mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
Merge remote-tracking branch 'upstream/master' into ssh-deploy
This commit is contained in:
commit
fd1598017a
52
Dockerfile
Normal file
52
Dockerfile
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
FROM alpine
|
||||||
|
|
||||||
|
RUN apk update -f \
|
||||||
|
&& apk --no-cache add -f \
|
||||||
|
openssl \
|
||||||
|
curl \
|
||||||
|
netcat-openbsd
|
||||||
|
|
||||||
|
ENV LE_CONFIG_HOME /acme.sh
|
||||||
|
|
||||||
|
ENV AUTO_UPGRADE 1
|
||||||
|
|
||||||
|
#Install
|
||||||
|
RUN mkdir -p /install_acme.sh/
|
||||||
|
ADD ./ /install_acme.sh/
|
||||||
|
RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh)
|
||||||
|
RUN rm -rf /install_acme.sh/
|
||||||
|
|
||||||
|
RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh
|
||||||
|
|
||||||
|
RUN for verb in help \
|
||||||
|
version \
|
||||||
|
install \
|
||||||
|
uninstall \
|
||||||
|
upgrade \
|
||||||
|
issue \
|
||||||
|
signcsr \
|
||||||
|
deploy \
|
||||||
|
install-cert \
|
||||||
|
renew \
|
||||||
|
renew-all \
|
||||||
|
revoke \
|
||||||
|
remove \
|
||||||
|
list \
|
||||||
|
showcsr \
|
||||||
|
install-cronjob \
|
||||||
|
uninstall-cronjob \
|
||||||
|
cron \
|
||||||
|
toPkcs \
|
||||||
|
toPkcs8 \
|
||||||
|
update-account \
|
||||||
|
register-account \
|
||||||
|
create-account-key \
|
||||||
|
create-domain-key \
|
||||||
|
createCSR \
|
||||||
|
deactivate \
|
||||||
|
; do \
|
||||||
|
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
|
||||||
|
; done
|
||||||
|
|
||||||
|
ENTRYPOINT ["/root/.acme.sh/acme.sh", "--config-home", "/acme.sh"]
|
||||||
|
CMD ["--help"]
|
@ -7,11 +7,13 @@
|
|||||||
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
|
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
|
||||||
- Just one script to issue, renew and install your certificates automatically.
|
- Just one script to issue, renew and install your certificates automatically.
|
||||||
- DOES NOT require `root/sudoer` access.
|
- DOES NOT require `root/sudoer` access.
|
||||||
|
- Docker friendly
|
||||||
|
|
||||||
It's probably the `easiest&smallest&smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt.
|
It's probably the `easiest&smallest&smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt.
|
||||||
|
|
||||||
Wiki: https://github.com/Neilpang/acme.sh/wiki
|
Wiki: https://github.com/Neilpang/acme.sh/wiki
|
||||||
|
|
||||||
|
For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/Neilpang/acme.sh/wiki/Run-acme.sh-in-docker)
|
||||||
|
|
||||||
Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|
Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|
||||||
|
|
||||||
@ -329,7 +331,7 @@ Just set the `length` parameter with a prefix `ec-`.
|
|||||||
|
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
### Single domain ECC cerfiticate
|
### Single domain ECC certificate
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
||||||
|
137
acme.sh
137
acme.sh
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
VER=2.6.7
|
VER=2.6.8
|
||||||
|
|
||||||
PROJECT_NAME="acme.sh"
|
PROJECT_NAME="acme.sh"
|
||||||
|
|
||||||
@ -107,7 +107,7 @@ __green() {
|
|||||||
if [ "$__INTERACTIVE" ]; then
|
if [ "$__INTERACTIVE" ]; then
|
||||||
printf '\033[1;31;32m'
|
printf '\033[1;31;32m'
|
||||||
fi
|
fi
|
||||||
printf -- "$1"
|
printf -- "%b" "$1"
|
||||||
if [ "$__INTERACTIVE" ]; then
|
if [ "$__INTERACTIVE" ]; then
|
||||||
printf '\033[0m'
|
printf '\033[0m'
|
||||||
fi
|
fi
|
||||||
@ -117,7 +117,7 @@ __red() {
|
|||||||
if [ "$__INTERACTIVE" ]; then
|
if [ "$__INTERACTIVE" ]; then
|
||||||
printf '\033[1;31;40m'
|
printf '\033[1;31;40m'
|
||||||
fi
|
fi
|
||||||
printf -- "$1"
|
printf -- "%b" "$1"
|
||||||
if [ "$__INTERACTIVE" ]; then
|
if [ "$__INTERACTIVE" ]; then
|
||||||
printf '\033[0m'
|
printf '\033[0m'
|
||||||
fi
|
fi
|
||||||
@ -138,8 +138,8 @@ _printargs() {
|
|||||||
_dlg_versions() {
|
_dlg_versions() {
|
||||||
echo "Diagnosis versions: "
|
echo "Diagnosis versions: "
|
||||||
echo "openssl:$ACME_OPENSSL_BIN"
|
echo "openssl:$ACME_OPENSSL_BIN"
|
||||||
if _exists "$ACME_OPENSSL_BIN"; then
|
if _exists "${ACME_OPENSSL_BIN:-openssl}"; then
|
||||||
$ACME_OPENSSL_BIN version 2>&1
|
${ACME_OPENSSL_BIN:-openssl} version 2>&1
|
||||||
else
|
else
|
||||||
echo "$ACME_OPENSSL_BIN doesn't exists."
