Browse Source

Merge pull request #2137 from Neilpang/dev

Dev
pull/2147/head
neil 6 years ago
committed by GitHub
parent
commit
08357e3cb0
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 46
      acme.sh
  2. 8
      deploy/README.md
  3. 2
      deploy/qiniu.sh

46
acme.sh

@ -66,6 +66,9 @@ END_CERT="-----END CERTIFICATE-----"
CONTENT_TYPE_JSON="application/jose+json" CONTENT_TYPE_JSON="application/jose+json"
RENEW_SKIP=2 RENEW_SKIP=2
B64CONF_START="__ACME_BASE64__START_"
B64CONF_END="__ACME_BASE64__END_"
ECC_SEP="_" ECC_SEP="_"
ECC_SUFFIX="${ECC_SEP}ecc" ECC_SUFFIX="${ECC_SEP}ecc"
@ -1964,12 +1967,16 @@ _setopt() {
_debug3 "$(grep -n "^$__opt$__sep" "$__conf")" _debug3 "$(grep -n "^$__opt$__sep" "$__conf")"
} }
#_save_conf file key value
#_save_conf file key value base64encode
#save to conf #save to conf
_save_conf() { _save_conf() {
_s_c_f="$1" _s_c_f="$1"
_sdkey="$2" _sdkey="$2"
_sdvalue="$3" _sdvalue="$3"
_b64encode="$4"
if [ "$_b64encode" ]; then
_sdvalue="${B64CONF_START}$(printf "%s" "${_sdvalue}" | _base64)${B64CONF_END}"
fi
if [ "$_s_c_f" ]; then if [ "$_s_c_f" ]; then
_setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'"
else else
@ -1994,19 +2001,20 @@ _read_conf() {
_r_c_f="$1" _r_c_f="$1"
_sdkey="$2" _sdkey="$2"
if [ -f "$_r_c_f" ]; then if [ -f "$_r_c_f" ]; then
(
eval "$(grep "^$_sdkey *=" "$_r_c_f")"
eval "printf \"%s\" \"\$$_sdkey\""
)
_sdv="$(grep "^$_sdkey *=" "$_r_c_f" | cut -d = -f 2-1000 | tr -d "'")"
if _startswith "$_sdv" "${B64CONF_START}" && _endswith "$_sdv" "${B64CONF_END}"; then
_sdv="$(echo "$_sdv" | sed "s/${B64CONF_START}//" | sed "s/${B64CONF_END}//" | _dbase64)"
fi
printf "%s" "$_sdv"
else else
_debug "config file is empty, can not read $_sdkey" _debug "config file is empty, can not read $_sdkey"
fi fi
} }
#_savedomainconf key value
#_savedomainconf key value base64encode
#save to domain.conf #save to domain.conf
_savedomainconf() { _savedomainconf() {
_save_conf "$DOMAIN_CONF" "$1" "$2"
_save_conf "$DOMAIN_CONF" "$@"
} }
#_cleardomainconf key #_cleardomainconf key
@ -2019,14 +2027,14 @@ _readdomainconf() {
_read_conf "$DOMAIN_CONF" "$1" _read_conf "$DOMAIN_CONF" "$1"
} }
#_saveaccountconf key value
#_saveaccountconf key value base64encode
_saveaccountconf() { _saveaccountconf() {
_save_conf "$ACCOUNT_CONF_PATH" "$1" "$2"
_save_conf "$ACCOUNT_CONF_PATH" "$@"
} }
#key value
#key value base64encode
_saveaccountconf_mutable() { _saveaccountconf_mutable() {
_save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2"
_save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2" "$3"
#remove later #remove later
_clearaccountconf "$1" _clearaccountconf "$1"
} }
@ -3642,9 +3650,9 @@ issue() {
_savedomainconf "Le_Alt" "$_alt_domains" _savedomainconf "Le_Alt" "$_alt_domains"
_savedomainconf "Le_Webroot" "$_web_roots" _savedomainconf "Le_Webroot" "$_web_roots"
_savedomainconf "Le_PreHook" "$_pre_hook"
_savedomainconf "Le_PostHook" "$_post_hook"
_savedomainconf "Le_RenewHook" "$_renew_hook"
_savedomainconf "Le_PreHook" "$_pre_hook" "base64"
_savedomainconf "Le_PostHook" "$_post_hook" "base64"
_savedomainconf "Le_RenewHook" "$_renew_hook" "base64"
if [ "$_local_addr" ]; then if [ "$_local_addr" ]; then
_savedomainconf "Le_LocalAddress" "$_local_addr" _savedomainconf "Le_LocalAddress" "$_local_addr"
@ -4455,7 +4463,7 @@ $_authorizations_map"
_savedomainconf "Le_RealCertPath" "$_real_cert" _savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca" _savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key" _savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain" _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
return 1 return 1
@ -4522,6 +4530,10 @@ renew() {
fi fi
IS_RENEW="1" IS_RENEW="1"
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
Le_PreHook="$(_readdomainconf Le_PreHook)"
Le_PostHook="$(_readdomainconf Le_PostHook)"
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
res="$?" res="$?"
if [ "$res" != "0" ]; then if [ "$res" != "0" ]; then
@ -4802,7 +4814,7 @@ installcert() {
_savedomainconf "Le_RealCertPath" "$_real_cert" _savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca" _savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key" _savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain" _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd" _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
@ -4886,7 +4898,7 @@ _installcert() {
export CERT_KEY_PATH export CERT_KEY_PATH
export CA_CERT_PATH export CA_CERT_PATH
export CERT_FULLCHAIN_PATH export CERT_FULLCHAIN_PATH
export Le_Domain
export Le_Domain="$_main_domain"
cd "$DOMAIN_PATH" && eval "$_reload_cmd" cd "$DOMAIN_PATH" && eval "$_reload_cmd"
); then ); then
_info "$(__green "Reload success")" _info "$(__green "Reload success")"

