Browse Source

Merge pull request #20 from Neilpang/dev

supprt apache server plugin
pull/26/head
Neil 9 years ago
parent
commit
2bf1d93afd
  1. 22
      README.md
  2. 115
      le.sh

22
README.md

@ -1,12 +1,12 @@
# le # le
Simplest shell script for LetsEncrypt free Certificate client Simplest shell script for LetsEncrypt free Certificate client
This is a shell version from https://github.com/diafygi/acme-tiny
Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt) Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt)
Just one script, to issue, renew your certificates automatically. Just one script, to issue, renew your certificates automatically.
This is a shell version from https://github.com/diafygi/acme-tiny, but without any dependencies.
Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt. Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt.
@ -15,6 +15,11 @@ Probably it's the smallest&easiest&smartest shell script to automatically issue
2. CentOS 2. CentOS
#Supported Mode
1. Webroot mode
2. Standalone mode
3. Apache mode
#How to use #How to use
1. Clone this project: https://github.com/Neilpang/le.git 1. Clone this project: https://github.com/Neilpang/le.git
@ -37,7 +42,7 @@ root@xvm:~# le
Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall
root@xvm:~# le issue root@xvm:~# le issue
Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
Usage: le issue webroot|no|apache a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
``` ```
@ -77,6 +82,17 @@ The tcp `80` port must be free to listen, otherwise you will be prompted to free
le issue no aa.com www.aa.com,cp.aa.com le issue no aa.com www.aa.com,cp.aa.com
``` ```
# Use Apache mode:
If you are running a web server, apache or nginx, it its recommended to use the Webroot mode.
Particularly, if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
Just set string "apache" to the first argument, it will use apache plugin automatically.
```
le issue apache aa.com www.aa.com
```
All the other arguments are the same with previous.
#Under the Hood #Under the Hood

115
le.sh

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
PROJECT="https://github.com/Neilpang/le"
DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
@ -234,7 +234,15 @@ _stopserver() {
_initpath() { _initpath() {
if [ -z "$WORKING_DIR" ]; then if [ -z "$WORKING_DIR" ]; then
WORKING_DIR=~/.le
WORKING_DIR=$HOME/.le
fi
if [ -z "$ACME_DIR" ] ; then
ACME_DIR="/home/.acme"
fi
if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then
APACHE_CONF_BACKUP_DIR="$WORKING_DIR/"
fi fi
domain="$1" domain="$1"
@ -256,8 +264,90 @@ _initpath() {
CERT_PATH="$WORKING_DIR/$domain/$domain.cer" CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer" CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
}
_apachePath() {
httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
httpdconf="$httpdroot/$httpdconfname"
if [ ! -f $httpdconf ] ; then
_err "Apache Config file not found" $httpdconf
return 1
fi
return 0
} }
_restoreApache() {
_initpath
if ! _apachePath ; then
return 1
fi
if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then
_debug "No config file to restore."
return 0
fi
cp -p "$APACHE_CONF_BACKUP_DIR/$httpdconfname" "$httpdconf"
if ! apachectl -t ; then
_err "Sorry, restore apache config error, please contact me."
return 1;
fi
rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname"
return 0
}
_setApache() {
_initpath
if ! _apachePath ; then
return 1
fi
#backup the conf
_debug "Backup apache config file" $httpdconf
cp -p $httpdconf $APACHE_CONF_BACKUP_DIR/
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
_info "In case there is an error that can not be restored automatically, you may try restore it yourself."
_info "The backup file will be deleted on sucess, just forget it."
#add alias
echo "
Alias /.well-known/acme-challenge $ACME_DIR
<Directory $ACME_DIR >
Order allow,deny
Allow from all
</Directory>
" >> $httpdconf
if ! apachectl -t ; then
_err "Sorry, apache config error, please contact me."
_restoreApache
return 1;
fi
if [ ! -d "$ACME_DIR" ] ; then
mkdir -p "$ACME_DIR"
chmod 755 "$ACME_DIR"
fi
if ! apachectl graceful ; then
_err "Sorry, apachectl graceful error, please contact me."
_restoreApache
return 1;
fi
return 0
}
_clearup () {
_stopserver $serverproc
_restoreApache
}
issue() { issue() {
if [ -z "$1" ] ; then if [ -z "$1" ] ; then
@ -331,6 +421,14 @@ issue() {
fi fi
fi fi
if [ "$Le_Webroot" == "apache" ] ; then
if ! _setApache ; then
_err "set up apache error. Report error to me."
return 1
fi
wellknown_path="$ACME_DIR"
fi
createAccountKey $Le_Domain $Le_Keylength createAccountKey $Le_Domain $Le_Keylength
createDomainKey $Le_Domain $Le_Keylength createDomainKey $Le_Domain $Le_Keylength
@ -373,6 +471,7 @@ issue() {
_info "Already registered" _info "Already registered"
else else
_err "Register account Error." _err "Register account Error."
_clearup
return 1 return 1
fi fi
@ -388,6 +487,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
_err "new-authz error: $response" _err "new-authz error: $response"
_clearup
return 1 return 1
fi fi
@ -410,7 +510,9 @@ issue() {
sleep 2 sleep 2
_debug serverproc $serverproc _debug serverproc $serverproc
else else
if [ -z "$wellknown_path" ] ; then
wellknown_path="$Le_Webroot/.well-known/acme-challenge" wellknown_path="$Le_Webroot/.well-known/acme-challenge"
fi
_debug wellknown_path "$wellknown_path" _debug wellknown_path "$wellknown_path"
mkdir -p "$wellknown_path" mkdir -p "$wellknown_path"
@ -425,7 +527,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
_err "$d:Challenge error: $resource" _err "$d:Challenge error: $resource"
_stopserver $serverproc
_clearup
return 1 return 1
fi fi
@ -436,7 +538,7 @@ issue() {
if ! _get $uri ; then if ! _get $uri ; then
_err "$d:Verify error:$resource" _err "$d:Verify error:$resource"
_stopserver $serverproc
_clearup
return 1 return 1
fi fi
@ -449,7 +551,7 @@ issue() {
if [ "$status" == "invalid" ] ; then if [ "$status" == "invalid" ] ; then
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
_err "$d:Verify error:$error" _err "$d:Verify error:$error"
_stopserver $serverproc
_clearup
return 1; return 1;
fi fi
@ -457,7 +559,7 @@ issue() {
_info "Pending" _info "Pending"
else else
_err "$d:Verify error:$response" _err "$d:Verify error:$response"
_stopserver $serverproc
_clearup
return 1 return 1
fi fi
@ -488,6 +590,7 @@ issue() {
if [ -z "$Le_LinkCert" ] ; then if [ -z "$Le_LinkCert" ] ; then
response="$(echo $response | base64 -d)" response="$(echo $response | base64 -d)"
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')" _err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
_clearup
return 1 return 1
fi fi

Loading…
Cancel
Save