|
echo "$ACME_OPENSSL_BIN doesn't exists."
|
||||||
fi
|
fi
|
||||||
@ -340,7 +340,7 @@ _hasfield() {
|
|||||||
_sep=","
|
_sep=","
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for f in $(echo "$_str" | tr ',' ' '); do
|
for f in $(echo "$_str" | tr "$_sep" ' '); do
|
||||||
if [ "$f" = "$_field" ]; then
|
if [ "$f" = "$_field" ]; then
|
||||||
_debug2 "'$_str' contains '$_field'"
|
_debug2 "'$_str' contains '$_field'"
|
||||||
return 0 #contains ok
|
return 0 #contains ok
|
||||||
@ -790,19 +790,19 @@ _base64() {
|
|||||||
[ "" ] #urgly
|
[ "" ] #urgly
|
||||||
if [ "$1" ]; then
|
if [ "$1" ]; then
|
||||||
_debug3 "base64 multiline:'$1'"
|
_debug3 "base64 multiline:'$1'"
|
||||||
$ACME_OPENSSL_BIN base64 -e
|
${ACME_OPENSSL_BIN:-openssl} base64 -e
|
||||||
else
|
else
|
||||||
_debug3 "base64 single line."
|
_debug3 "base64 single line."
|
||||||
$ACME_OPENSSL_BIN base64 -e | tr -d '\r\n'
|
${ACME_OPENSSL_BIN:-openssl} base64 -e | tr -d '\r\n'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
#Usage: multiline
|
#Usage: multiline
|
||||||
_dbase64() {
|
_dbase64() {
|
||||||
if [ "$1" ]; then
|
if [ "$1" ]; then
|
||||||
$ACME_OPENSSL_BIN base64 -d -A
|
${ACME_OPENSSL_BIN:-openssl} base64 -d -A
|
||||||
else
|
else
|
||||||
$ACME_OPENSSL_BIN base64 -d
|
${ACME_OPENSSL_BIN:-openssl} base64 -d
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -819,9 +819,9 @@ _digest() {
|
|||||||
|
|
||||||
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then
|
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then
|
||||||
if [ "$outputhex" ]; then
|
if [ "$outputhex" ]; then
|
||||||
$ACME_OPENSSL_BIN dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' '
|
${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' '
|
||||||
else
|
else
|
||||||
$ACME_OPENSSL_BIN dgst -"$alg" -binary | _base64
|
${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -binary | _base64
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_err "$alg is not supported yet"
|
_err "$alg is not supported yet"
|
||||||
@ -844,9 +844,9 @@ _hmac() {
|
|||||||
|
|
||||||
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then
|
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then
|
||||||
if [ "$outputhex" ]; then
|
if [ "$outputhex" ]; then
|
||||||
($ACME_OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" 2>/dev/null || $ACME_OPENSSL_BIN dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)") | cut -d = -f 2 | tr -d ' '
|
(${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" 2>/dev/null || ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)") | cut -d = -f 2 | tr -d ' '
|
||||||
else
|
else
|
||||||
$ACME_OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" -binary 2>/dev/null || $ACME_OPENSSL_BIN dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)" -binary
|
${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" -binary 2>/dev/null || ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)" -binary
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_err "$alg is not supported yet"
|
_err "$alg is not supported yet"
|
||||||
@ -865,7 +865,7 @@ _sign() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_sign_openssl="$ACME_OPENSSL_BIN dgst -sign $keyfile "
|
_sign_openssl="${ACME_OPENSSL_BIN:-openssl} dgst -sign $keyfile "
|
||||||
if [ "$alg" = "sha256" ]; then
|
if [ "$alg" = "sha256" ]; then
|
||||||
_sign_openssl="$_sign_openssl -$alg"
|
_sign_openssl="$_sign_openssl -$alg"
|
||||||
else
|
else
|
||||||
@ -876,10 +876,10 @@ _sign() {
|
|||||||
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
||||||
$_sign_openssl | _base64
|
$_sign_openssl | _base64
|
||||||
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
||||||
if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then
|
if ! _signedECText="$($_sign_openssl | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then
|
||||||
_err "Sign failed: $_sign_openssl"
|
_err "Sign failed: $_sign_openssl"
|
||||||
_err "Key file: $keyfile"
|
_err "Key file: $keyfile"
|
||||||
_err "Key content:$(wc -l <"$keyfile") lises"
|
_err "Key content:$(wc -l <"$keyfile") lines"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_debug3 "_signedECText" "$_signedECText"
|
