mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
Merge remote-tracking branch 'upstream/master' into ssh-deploy
This commit is contained in:
commit
e925ab0999
4
.github/ISSUE_TEMPLATE.md
vendored
4
.github/ISSUE_TEMPLATE.md
vendored
@ -1,4 +1,6 @@
|
|||||||
<!--
|
<!--
|
||||||
|
请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试输出,我帮不了你.
|
||||||
|
如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
|
||||||
|
|
||||||
If it is a bug report:
|
If it is a bug report:
|
||||||
- make sure you are able to repro it on the latest released version.
|
- make sure you are able to repro it on the latest released version.
|
||||||
@ -8,13 +10,11 @@ You can install the latest version by: `acme.sh --upgrade`
|
|||||||
- Refer to the [WIKI](https://wiki.acme.sh).
|
- Refer to the [WIKI](https://wiki.acme.sh).
|
||||||
- Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh).
|
- Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh).
|
||||||
|
|
||||||
|
|
||||||
-->
|
-->
|
||||||
|
|
||||||
Steps to reproduce
|
Steps to reproduce
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
|
|
||||||
Debug log
|
Debug log
|
||||||
-----------------
|
-----------------
|
||||||
|
|
||||||
|
@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT**
|
|||||||
|
|
||||||
**Apache** example:
|
**Apache** example:
|
||||||
```bash
|
```bash
|
||||||
acme.sh --installcert -d example.com \
|
acme.sh --install-cert -d example.com \
|
||||||
--certpath /path/to/certfile/in/apache/cert.pem \
|
--certpath /path/to/certfile/in/apache/cert.pem \
|
||||||
--keypath /path/to/keyfile/in/apache/key.pem \
|
--keypath /path/to/keyfile/in/apache/key.pem \
|
||||||
--fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
|
--fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
|
||||||
@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \
|
|||||||
|
|
||||||
**Nginx** example:
|
**Nginx** example:
|
||||||
```bash
|
```bash
|
||||||
acme.sh --installcert -d example.com \
|
acme.sh --install-cert -d example.com \
|
||||||
--keypath /path/to/keyfile/in/nginx/key.pem \
|
--keypath /path/to/keyfile/in/nginx/key.pem \
|
||||||
--fullchainpath /path/to/fullchain/nginx/cert.pem \
|
--fullchainpath /path/to/fullchain/nginx/cert.pem \
|
||||||
--reloadcmd "service nginx force-reload"
|
--reloadcmd "service nginx force-reload"
|
||||||
|
99
acme.sh
99
acme.sh
@ -61,6 +61,10 @@ LOG_LEVEL_2=2
|
|||||||
LOG_LEVEL_3=3
|
LOG_LEVEL_3=3
|
||||||
DEFAULT_LOG_LEVEL="$LOG_LEVEL_1"
|
DEFAULT_LOG_LEVEL="$LOG_LEVEL_1"
|
||||||
|
|
||||||
|
SYSLOG_INFO="user.info"
|
||||||
|
SYSLOG_ERROR="user.error"
|
||||||
|
SYSLOG_DEBUG="user.debug"
|
||||||
|
|
||||||
_DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh"
|
_DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh"
|
||||||
|
|
||||||
_PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
|
_PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
|
||||||
@ -128,18 +132,30 @@ _dlg_versions() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#class
|
||||||
|
_syslog() {
|
||||||
|
if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
_logclass="$1"
|
||||||
|
shift
|
||||||
|
logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
|
||||||
|
}
|
||||||
|
|
||||||
_log() {
|
_log() {
|
||||||
|
_syslog "$@"
|
||||||
[ -z "$LOG_FILE" ] && return
|
[ -z "$LOG_FILE" ] && return
|
||||||
|
shift
|
||||||
_printargs "$@" >>"$LOG_FILE"
|
_printargs "$@" >>"$LOG_FILE"
|
||||||
}
|
}
|
||||||
|
|
||||||
_info() {
|
_info() {
|
||||||
_log "$@"
|
_log "$SYSLOG_INFO" "$@"
|
||||||
_printargs "$@"
|
_printargs "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
_err() {
|
_err() {
|
||||||
_log "$@"
|
_log "$SYSLOG_ERROR" "$@"
