Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #75 from Neilpang/FreeBSD 

Support FreeBSD
pull/81/head
Neil 9 years ago
parent
0db15ce230 aa692c0e70
commit
32ab35024b
1 changed files with 45 additions and 25 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 68
      le.sh

68
le.sh
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
VER=1.1.7
VER=1.1.8
PROJECT="https://github.com/Neilpang/le" PROJECT="https://github.com/Neilpang/le"
DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
@ -180,7 +180,8 @@ createCSR() {
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config <(printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt") -out "$CSR_PATH"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt" > "$DOMAIN_SSL_CONF"
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config "$DOMAIN_SSL_CONF" -out "$CSR_PATH"
fi fi
} }
@ -190,6 +191,19 @@ _b64() {
echo $__n | tr '/+' '_-' | tr -d '= ' echo $__n | tr '/+' '_-' | tr -d '= '
} }
_time2str() {
#BSD
if date -u -d@$1 2>/dev/null ; then
return
fi
#Linux
if date -u -r $1 2>/dev/null ; then
return
fi
}
_send_signed_request() { _send_signed_request() {
url=$1 url=$1
payload=$2 payload=$2
@ -208,14 +222,14 @@ _send_signed_request() {
_debug payload64 $payload64 _debug payload64 $payload64
nonceurl="$API/directory" nonceurl="$API/directory"
nonce=$($CURL -I $nonceurl | grep "^Replay-Nonce:" | sed s/\\r//|sed s/\\n//| cut -d ' ' -f 2)
nonce="$($CURL -I $nonceurl | grep -o "^Replay-Nonce:.*$" | tr -d "\r\n" | cut -d ' ' -f 2)"
_debug nonce $nonce
_debug nonce "$nonce"
protected=$(echo -n "$HEADERPLACE" | sed "s/NONCE/$nonce/" )
protected="$(printf "$HEADERPLACE" | sed "s/NONCE/$nonce/" )"
_debug protected "$protected" _debug protected "$protected"
protected64=$( echo -n $protected | _base64 | _b64)
protected64="$(printf "$protected" | _base64 | _b64)"
_debug protected64 "$protected64" _debug protected64 "$protected64"
sig=$(echo -n "$protected64.$payload64" | openssl dgst -sha256 -sign $ACCOUNT_KEY_PATH | _base64 | _b64) sig=$(echo -n "$protected64.$payload64" | openssl dgst -sha256 -sign $ACCOUNT_KEY_PATH | _base64 | _b64)
@ -230,11 +244,11 @@ _send_signed_request() {
response="$($CURL -X POST --data "$body" $url)" response="$($CURL -X POST --data "$body" $url)"
fi fi
responseHeaders="$(sed 's/\r//g' $CURL_HEADER)"
responseHeaders="$(cat $CURL_HEADER)"
_debug responseHeaders "$responseHeaders" _debug responseHeaders "$responseHeaders"
_debug response "$response" _debug response "$response"
code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2)"
code="$(grep ^HTTP $CURL_HEADER | tail -1 | cut -d " " -f 2 | tr -d "\r\n" )"
_debug code $code _debug code $code
} }
@ -269,7 +283,8 @@ _setopt() {
if [[ "$__val" == *"&"* ]] ; then if [[ "$__val" == *"&"* ]] ; then
__val="$(echo $__val | sed 's/&/\\&/g')" __val="$(echo $__val | sed 's/&/\\&/g')"
fi fi
sed -i "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" "$__conf"
text="$(cat $__conf)"
printf "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
else else
_debug APP _debug APP
echo "$__opt$__sep$__val$__end" >> "$__conf" echo "$__opt$__sep$__val$__end" >> "$__conf"
@ -369,6 +384,10 @@ _initpath() {
DOMAIN_CONF="$domainhome/$Le_Domain.conf" DOMAIN_CONF="$domainhome/$Le_Domain.conf"
fi fi
if [ -z "$DOMAIN_SSL_CONF" ] ; then
DOMAIN_SSL_CONF="$domainhome/$Le_Domain.ssl.conf"
fi
if [ -z "$CSR_PATH" ] ; then if [ -z "$CSR_PATH" ] ; then
CSR_PATH="$domainhome/$domain.csr" CSR_PATH="$domainhome/$domain.csr"
fi fi
@ -386,8 +405,8 @@ _initpath() {
_apachePath() { _apachePath() {
httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )"
httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )"
httpdconf="$httpdroot/$httpdconfname" httpdconf="$httpdroot/$httpdconfname"
if [ ! -f $httpdconf ] ; then if [ ! -f $httpdconf ] ; then
_err "Apache Config file not found" $httpdconf _err "Apache Config file not found" $httpdconf
@ -606,7 +625,7 @@ issue() {
HEADERPLACE='{"nonce": "NONCE", "alg": "RS256", "jwk": '$jwk'}' HEADERPLACE='{"nonce": "NONCE", "alg": "RS256", "jwk": '$jwk'}'
_debug HEADER "$HEADER" _debug HEADER "$HEADER"
accountkey_json=$(echo -n "$jwk" | sed "s/ //g")
accountkey_json=$(echo -n "$jwk" | tr -d ' ' )
thumbprint=$(echo -n "$accountkey_json" | openssl dgst -sha256 -binary | _base64 | _b64) thumbprint=$(echo -n "$accountkey_json" | openssl dgst -sha256 -binary | _base64 | _b64)