_debug3 "_signedECText" "$_signedECText"
|
||||||
@ -948,10 +948,10 @@ _createkey() {
|
|||||||
|
|
||||||
if _isEccKey "$length"; then
|
if _isEccKey "$length"; then
|
||||||
_debug "Using ec name: $eccname"
|
_debug "Using ec name: $eccname"
|
||||||
$ACME_OPENSSL_BIN ecparam -name "$eccname" -genkey 2>/dev/null >"$f"
|
${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null >"$f"
|
||||||
else
|
else
|
||||||
_debug "Using RSA: $length"
|
_debug "Using RSA: $length"
|
||||||
$ACME_OPENSSL_BIN genrsa "$length" 2>/dev/null >"$f"
|
${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null >"$f"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
@ -1038,9 +1038,9 @@ _createcsr() {
|
|||||||
_csr_cn="$(_idn "$domain")"
|
_csr_cn="$(_idn "$domain")"
|
||||||
_debug2 _csr_cn "$_csr_cn"
|
_debug2 _csr_cn "$_csr_cn"
|
||||||
if _contains "$(uname -a)" "MINGW"; then
|
if _contains "$(uname -a)" "MINGW"; then
|
||||||
$ACME_OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
||||||
else
|
else
|
||||||
$ACME_OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1052,7 +1052,7 @@ _signcsr() {
|
|||||||
cert="$4"
|
cert="$4"
|
||||||
_debug "_signcsr"
|
_debug "_signcsr"
|
||||||
|
|
||||||
_msg="$($ACME_OPENSSL_BIN x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)"
|
_msg="$(${ACME_OPENSSL_BIN:-openssl} x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)"
|
||||||
_ret="$?"
|
_ret="$?"
|
||||||
_debug "$_msg"
|
_debug "$_msg"
|
||||||
return $_ret
|
return $_ret
|
||||||
@ -1065,7 +1065,7 @@ _readSubjectFromCSR() {
|
|||||||
_usage "_readSubjectFromCSR mycsr.csr"
|
_usage "_readSubjectFromCSR mycsr.csr"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
$ACME_OPENSSL_BIN req -noout -in "$_csrfile" -subject | _egrep_o "CN *=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n'
|
${ACME_OPENSSL_BIN:-openssl} req -noout -in "$_csrfile" -subject | _egrep_o "CN *=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n'
|
||||||
}
|
}
|
||||||
|
|
||||||
#_csrfile
|
#_csrfile
|
||||||
@ -1080,7 +1080,7 @@ _readSubjectAltNamesFromCSR() {
|
|||||||
_csrsubj="$(_readSubjectFromCSR "$_csrfile")"
|
_csrsubj="$(_readSubjectFromCSR "$_csrfile")"
|
||||||
_debug _csrsubj "$_csrsubj"
|
_debug _csrsubj "$_csrsubj"
|
||||||
|
|
||||||
_dnsAltnames="$($ACME_OPENSSL_BIN req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')"
|
_dnsAltnames="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')"
|
||||||
_debug _dnsAltnames "$_dnsAltnames"
|
_debug _dnsAltnames "$_dnsAltnames"
|
||||||
|
|
||||||
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then
|
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then
|
||||||
@ -1101,7 +1101,8 @@ _readKeyLengthFromCSR() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_outcsr="$($ACME_OPENSSL_BIN req -noout -text -in "$_csrfile")"
|
_outcsr="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile")"
|
||||||
|
_debug2 _outcsr "$_outcsr"
|
||||||
if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then
|
if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then
|
||||||
_debug "ECC CSR"
|
_debug "ECC CSR"
|
||||||
echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' '
|
echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' '
|
||||||
@ -1159,9 +1160,9 @@ toPkcs() {
|
|||||||
_initpath "$domain" "$_isEcc"
|
_initpath "$domain" "$_isEcc"
|
||||||
|
|
||||||
if [ "$pfxPassword" ]; then
|
if [ "$pfxPassword" ]; then
|
||||||
$ACME_OPENSSL_BIN pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword"
|
${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword"
|
||||||
else
|
else
|
||||||
$ACME_OPENSSL_BIN pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH"
|
${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$?" = "0" ]; then
|
if [ "$?" = "0" ]; then
|
||||||
@ -1183,7 +1184,7 @@ toPkcs8() {
|
|||||||
|
|
||||||
_initpath "$domain" "$_isEcc"
|
_initpath "$domain" "$_isEcc"
|
||||||
|
|
||||||
$ACME_OPENSSL_BIN pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_KEY_PATH" -out "$CERT_PKCS8_PATH"
|
${ACME_OPENSSL_BIN:-openssl} pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_KEY_PATH" -out "$CERT_PKCS8_PATH"
|
||||||
|
|
||||||
if [ "$?" = "0" ]; then
|