|
||||||
if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
|
if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
|
||||||
printf -- "%s" "[$(date)] " >&2
|
printf -- "%s" "[$(date)] " >&2
|
||||||
fi
|
fi
|
||||||
@ -159,7 +175,7 @@ _usage() {
|
|||||||
|
|
||||||
_debug() {
|
_debug() {
|
||||||
if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then
|
if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then
|
||||||
_log "$@"
|
_log "$SYSLOG_DEBUG" "$@"
|
||||||
fi
|
fi
|
||||||
if [ -z "$DEBUG" ]; then
|
if [ -z "$DEBUG" ]; then
|
||||||
return
|
return
|
||||||
@ -169,19 +185,19 @@ _debug() {
|
|||||||
|
|
||||||
_debug2() {
|
_debug2() {
|
||||||
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then
|
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then
|
||||||
_log "$@"
|
_log "$SYSLOG_DEBUG" "$@"
|
||||||
fi
|
fi
|
||||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
||||||
_debug "$@"
|
_printargs "$@" >&2
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_debug3() {
|
_debug3() {
|
||||||
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then
|
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then
|
||||||
_log "$@"
|
_log "$SYSLOG_DEBUG" "$@"
|
||||||
fi
|
fi
|
||||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then
|
||||||
_debug "$@"
|
_printargs "$@" >&2
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -364,8 +380,16 @@ _ascii_hex() {
|
|||||||
#input:"abc"
|
#input:"abc"
|
||||||
#output: " 61 62 63"
|
#output: " 61 62 63"
|
||||||
_hex_dump() {
|
_hex_dump() {
|
||||||
#in wired some system, the od command is missing.
|
if _exists od; then
|
||||||
if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then
|
od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n"
|
||||||
|
elif _exists hexdump; then
|
||||||
|
_debug3 "using hexdump"
|
||||||
|
hexdump -v -e '/1 ""' -e '/1 " %02x" ""'
|
||||||
|
elif _exists xxd; then
|
||||||
|
_debug3 "using xxd"
|
||||||
|
xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " "
|
||||||
|
else
|
||||||
|
_debug3 "using _ascii_hex"
|
||||||
str=$(cat)
|
str=$(cat)
|
||||||
_ascii_hex "$str"
|
_ascii_hex "$str"
|
||||||
fi
|
fi
|
||||||
@ -896,7 +920,11 @@ _createcsr() {
|
|||||||
|
|
||||||
_csr_cn="$(_idn "$domain")"
|
_csr_cn="$(_idn "$domain")"
|
||||||
_debug2 _csr_cn "$_csr_cn"
|
_debug2 _csr_cn "$_csr_cn"
|
||||||
$OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
if _contains "$(uname -a)" "MINGW"; then
|
||||||
|
$OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
||||||
|
else
|
||||||
|
$OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
#_signcsr key csr conf cert
|
#_signcsr key csr conf cert
|
||||||
@ -4234,7 +4262,7 @@ Commands:
|
|||||||
--version, -v Show version info.
|
--version, -v Show version info.
|
||||||
--install Install $PROJECT_NAME to your system.
|
--install Install $PROJECT_NAME to your system.
|
||||||
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
|
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
|
||||||
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT .
|
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
|
||||||
--issue Issue a cert.
|
--issue Issue a cert.
|
||||||
--signcsr Issue a cert from an existing csr.
|
--signcsr Issue a cert from an existing csr.
|
||||||
--deploy Deploy the cert to your server.
|
--deploy Deploy the cert to your server.
|
||||||
@ -4251,8 +4279,8 @@ Commands:
|
|||||||
--toPkcs Export the certificate and key to a pfx file.
|
--toPkcs Export the certificate and key to a pfx file.
|
||||||
--update-account Update account info.
|
--update-account Update account info.
|
||||||
--register-account Register account key.
