From 0bf403e7d2447680fe9b1df7b1539d6affb8bfb8 Mon Sep 17 00:00:00 2001
From: Shayan Toqraee <Shayan.To@Hotmail.com>
Date: Wed, 8 Feb 2023 15:21:51 +0330
Subject: [PATCH] Add --webroot-hook.

---
 acme.sh | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/acme.sh b/acme.sh
index 1df8a053..8e6fa2e5 100755
--- a/acme.sh
+++ b/acme.sh
@@ -4350,11 +4350,12 @@ issue() {
   _pre_hook="${10}"
   _post_hook="${11}"
   _renew_hook="${12}"
-  _local_addr="${13}"
-  _challenge_alias="${14}"
-  _preferred_chain="${15}"
-  _valid_from="${16}"
-  _valid_to="${17}"
+  _webroot_hook="${13}"
+  _local_addr="${14}"
+  _challenge_alias="${15}"
+  _preferred_chain="${16}"
+  _valid_from="${17}"
+  _valid_to="${18}"
 
   if [ -z "$_ACME_IS_RENEW" ]; then
     _initpath "$_main_domain" "$_key_length"
@@ -4919,8 +4920,10 @@ $_authorizations_map"
       else
         if [ "$_currentRoot" = "apache" ]; then
           wellknown_path="$ACME_DIR"
+          webroot_root="$ACME_DIR"
         else
           wellknown_path="$_currentRoot/.well-known/acme-challenge"
+          webroot_root="$_currentRoot"
           if [ ! -d "$_currentRoot/.well-known" ]; then
             removelevel='1'
           elif [ ! -d "$_currentRoot/.well-known/acme-challenge" ]; then
@@ -4957,6 +4960,18 @@ $_authorizations_map"
             _debug "not changing owner/group of webroot"
           fi
         fi
+        if [ "$_webroot_hook" ]; then
+          if ! (
+            export TOKEN="$token"
+            cd "$webroot_root" && eval "$_webroot_hook"
+          ); then
+            _err "$d:Error when run webroot hook."
+            _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+            _clearup
+            _on_issue_err "$_post_hook" "$vlist"
+            return 1
+          fi
+        fi
 
       fi
     elif [ "$vtype" = "$VTYPE_ALPN" ]; then
@@ -6964,6 +6979,7 @@ Parameters:
   --pre-hook <command>              Command to be run before obtaining any certificates.
   --post-hook <command>             Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
   --renew-hook <command>            Command to be run after each successfully renewed certificate.
+  --webroot-hook <command>          Command to be run after token file is created inside the webroot, before validation.
   --deploy-hook <hookname>          The hook file to deploy cert
   --ocsp, --ocsp-must-staple        Generate OCSP-Must-Staple extension.
   --always-force-new-domain-key     Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
@@ -7247,6 +7263,7 @@ _process() {
   _pre_hook=""
   _post_hook=""
   _renew_hook=""
+  _webroot_hook=""
   _deploy_hook=""
   _logfile=""
   _log=""
@@ -7645,6 +7662,10 @@ _process() {
       _renew_hook="$2"
       shift
       ;;
+    --webroot-hook)
+      _webroot_hook="$2"
+      shift
+      ;;
     --deploy-hook)
       if [ -z "$2" ] || _startswith "$2" "-"; then
         _usage "Please specify a value for '--deploy-hook'"
@@ -7855,7 +7876,7 @@ _process() {
   uninstall) uninstall "$_nocron" ;;
   upgrade) upgrade ;;
   issue)
-    issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to"
+    issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_webroot_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to"
     ;;
   deploy)
     deploy "$_domain" "$_deploy_hook" "$_ecc"