if [ "$?" = "0" ]; then
|
||||||
_info "Success, $CERT_PKCS8_PATH"
|
_info "Success, $CERT_PKCS8_PATH"
|
||||||
@ -1344,7 +1345,7 @@ _calcjwk() {
|
|||||||
|
|
||||||
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
||||||
_debug "RSA key"
|
_debug "RSA key"
|
||||||
pub_exp=$($ACME_OPENSSL_BIN rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
|
pub_exp=$(${ACME_OPENSSL_BIN:-openssl} rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
|
||||||
if [ "${#pub_exp}" = "5" ]; then
|
if [ "${#pub_exp}" = "5" ]; then
|
||||||
pub_exp=0$pub_exp
|
pub_exp=0$pub_exp
|
||||||
fi
|
fi
|
||||||
@ -1353,7 +1354,7 @@ _calcjwk() {
|
|||||||
e=$(echo "$pub_exp" | _h2b | _base64)
|
e=$(echo "$pub_exp" | _h2b | _base64)
|
||||||
_debug3 e "$e"
|
_debug3 e "$e"
|
||||||
|
|
||||||
modulus=$($ACME_OPENSSL_BIN rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2)
|
modulus=$(${ACME_OPENSSL_BIN:-openssl} rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2)
|
||||||
_debug3 modulus "$modulus"
|
_debug3 modulus "$modulus"
|
||||||
n="$(printf "%s" "$modulus" | _h2b | _base64 | _url_replace)"
|
n="$(printf "%s" "$modulus" | _h2b | _base64 | _url_replace)"
|
||||||
_debug3 n "$n"
|
_debug3 n "$n"
|
||||||
@ -1366,12 +1367,12 @@ _calcjwk() {
|
|||||||
JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}'
|
JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}'
|
||||||
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then
|
||||||
_debug "EC key"
|
_debug "EC key"
|
||||||
crv="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")"
|
crv="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")"
|
||||||
_debug3 crv "$crv"
|
_debug3 crv "$crv"
|
||||||
|
|
||||||
if [ -z "$crv" ]; then
|
if [ -z "$crv" ]; then
|
||||||
_debug "Let's try ASN1 OID"
|
_debug "Let's try ASN1 OID"
|
||||||
crv_oid="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")"
|
crv_oid="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")"
|
||||||
_debug3 crv_oid "$crv_oid"
|
_debug3 crv_oid "$crv_oid"
|
||||||
case "${crv_oid}" in
|
case "${crv_oid}" in
|
||||||
"prime256v1")
|
"prime256v1")
|
||||||
@ -1391,15 +1392,15 @@ _calcjwk() {
|
|||||||
_debug3 crv "$crv"
|
_debug3 crv "$crv"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
pubi="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)"
|
pubi="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)"
|
||||||
pubi=$(_math "$pubi" + 1)
|
pubi=$(_math "$pubi" + 1)
|
||||||
_debug3 pubi "$pubi"
|
_debug3 pubi "$pubi"
|
||||||
|
|
||||||
pubj="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
|
pubj="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)"
|
||||||
pubj=$(_math "$pubj" - 1)
|
pubj=$(_math "$pubj" - 1)
|
||||||
_debug3 pubj "$pubj"
|
_debug3 pubj "$pubj"
|
||||||
|
|
||||||
pubtext="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
|
pubtext="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")"
|
||||||
_debug3 pubtext "$pubtext"
|
_debug3 pubtext "$pubtext"
|
||||||
|
|
||||||
xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)"
|
xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)"
|
||||||
@ -2017,7 +2018,7 @@ _starttlsserver() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
__S_OPENSSL="$ACME_OPENSSL_BIN s_server -cert $TLS_CERT -key $TLS_KEY "
|
__S_OPENSSL="${ACME_OPENSSL_BIN:-openssl} s_server -cert $TLS_CERT -key $TLS_KEY "
|
||||||
if [ "$opaddr" ]; then
|
if [ "$opaddr" ]; then
|
||||||
__S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port"
|
__S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port"
|
||||||
else
|
else
|
||||||
@ -2258,16 +2259,16 @@ _initpath() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$TLS_CONF" ]; then
|
if [ -z "$TLS_CONF" ]; then
|
||||||
TLS_CONF="$DOMAIN_PATH/tls.valdation.conf"
|
TLS_CONF="$DOMAIN_PATH/tls.validation.conf"
|
||||||
fi
|
fi
|
||||||
if [ -z "$TLS_CERT" ]; then
|
if [ -z "$TLS_CERT" ]; then
|
||||||
TLS_CERT="$DOMAIN_PATH/tls.valdation.cert"
|
TLS_CERT="$DOMAIN_PATH/tls.validation.cert"
|
||||||
fi
|
fi
|
||||||
if [ -z "$TLS_KEY" ]; then
|
if [ -z "$TLS_KEY" ]; then
|
||||||
TLS_KEY="$DOMAIN_PATH/tls.valdation.key"
|
TLS_KEY="$DOMAIN_PATH/tls.validation.key"
|
||||||
fi
|
fi
|
||||||
