
aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"
|
||||||
done
|
done
|
||||||
fi
|
p=$i
|
||||||
|
i=$(_math "$i" + 1)
|
||||||
|
done
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,7 +32,8 @@ dns_cf_add() {
|
|||||||
else
|
else
|
||||||
_saveaccountconf_mutable CF_Token "$CF_Token"
|
_saveaccountconf_mutable CF_Token "$CF_Token"
|
||||||
_saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
|
_saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
|
||||||
_saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID"
|
_clearaccountconf_mutable CF_Zone_ID
|
||||||
|
_clearaccountconf CF_Zone_ID
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
||||||
@ -51,6 +52,14 @@ dns_cf_add() {
|
|||||||
#save the api key and email to the account conf file.
|
#save the api key and email to the account conf file.
|
||||||
_saveaccountconf_mutable CF_Key "$CF_Key"
|
_saveaccountconf_mutable CF_Key "$CF_Key"
|
||||||
_saveaccountconf_mutable CF_Email "$CF_Email"
|
_saveaccountconf_mutable CF_Email "$CF_Email"
|
||||||
|
|
||||||
|
_clearaccountconf_mutable CF_Token
|
||||||
|
_clearaccountconf_mutable CF_Account_ID
|
||||||
|
_clearaccountconf_mutable CF_Zone_ID
|
||||||
|
_clearaccountconf CF_Token
|
||||||
|
_clearaccountconf CF_Account_ID
|
||||||
|
_clearaccountconf CF_Zone_ID
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_debug "First detect the root zone"
|
_debug "First detect the root zone"
|
||||||
|
@ -44,7 +44,7 @@ dns_cyon_rm() {
|
|||||||
_cyon_load_credentials() {
|
_cyon_load_credentials() {
|
||||||
# Convert loaded password to/from base64 as needed.
|
# Convert loaded password to/from base64 as needed.
|
||||||
if [ "${CY_Password_B64}" ]; then
|
if [ "${CY_Password_B64}" ]; then
|
||||||
CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64 "multiline")"
|
CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64)"
|
||||||
elif [ "${CY_Password}" ]; then
|
elif [ "${CY_Password}" ]; then
|
||||||
CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)"
|
CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)"
|
||||||
fi
|
fi
|
||||||
|
@ -98,7 +98,7 @@ _dns_gcloud_remove_rrs() {
|
|||||||
--ttl="$ttl" \
|
--ttl="$ttl" \
|
||||||
--type=TXT \
|
--type=TXT \
|
||||||
--zone="$managedZone" \
|
--zone="$managedZone" \
|
||||||
--transaction-file="$tr"; then
|
--transaction-file="$tr" --; then
|
||||||
_debug tr "$(cat "$tr")"
|
_debug tr "$(cat "$tr")"
|
||||||
rm -r "$trd"
|
rm -r "$trd"
|
||||||
_err "_dns_gcloud_remove_rrs: failed to remove RRs"
|
_err "_dns_gcloud_remove_rrs: failed to remove RRs"
|
||||||
@ -113,7 +113,7 @@ _dns_gcloud_add_rrs() {
|
|||||||
--ttl="$ttl" \
|
--ttl="$ttl" \
|
||||||
--type=TXT \
|
--type=TXT \
|
||||||
--zone="$managedZone" \
|
--zone="$managedZone" \
|
||||||
--transaction-file="$tr"; then
|
--transaction-file="$tr" --; then
|
||||||
_debug tr "$(cat "$tr")"
|
_debug tr "$(cat "$tr")"
|
||||||
rm -r "$trd"
|
rm -r "$trd"
|
||||||
_err "_dns_gcloud_add_rrs: failed to add RRs"
|
_err "_dns_gcloud_add_rrs: failed to add RRs"
|
||||||
|
@ -259,7 +259,7 @@ _set_namecheap_TXT() {
|
|||||||
_debug hosts "$hosts"
|
_debug hosts "$hosts"
|
||||||
|
|
||||||
if [ -z "$hosts" ]; then
|
if [ -z "$hosts" ]; then
|
||||||
_error "Hosts not found"
|
_err "Hosts not found"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -313,7 +313,7 @@ _del_namecheap_TXT() {
|
|||||||
_debug hosts "$hosts"
|
_debug hosts "$hosts"
|
||||||
|
|
||||||
if [ -z "$hosts" ]; then
|
if [ -z "$hosts" ]; then
|
||||||
_error "Hosts not found"
|
_err "Hosts not found"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -5,7 +5,8 @@
|
|||||||
#
|
#
|
||||||
# ULTRA_PWD="some_password_goes_here"
|
# ULTRA_PWD="some_password_goes_here"
|
||||||
|
|
||||||
ULTRA_API="https://restapi.ultradns.com/v2/"
|
ULTRA_API="https://api.ultradns.com/v3/"
|
||||||
|
ULTRA_AUTH_API="https://api.ultradns.com/v2/"
|
||||||
|
|
||||||
#Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt"
|
#Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt"
|
||||||
dns_ultra_add() {
|
dns_ultra_add() {
|
||||||
@ -121,7 +122,7 @@ _get_root() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
if _contains "${response}" "${h}." >/dev/null; then
|
if _contains "${response}" "${h}." >/dev/null; then
|
||||||
_domain_id=$(echo "$response" | _egrep_o "${h}")
|
_domain_id=$(echo "$response" | _egrep_o "${h}" | head -1)
|
||||||
if [ "$_domain_id" ]; then
|
if [ "$_domain_id" ]; then
|
||||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
_domain="${h}"
|
_domain="${h}"
|
||||||
@ -142,23 +143,25 @@ _ultra_rest() {
|
|||||||
ep="$2"
|
ep="$2"
|
||||||
data="$3"
|
data="$3"
|
||||||
_debug "$ep"
|
_debug "$ep"
|
||||||
_debug TOKEN "${AUTH_TOKEN}"
|
if [ -z "$AUTH_TOKEN" ]; then
|
||||||
|
_ultra_login
|
||||||
|
fi
|
||||||
|
_debug TOKEN "$AUTH_TOKEN"
|
||||||
|
|
||||||
_ultra_login
|
|
||||||
export _H1="Content-Type: application/json"
|
export _H1="Content-Type: application/json"
|
||||||
export _H2="Authorization: Bearer ${AUTH_TOKEN}"
|
export _H2="Authorization: Bearer $AUTH_TOKEN"
|
||||||
|
|
||||||
if [ "$m" != "GET" ]; then
|
if [ "$m" != "GET" ]; then
|
||||||
_debug data "${data}"
|
_debug data "$data"
|
||||||
response="$(_post "${data}" "${ULTRA_API}"/"${ep}" "" "${m}")"
|
response="$(_post "$data" "$ULTRA_API$ep" "" "$m")"
|
||||||
else
|
else
|
||||||
response="$(_get "$ULTRA_API/$ep")"
|
response="$(_get "$ULTRA_API$ep")"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_ultra_login() {
|
_ultra_login() {
|
||||||
export _H1=""
|
export _H1=""
|
||||||
export _H2=""
|
export _H2=""
|
||||||
AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_API}authorization/token" | cut -d, -f3 | cut -d\" -f4)
|
AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_AUTH_API}authorization/token" | cut -d, -f3 | cut -d\" -f4)
|
||||||
export AUTH_TOKEN
|
export AUTH_TOKEN
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user