8
deploy/README.md

@ -349,10 +349,10 @@ $ export QINIU_SK="bar"
$ acme.sh --deploy -d example.com --deploy-hook qiniu $ acme.sh --deploy -d example.com --deploy-hook qiniu
``` ```
假如您部署的证书为泛域名证书,您还需要设置 `QINIU_CDN_DOMAIN` 变量,指定实际需要部署的域名:
假如您部署的证书为泛域名证书,您还需要设置 `QINIU_CDN_DOMAIN` 变量,指定实际需要部署的域名(请注意泛域名前的点)
```sh ```sh
$ export QINIU_CDN_DOMAIN="cdn.example.com"
$ export QINIU_CDN_DOMAIN=".cdn.example.com"
$ acme.sh --deploy -d example.com --deploy-hook qiniu $ acme.sh --deploy -d example.com --deploy-hook qiniu
``` ```
@ -375,10 +375,10 @@ $ acme.sh --deploy -d example.com --deploy-hook qiniu
(Optional), If you are using wildcard certificate, (Optional), If you are using wildcard certificate,
you may need export `QINIU_CDN_DOMAIN` to specify which domain you may need export `QINIU_CDN_DOMAIN` to specify which domain
you want to update:
you want to update (please note the leading dot):
```sh ```sh
$ export QINIU_CDN_DOMAIN="cdn.example.com"
$ export QINIU_CDN_DOMAIN=".cdn.example.com"
$ acme.sh --deploy -d example.com --deploy-hook qiniu $ acme.sh --deploy -d example.com --deploy-hook qiniu
``` ```

2
deploy/qiniu.sh

@ -87,6 +87,6 @@ qiniu_deploy() {
} }
_make_access_token() { _make_access_token() {
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64)"
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64 | tr -- '+/' '-_')"
echo "$QINIU_AK:$_token" echo "$QINIU_AK:$_token"
} }
Loading…
Cancel
Save