if [ -z "$TLS_CSR" ]; then
|
if [ -z "$TLS_CSR" ]; then
|
||||||
TLS_CSR="$DOMAIN_PATH/tls.valdation.csr"
|
TLS_CSR="$DOMAIN_PATH/tls.validation.csr"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -2385,7 +2386,7 @@ _setApache() {
|
|||||||
_debug "Backup apache config file" "$httpdconf"
|
_debug "Backup apache config file" "$httpdconf"
|
||||||
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
|
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
|
||||||
_err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
|
_err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
|
||||||
_err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT"
|
_err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
||||||
@ -2883,7 +2884,7 @@ _on_issue_err() {
|
|||||||
uri=$(echo "$ventry" | cut -d "$sep" -f 3)
|
uri=$(echo "$ventry" | cut -d "$sep" -f 3)
|
||||||
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
|
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
|
||||||
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
|
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
|
||||||
__trigger_validaton "$uri" "$keyauthorization"
|
__trigger_validation "$uri" "$keyauthorization"
|
||||||
done
|
done
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
@ -3105,7 +3106,7 @@ __get_domain_new_authz() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#uri keyAuthorization
|
#uri keyAuthorization
|
||||||
__trigger_validaton() {
|
__trigger_validation() {
|
||||||
_debug2 "tigger domain validation."
|
_debug2 "tigger domain validation."
|
||||||
_t_url="$1"
|
_t_url="$1"
|
||||||
_debug2 _t_url "$_t_url"
|
_debug2 _t_url "$_t_url"
|
||||||
@ -3120,6 +3121,10 @@ issue() {
|
|||||||
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
|
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
if [ -z "$1" ]; then
|
||||||
|
_usage "Please specify at least one validation method: '--webroot', '--standalone', '--apache', '--nginx' or '--dns' etc."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
_web_roots="$1"
|
_web_roots="$1"
|
||||||
_main_domain="$2"
|
_main_domain="$2"
|
||||||
_alt_domains="$3"
|
_alt_domains="$3"
|
||||||
@ -3490,7 +3495,7 @@ issue() {
|
|||||||
_exec_err >/dev/null 2>&1
|
_exec_err >/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_debug "not chaning owner/group of webroot"
|
_debug "not changing owner/group of webroot"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -3531,7 +3536,7 @@ issue() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! __trigger_validaton "$uri" "$keyauthorization"; then
|
if ! __trigger_validation "$uri" "$keyauthorization"; then
|
||||||
_err "$d:Can not get challenge: $response"
|
_err "$d:Can not get challenge: $response"
|
||||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
@ -3635,6 +3640,7 @@ issue() {
|
|||||||
|
|
||||||
_rcert="$response"
|
_rcert="$response"
|
||||||
Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
|
Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
|
||||||
|
_debug "Le_LinkCert" "$Le_LinkCert"
|
||||||
_savedomainconf "Le_LinkCert" "$Le_LinkCert"
|
_savedomainconf "Le_LinkCert" "$Le_LinkCert"
|
||||||
|
|
||||||
if [ "$Le_LinkCert" ]; then
|
if [ "$Le_LinkCert" ]; then
|
||||||
@ -3681,16 +3687,34 @@ issue() {
|
|||||||
if ! _contains "$Le_LinkIssuer" ":"; then
|
if ! _contains "$Le_LinkIssuer" ":"; then
|
||||||
Le_LinkIssuer="$API$Le_LinkIssuer"
|
Le_LinkIssuer="$API$Le_LinkIssuer"
|
||||||
fi
|
fi
|
||||||
|
_debug Le_LinkIssuer "$Le_LinkIssuer"
|
||||||
_savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer"
|
_savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer"
|
||||||
|
|
||||||
if [ "$Le_LinkIssuer" ]; then
|
if [ "$Le_LinkIssuer" ]; then
|
||||||
echo "$BEGIN_CERT" >"$CA_CERT_PATH"
|
_link_issuer_retry=0
|
||||||
_get "$Le_LinkIssuer" | _base64 "multiline" >>"$CA_CERT_PATH"
|
_MAX_ISSUER_RETRY=5
|
||||||
echo "$END_CERT" >>"$CA_CERT_PATH"
|
while [ "$_link_issuer_retry" -lt "$_MAX_ISSUER_RETRY" ]; do
|
||||||
_info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")"
|
_debug _link_issuer_retry "$_link_issuer_retry"
|
||||||
cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH"
|
if _get "$Le_LinkIssuer" >"$CA_CERT_PATH.der"; then