@ -638,7 +657,7 @@ issue() {
_info "Verify each domain" _info "Verify each domain"
sep='#' sep='#'
if [ -z "$vlist" ] ; then if [ -z "$vlist" ] ; then
alldomains=$(echo "$Le_Domain,$Le_Alt" | sed "s/,/ /g")
alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' )
for d in $alldomains for d in $alldomains
do do
_info "Geting token for domain" $d _info "Geting token for domain" $d
@ -649,13 +668,13 @@ issue() {
return 1 return 1
fi fi
entry=$(echo $response | egrep -o '{[^{]*"type":"'$vtype'"[^}]*')
entry="$(printf $response | egrep -o '{[^{]*"type":"'$vtype'"[^}]*')"
_debug entry "$entry" _debug entry "$entry"
token=$(echo "$entry" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g')
token="$(printf "$entry" | egrep -o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
_debug token $token _debug token $token
uri=$(echo "$entry" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g')
uri="$(printf "$entry" | egrep -o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )"
_debug uri $uri _debug uri $uri
keyauthorization="$token.$thumbprint" keyauthorization="$token.$thumbprint"
@ -670,7 +689,7 @@ issue() {
#add entry #add entry
dnsadded="" dnsadded=""
ventries=$(echo "$vlist" | sed "s/,/ /g")
ventries=$(echo "$vlist" | tr ',' ' ' )
for ventry in $ventries for ventry in $ventries
do do
d=$(echo $ventry | cut -d $sep -f 1) d=$(echo $ventry | cut -d $sep -f 1)
@ -745,7 +764,7 @@ issue() {
fi fi
_debug "ok, let's start to verify" _debug "ok, let's start to verify"
ventries=$(echo "$vlist" | sed "s/,/ /g")
ventries=$(echo "$vlist" | tr ',' ' ' )
for ventry in $ventries for ventry in $ventries
do do
d=$(echo $ventry | cut -d $sep -f 1) d=$(echo $ventry | cut -d $sep -f 1)
@ -812,7 +831,7 @@ issue() {
return 1 return 1
fi fi
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | tr -d '"')
if [ "$status" == "valid" ] ; then if [ "$status" == "valid" ] ; then
_info "Success" _info "Success"
_stopserver $serverproc _stopserver $serverproc
@ -848,7 +867,7 @@ issue() {
_send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"
Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
Le_LinkCert="$(grep -i -o '^Location.*$' $CURL_HEADER | tr -d "\r\n" | cut -d " " -f 2)"
_setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert" _setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert"
if [ "$Le_LinkCert" ] ; then if [ "$Le_LinkCert" ] ; then
@ -870,7 +889,7 @@ issue() {
_setopt "$DOMAIN_CONF" 'Le_Vlist' '=' "\"\"" _setopt "$DOMAIN_CONF" 'Le_Vlist' '=' "\"\""
Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' )
_setopt "$DOMAIN_CONF" "Le_LinkIssuer" "=" "$Le_LinkIssuer" _setopt "$DOMAIN_CONF" "Le_LinkIssuer" "=" "$Le_LinkIssuer"
if [ "$Le_LinkIssuer" ] ; then if [ "$Le_LinkIssuer" ] ; then
@ -883,7 +902,7 @@ issue() {
Le_CertCreateTime=$(date -u "+%s") Le_CertCreateTime=$(date -u "+%s")
_setopt "$DOMAIN_CONF" "Le_CertCreateTime" "=" "$Le_CertCreateTime" _setopt "$DOMAIN_CONF" "Le_CertCreateTime" "=" "$Le_CertCreateTime"
Le_CertCreateTimeStr=$(date -u "+%Y-%m-%d %H:%M:%S UTC")
Le_CertCreateTimeStr=$(date -u )
_setopt "$DOMAIN_CONF" "Le_CertCreateTimeStr" "=" "\"$Le_CertCreateTimeStr\"" _setopt "$DOMAIN_CONF" "Le_CertCreateTimeStr" "=" "\"$Le_CertCreateTimeStr\""
if [ ! "$Le_RenewalDays" ] ; then if [ ! "$Le_RenewalDays" ] ; then
@ -892,10 +911,10 @@ issue() {
_setopt "$DOMAIN_CONF" "Le_RenewalDays" "=" "$Le_RenewalDays" _setopt "$DOMAIN_CONF" "Le_RenewalDays" "=" "$Le_RenewalDays"
Le_NextRenewTime=$(date -u -d "+$Le_RenewalDays day" "+%s")
let "Le_NextRenewTime=Le_CertCreateTime+Le_RenewalDays*24*60*60"
_setopt "$DOMAIN_CONF" "Le_NextRenewTime" "=" "$Le_NextRenewTime" _setopt "$DOMAIN_CONF" "Le_NextRenewTime" "=" "$Le_NextRenewTime"
Le_NextRenewTimeStr=$(date -u -d "+$Le_RenewalDays day" "+%Y-%m-%d %H:%M:%S UTC")
Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime )
_setopt "$DOMAIN_CONF" "Le_NextRenewTimeStr" "=" "\"$Le_NextRenewTimeStr\"" _setopt "$DOMAIN_CONF" "Le_NextRenewTimeStr" "=" "\"$Le_NextRenewTimeStr\""
@ -960,6 +979,7 @@ renewAll() {
Le_ReloadCmd="" Le_ReloadCmd=""
DOMAIN_CONF="" DOMAIN_CONF=""
DOMAIN_SSL_CONF=""
CSR_PATH="" CSR_PATH=""
CERT_KEY_PATH="" CERT_KEY_PATH=""
CERT_PATH="" CERT_PATH=""

Write Preview
Loading…
Cancel
Save