|
--register-account Register account key.
|
||||||
--createAccountKey, -cak Create an account private key, professional use.
|
--create-account-key Create an account private key, professional use.
|
||||||
--createDomainKey, -cdk Create an domain private key, professional use.
|
--create-domain-key Create an domain private key, professional use.
|
||||||
--createCSR, -ccsr Create CSR , professional use.
|
--createCSR, -ccsr Create CSR , professional use.
|
||||||
--deactivate Deactivate the domain authz, professional use.
|
--deactivate Deactivate the domain authz, professional use.
|
||||||
|
|
||||||
@ -4274,6 +4302,7 @@ Parameters:
|
|||||||
--accountkeylength, -ak [2048] Specifies the account key length.
|
--accountkeylength, -ak [2048] Specifies the account key length.
|
||||||
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
|
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
|
||||||
--log-level 1|2 Specifies the log level, default is 1.
|
--log-level 1|2 Specifies the log level, default is 1.
|
||||||
|
--syslog [1|0] Enable/Disable syslog.
|
||||||
|
|
||||||
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
|
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
|
||||||
|
|
||||||
@ -4432,6 +4461,7 @@ _process() {
|
|||||||
_listen_v4=""
|
_listen_v4=""
|
||||||
_listen_v6=""
|
_listen_v6=""
|
||||||
_openssl_bin=""
|
_openssl_bin=""
|
||||||
|
_syslog=""
|
||||||
while [ ${#} -gt 0 ]; do
|
while [ ${#} -gt 0 ]; do
|
||||||
case "${1}" in
|
case "${1}" in
|
||||||
|
|
||||||
@ -4494,10 +4524,10 @@ _process() {
|
|||||||
--toPkcs)
|
--toPkcs)
|
||||||
_CMD="toPkcs"
|
_CMD="toPkcs"
|
||||||
;;
|
;;
|
||||||
--createAccountKey | --createaccountkey | -cak)
|
--createAccountKey | --createaccountkey | -cak | --create-account-key)
|
||||||
_CMD="createAccountKey"
|
_CMD="createAccountKey"
|
||||||
;;
|
;;
|
||||||
--createDomainKey | --createdomainkey | -cdk)
|
--createDomainKey | --createdomainkey | -cdk | --create-domain-key)
|
||||||
_CMD="createDomainKey"
|
_CMD="createDomainKey"
|
||||||
;;
|
;;
|
||||||
--createCSR | --createcsr | -ccr)
|
--createCSR | --createcsr | -ccr)
|
||||||
@ -4762,6 +4792,15 @@ _process() {
|
|||||||
LOG_LEVEL="$_log_level"
|
LOG_LEVEL="$_log_level"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--syslog)
|
||||||
|
if ! _startswith "$2" '-'; then
|
||||||
|
_syslog="$2"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
|
if [ -z "$_syslog" ]; then
|
||||||
|
_syslog="1"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
--auto-upgrade)
|
--auto-upgrade)
|
||||||
_auto_upgrade="$2"
|
_auto_upgrade="$2"
|
||||||
if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then
|
if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then
|
||||||
@ -4809,6 +4848,21 @@ _process() {
|
|||||||
LOG_LEVEL="$_log_level"
|
LOG_LEVEL="$_log_level"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$_syslog" ]; then
|
||||||
|
if _exists logger; then
|
||||||
|
if [ "$_syslog" = "0" ]; then
|
||||||
|
_clearaccountconf "SYS_LOG"
|
||||||
|
else
|
||||||
|
_saveaccountconf "SYS_LOG" "$_syslog"
|
||||||
|
fi
|
||||||
|
SYS_LOG="$_syslog"
|
||||||
|
else
|
||||||
|
_err "The 'logger' command is not found, can not enable syslog."