|
||||||
_info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")"
|
echo "$BEGIN_CERT" >"$CA_CERT_PATH"
|
||||||
|
_base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH"
|
||||||
|
echo "$END_CERT" >>"$CA_CERT_PATH"
|
||||||
|
|
||||||
|
_info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")"
|
||||||
|
cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH"
|
||||||
|
_info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")"
|
||||||
|
|
||||||
|
rm -f "$CA_CERT_PATH.der"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
_link_issuer_retry=$(_math $_link_issuer_retry + 1)
|
||||||
|
_sleep "$_link_issuer_retry"
|
||||||
|
done
|
||||||
|
if [ "$_link_issuer_retry" = "$_MAX_ISSUER_RETRY" ]; then
|
||||||
|
_err "Max retry for issuer ca cert is reached."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_debug "No Le_LinkIssuer header found."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
Le_CertCreateTime=$(_time)
|
Le_CertCreateTime=$(_time)
|
||||||
@ -4134,6 +4158,7 @@ _installcert() {
|
|||||||
export CERT_KEY_PATH
|
export CERT_KEY_PATH
|
||||||
export CA_CERT_PATH
|
export CA_CERT_PATH
|
||||||
export CERT_FULLCHAIN_PATH
|
export CERT_FULLCHAIN_PATH
|
||||||
|
export Le_Domain
|
||||||
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
|
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
|
||||||
); then
|
); then
|
||||||
_info "$(__green "Reload success")"
|
_info "$(__green "Reload success")"
|
||||||
@ -4462,7 +4487,7 @@ _precheck() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _exists "$ACME_OPENSSL_BIN"; then
|
if ! _exists "${ACME_OPENSSL_BIN:-openssl}"; then
|
||||||
_err "Please install openssl first. ACME_OPENSSL_BIN=$ACME_OPENSSL_BIN"
|
_err "Please install openssl first. ACME_OPENSSL_BIN=$ACME_OPENSSL_BIN"
|
||||||
_err "We need openssl to generate keys."
|
_err "We need openssl to generate keys."
|
||||||
return 1
|
return 1
|
||||||
@ -4704,6 +4729,7 @@ _uninstallalias() {
|
|||||||
cron() {
|
cron() {
|
||||||
IN_CRON=1
|
IN_CRON=1
|
||||||
_initpath
|
_initpath
|
||||||
|
_info "$(__green "===Starting cron===")"
|
||||||
if [ "$AUTO_UPGRADE" = "1" ]; then
|
if [ "$AUTO_UPGRADE" = "1" ]; then
|
||||||
export LE_WORKING_DIR
|
export LE_WORKING_DIR
|
||||||
(
|
(
|
||||||
@ -4723,6 +4749,7 @@ cron() {
|
|||||||
renewAll
|
renewAll
|
||||||
_ret="$?"
|
_ret="$?"
|
||||||
IN_CRON=""
|
IN_CRON=""
|
||||||
|
_info "$(__green "===End cron===")"
|
||||||
exit $_ret
|
exit $_ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4806,13 +4833,13 @@ Parameters:
|
|||||||
--listraw Only used for '--list' command, list the certs in raw format.
|
--listraw Only used for '--list' command, list the certs in raw format.
|
||||||
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
||||||
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
||||||
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
|
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
|
||||||
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
||||||
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
||||||
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
||||||
--csr Specifies the input csr.
|
--csr Specifies the input csr.
|
||||||
--pre-hook Command to be run before obtaining any certificates.
|
--pre-hook Command to be run before obtaining any certificates.
|
||||||
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
|
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
|
||||||
--renew-hook Command to be run once for each successfully renewed certificate.
|
--renew-hook Command to be run once for each successfully renewed certificate.
|
||||||
--deploy-hook The hook file to deploy cert
|
--deploy-hook The hook file to deploy cert
|
||||||
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
|
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
|
||||||
|
@ -79,7 +79,7 @@ exim4_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore exim4 conf, please report bug to us."
|
_err "Oops, error restore exim4 conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -105,7 +105,7 @@ exim4_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore exim4 conf, please report bug to us."
|
_err "Oops, error restore exim4 conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -43,7 +43,7 @@ kong_deploy() {
|
|||||||
#Save kong url if it's succesful (First run case)
|
#Save kong url if it's succesful (First run case)
|
||||||
_saveaccountconf KONG_URL "$KONG_URL"
|
_saveaccountconf KONG_URL "$KONG_URL"
|
||||||
#Generate DEIM
|
#Generate DEIM
|
||||||
delim="-----MultipartDelimeter$(date "+%s%N")"
|
delim="-----MultipartDelimiter$(date "+%s%N")"
|
||||||
nl="\015\012"
|
nl="\015\012"
|
||||||
#Set Header
|
#Set Header
|
||||||
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||||
@ -72,7 +72,7 @@ kong_deploy() {
|
|||||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
||||||
fi
|
fi
|
||||||
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
||||||
_err "An error occured with cert upload. Check response:"
|
_err "An error occurred with cert upload. Check response:"
|
||||||
_err "$response"
|
_err "$response"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -76,7 +76,7 @@ vsftpd_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
_err "Oops, error restore vsftpd conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -102,7 +102,7 @@ vsftpd_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
_err "Oops, error restore vsftpd conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -302,7 +302,7 @@ acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
|
|||||||
```
|
```
|
||||||
|
|
||||||
Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
|
Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
|
||||||
you create under a FreeDNS public domain. You must own the top level domain in order to automaitcally
|
you create under a FreeDNS public domain. You must own the top level domain in order to automatically
|
||||||
validate with acme.sh at FreeDNS.
|
validate with acme.sh at FreeDNS.
|
||||||
|
|
||||||
## 16. Use cyon.ch
|
## 16. Use cyon.ch
|
||||||
|
@ -88,6 +88,19 @@ _get_root() {
|
|||||||
while true; do
|
while true; do
|
||||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
if [ -z "$h" ]; then
|
if [ -z "$h" ]; then
|
||||||
|
if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then
|
||||||
|
_debug "IsTruncated"
|
||||||
|
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||||
|
_debug "NextMarker" "$_nextMarker"
|
||||||
|
if aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"; then
|
||||||
|
_debug "Truncated request OK"
|
||||||
|
i=2
|
||||||
|
p=1
|
||||||
|
continue
|
||||||
|
else
|
||||||
|
_err "Truncated request error."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
#not valid
|
#not valid
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -208,6 +221,9 @@ aws_rest() {
|
|||||||
_debug _H2 "$_H2"
|
_debug _H2 "$_H2"
|
||||||
|
|
||||||
url="$AWS_URL/$ep"
|
url="$AWS_URL/$ep"
|
||||||
|
if [ "$qsr" ]; then
|
||||||
|
url="$AWS_URL/$ep?$qsr"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$mtd" = "GET" ]; then
|
if [ "$mtd" = "GET" ]; then
|
||||||
response="$(_get "$url")"
|
response="$(_get "$url")"
|
||||||
|
@ -50,7 +50,7 @@ _cyon_load_credentials() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then
|
if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then
|
||||||
# Dummy entries to satify script checker.
|
# Dummy entries to satisfy script checker.
|
||||||
CY_Username=""
|
CY_Username=""
|
||||||
CY_Password=""
|
CY_Password=""
|
||||||
CY_OTP_Secret=""
|
CY_OTP_Secret=""
|
||||||
|
@ -158,7 +158,7 @@ _get_base_domain() {
|
|||||||
export _H2="Authorization: Bearer $DO_API_KEY"
|
export _H2="Authorization: Bearer $DO_API_KEY"
|
||||||
_debug DO_API_KEY "$DO_API_KEY"
|
_debug DO_API_KEY "$DO_API_KEY"
|
||||||
## get URL for the list of domains
|
## get URL for the list of domains
|
||||||
## havent seen this request paginated, tested with 18 domains (more requres manual requests with DO)
|
## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO)
|
||||||
DOMURL="https://api.digitalocean.com/v2/domains"
|
DOMURL="https://api.digitalocean.com/v2/domains"
|
||||||
|
|
||||||
## get the domain list (DO gives basically a full XFER!)
|
## get the domain list (DO gives basically a full XFER!)
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
#
|
#
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
|
|
||||||
# Export FreeDNS userid and password in folowing variables...
|
# Export FreeDNS userid and password in following variables...
|
||||||
# FREEDNS_User=username
|
# FREEDNS_User=username
|
||||||
# FREEDNS_Password=password
|
# FREEDNS_Password=password
|
||||||
# login cookie is saved in acme account config file so userid / pw
|
# login cookie is saved in acme account config file so userid / pw
|
||||||
@ -53,7 +53,7 @@ dns_freedns_add() {
|
|||||||
i="$(_math "$i" - 1)"
|
i="$(_math "$i" - 1)"
|
||||||
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not reurn the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
# returns the correct subdomain page. So, we will try twice to
|
# returns the correct subdomain page. So, we will try twice to
|
||||||
@ -65,7 +65,7 @@ dns_freedns_add() {
|
|||||||
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
if [ "$using_cached_cookies" = "true" ]; then
|
if [ "$using_cached_cookies" = "true" ]; then
|
||||||
_err "Has your FreeDNS username and password channged? If so..."