|
||||||
|
_clearaccountconf "SYS_LOG"
|
||||||
|
SYS_LOG=""
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
_processAccountConf
|
_processAccountConf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -4901,6 +4955,21 @@ _process() {
|
|||||||
if [ "$_log_level" ]; then
|
if [ "$_log_level" ]; then
|
||||||
_saveaccountconf "LOG_LEVEL" "$_log_level"
|
_saveaccountconf "LOG_LEVEL" "$_log_level"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$_syslog" ]; then
|
||||||
|
if _exists logger; then
|
||||||
|
if [ "$_syslog" = "0" ]; then
|
||||||
|
_clearaccountconf "SYS_LOG"
|
||||||
|
else
|
||||||
|
_saveaccountconf "SYS_LOG" "$_syslog"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_err "The 'logger' command is not found, can not enable syslog."
|
||||||
|
_clearaccountconf "SYS_LOG"
|
||||||
|
SYS_LOG=""
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
_processAccountConf
|
_processAccountConf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1,6 +1,28 @@
|
|||||||
#Using deploy api
|
# Using deploy api
|
||||||
|
|
||||||
#Using the ssh deploy plugin
|
Here are the scripts to deploy the certs/key to the server/services.
|
||||||
|
|
||||||
|
## 1. Deploy the certs to your cpanel host.
|
||||||
|
|
||||||
|
(cpanel deploy hook is not finished yet, this is just an example.)
|
||||||
|
|
||||||
|
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
|
||||||
|
|
||||||
|
Then you can deploy now:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
export DEPLOY_CPANEL_USER=myusername
|
||||||
|
export DEPLOY_CPANEL_PASSWORD=PASSWORD
|
||||||
|
acme.sh --deploy -d example.com --deploy --deploy-hook cpanel
|
||||||
|
```
|
||||||
|
|
||||||
|
## 2. Deploy ssl cert on kong proxy engine based on api.
|
||||||
|
|
||||||
|
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
|
||||||
|
|
||||||
|
(TODO)
|
||||||
|
|
||||||
|
## 3. Deploy the cert to remote server through SSH access.
|
||||||
|
|
||||||
The ssh deploy plugin allows you to deploy certificates to a remote host
|
The ssh deploy plugin allows you to deploy certificates to a remote host
|
||||||
using SSH command to connect to the remote server. The ssh plugin is invoked
|
using SSH command to connect to the remote server. The ssh plugin is invoked
|
||||||
|
29
deploy/cpanel.sh
Normal file
29
deploy/cpanel.sh
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
#Here is the script to deploy the cert to your cpanel account by the cpanel APIs.
|
||||||
|
|
||||||
|
#returns 0 means success, otherwise error.
|
||||||
|
|
||||||
|
#export DEPLOY_CPANEL_USER=myusername
|
||||||
|
#export DEPLOY_CPANEL_PASSWORD=PASSWORD
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
#domain keyfile certfile cafile fullchain
|
||||||
|
cpanel_deploy() {
|
||||||
|
_cdomain="$1"
|
||||||
|
_ckey="$2"
|
||||||
|
_ccert="$3"
|
||||||
|
_cca="$4"
|
||||||
|
_cfullchain="$5"
|
||||||
|
|
||||||
|
_debug _cdomain "$_cdomain"
|
||||||
|
_debug _ckey "$_ckey"
|
||||||
|
_debug _ccert "$_ccert"
|
||||||
|
_debug _cca "$_cca"
|
||||||
|
_debug _cfullchain "$_cfullchain"
|
||||||
|
|
||||||
|
_err "Not implemented yet"
|
||||||
|
return 1
|
||||||
|
|
||||||
|
}
|
@ -93,7 +93,7 @@ _get_root() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if _contains "$response" "<Name>$h.</Name>"; then
|
if _contains "$response" "<Name>$h.</Name>"; then
|
||||||
hostedzone="$(echo "$response" | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
|
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
|
||||||
_debug hostedzone "$hostedzone"
|
_debug hostedzone "$hostedzone"
|
||||||
if [ -z "$hostedzone" ]; then
|
if [ -z "$hostedzone" ]; then
|
||||||
_err "Error, can not get hostedzone."
|
_err "Error, can not get hostedzone."
|
||||||
|
Loading…
Reference in New Issue
Block a user