|
_err "Has your FreeDNS username and password changed? If so..."
|
||||||
_err "Please export as FREEDNS_User / FREEDNS_Password and try again."
|
_err "Please export as FREEDNS_User / FREEDNS_Password and try again."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
@ -112,7 +112,7 @@ dns_freedns_add() {
|
|||||||
# not produce accurate results as the value field is truncated
|
# not produce accurate results as the value field is truncated
|
||||||
# on this webpage. To get full value we would need to load
|
# on this webpage. To get full value we would need to load
|
||||||
# another page. However we don't really need this so long as
|
# another page. However we don't really need this so long as
|
||||||
# there is only one TXT record for the acme chalenge subdomain.
|
# there is only one TXT record for the acme challenge subdomain.
|
||||||
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')"
|
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')"
|
||||||
if [ $found != 0 ]; then
|
if [ $found != 0 ]; then
|
||||||
break
|
break
|
||||||
@ -192,11 +192,11 @@ dns_freedns_rm() {
|
|||||||
|
|
||||||
# Need to read cookie from conf file again in case new value set
|
# Need to read cookie from conf file again in case new value set
|
||||||
# during login to FreeDNS when TXT record was created.
|
# during login to FreeDNS when TXT record was created.
|
||||||
# acme.sh does not have a _readaccountconf() fuction
|
# acme.sh does not have a _readaccountconf() function
|
||||||
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
||||||
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not reurn the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
# returns the correct subdomain page. So, we will try twice to
|
# returns the correct subdomain page. So, we will try twice to
|
||||||
@ -302,12 +302,12 @@ _freedns_retrieve_subdomain_page() {
|
|||||||
export _H2="Accept-Language:en-US"
|
export _H2="Accept-Language:en-US"
|
||||||
url="https://freedns.afraid.org/subdomain/"
|
url="https://freedns.afraid.org/subdomain/"
|
||||||
|
|
||||||
_debug "Retrieve subdmoain page from FreeDNS"
|
_debug "Retrieve subdomain page from FreeDNS"
|
||||||
|
|
||||||
htmlpage="$(_get "$url")"
|
htmlpage="$(_get "$url")"
|
||||||
|
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
_err "FreeDNS retrieve subdomins failed bad RC from _get"
|
_err "FreeDNS retrieve subdomains failed bad RC from _get"
|
||||||
return 1
|
return 1
|
||||||
elif [ -z "$htmlpage" ]; then
|
elif [ -z "$htmlpage" ]; then
|
||||||
_err "FreeDNS returned empty subdomain page"
|
_err "FreeDNS returned empty subdomain page"
|
||||||
@ -341,7 +341,7 @@ _freedns_add_txt_record() {
|
|||||||
return 1
|
return 1
|
||||||
elif _contains "$htmlpage" "security code was incorrect"; then
|
elif _contains "$htmlpage" "security code was incorrect"; then
|
||||||
_debug "$htmlpage"
|
_debug "$htmlpage"
|
||||||
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested seurity code"
|
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
|
||||||
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ dns_gandi_livedns_add() {
|
|||||||
txtvalue=$2
|
txtvalue=$2
|
||||||
|
|
||||||
if [ -z "$GANDI_LIVEDNS_KEY" ]; then
|
if [ -z "$GANDI_LIVEDNS_KEY" ]; then
|
||||||
_err "No API key specifed for Gandi LiveDNS."
|
_err "No API key specified for Gandi LiveDNS."
|
||||||
_err "Create your key and export it as GANDI_LIVEDNS_KEY"
|
_err "Create your key and export it as GANDI_LIVEDNS_KEY"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
#Applcation Key
|
#Application Key
|
||||||
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||||
#
|
#
|
||||||
#Application Secret
|
#Application Secret
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
#PowerDNS Emdedded API
|
#PowerDNS Embedded API
|
||||||
#https://doc.powerdns.com/md/httpapi/api_spec/
|
#https://doc.powerdns.com/md/httpapi/api_spec/
|
||||||
#
|
#
|
||||||
#PDNS_Url="http://ns.example.com:8081"
|
#PDNS_Url="http://ns.example.com:8081"
|
||||||
|
Loading…
Reference in New Issue
Block a user