From a61fe418b2b6b8c8d53a678feda57aab9a556902 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 11 Oct 2016 20:56:59 +0800 Subject: [PATCH 1/2] support deploy api --- acme.sh | 138 ++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 113 insertions(+), 25 deletions(-) diff --git a/acme.sh b/acme.sh index 9ff54d32..3e3f7799 100755 --- a/acme.sh +++ b/acme.sh @@ -11,6 +11,7 @@ PROJECT="https://github.com/Neilpang/$PROJECT_NAME" DEFAULT_INSTALL_HOME="$HOME/.$PROJECT_NAME" _SCRIPT_="$0" +_SUB_FOLDERS="dnsapi deploy" DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" @@ -1987,6 +1988,29 @@ _regAccount() { } +# domain folder file +_findHook() { + _hookdomain="$1" + _hookcat="$2" + _hookname="$3" + + if [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ] ; then + d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname" + elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ] ; then + d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" + elif [ -f "$LE_WORKING_DIR/$_hookname" ] ; then + d_api="$LE_WORKING_DIR/$_hookname" + elif [ -f "$LE_WORKING_DIR/$_hookname.sh" ] ; then + d_api="$LE_WORKING_DIR/$_hookname.sh" + elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname" ] ; then + d_api="$LE_WORKING_DIR/$_hookcat/$_hookname" + elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname.sh" ] ; then + d_api="$LE_WORKING_DIR/$_hookcat/$_hookname.sh" + fi + + printf "%s" "$d_api" +} + #webroot, domain domainlist keylength issue() { if [ -z "$2" ] ; then @@ -2196,22 +2220,9 @@ issue() { _debug txtdomain "$txtdomain" txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _urlencode)" _debug txt "$txt" - #dns - #1. check use api - d_api="" - if [ -f "$LE_WORKING_DIR/$d/$_currentRoot" ] ; then - d_api="$LE_WORKING_DIR/$d/$_currentRoot" - elif [ -f "$LE_WORKING_DIR/$d/$_currentRoot.sh" ] ; then - d_api="$LE_WORKING_DIR/$d/$_currentRoot.sh" - elif [ -f "$LE_WORKING_DIR/$_currentRoot" ] ; then - d_api="$LE_WORKING_DIR/$_currentRoot" - elif [ -f "$LE_WORKING_DIR/$_currentRoot.sh" ] ; then - d_api="$LE_WORKING_DIR/$_currentRoot.sh" - elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot" ] ; then - d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot" - elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" ] ; then - d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" - fi + + d_api="$(_findHook $d dnsapi $_currentRoot)" + _debug d_api "$d_api" if [ "$d_api" ] ; then @@ -2627,6 +2638,15 @@ renew() { IS_RENEW="1" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" res=$? + if [ "$res" != "0" ] ; then + return $res + fi + + if [ "$Le_DeployHook" ] ; then + deploy $Le_Domain "$Le_DeployHook" "$Le_Keylength" + res=$? + fi + IS_RENEW="" return $res @@ -2788,6 +2808,56 @@ list() { } +deploy() { + Le_Domain="$1" + Le_DeployHook="$2" + _isEcc="$3" + if [ -z "$Le_DeployHook" ] ; then + _usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] " + return 1 + fi + + _initpath $Le_Domain "$_isEcc" + if [ ! -d "$DOMAIN_PATH" ] ; then + _err "Domain is not valid:'$Le_Domain'" + return 1 + fi + + _deployApi="$(_findHook $Le_Domain deploy $Le_DeployHook)" + if [ -z "$_deployApi" ] ; then + _err "The deploy hook $Le_DeployHook is not found." + return 1 + fi + _debug _deployApi "$_deployApi" + + _savedomainconf Le_DeployHook "$Le_DeployHook" + + if ! ( + if ! . $_deployApi ; then + _err "Load file $_deployApi error. Please check your api file and try again." + return 1 + fi + + d_command="${Le_DeployHook}_deploy" + if ! _exists $d_command ; then + _err "It seems that your api file is not correct, it must have a function named: $d_command" + return 1 + fi + + if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH" ; then + _err "Error deploy for domain:$Le_Domain" + _on_issue_err + return 1 + fi + ) ; then + _err "Deploy error." + return 1 + else + _info "$(__green Success)" + fi + +} + installcert() { Le_Domain="$1" if [ -z "$Le_Domain" ] ; then @@ -3338,10 +3408,13 @@ install() { _installalias - if [ -d "dnsapi" ] ; then - mkdir -p $LE_WORKING_DIR/dnsapi - cp dnsapi/* $LE_WORKING_DIR/dnsapi/ - fi + for subf in $_SUB_FOLDERS ; do + if [ -d "$subf" ] ; then + mkdir -p $LE_WORKING_DIR/$subf + cp $subf/* $LE_WORKING_DIR/$subf/ + fi + done + if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then _initconf @@ -3369,11 +3442,13 @@ install() { _info "Good, bash is found, so change the shebang to use bash as prefered." _shebang='#!/usr/bin/env bash' _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" - if [ -d "$LE_WORKING_DIR/dnsapi" ] ; then - for _apifile in $(ls "$LE_WORKING_DIR/dnsapi/"*.sh) ; do - _setShebang "$_apifile" "$_shebang" - done - fi + for subf in $_SUB_FOLDERS ; do + if [ -d "$LE_WORKING_DIR/$subf" ] ; then + for _apifile in "$LE_WORKING_DIR/$subf/"*.sh ; do + _setShebang "$_apifile" "$_shebang" + done + fi + done fi fi @@ -3453,6 +3528,7 @@ Commands: --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT . --issue Issue a cert. --signcsr Issue a cert from an existing csr. + --deploy Deploy the cert to your server. --installcert Install the issued cert to apache/nginx or any other server. --renew, -r Renew a cert. --renewAll Renew all the certs. @@ -3517,6 +3593,7 @@ Parameters: --pre-hook Command to be run before obtaining any certificates. --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. --renew-hook Command to be run once for each successfully renewed certificate. + --deploy-hook The hook file to deploy cert --ocsp-must-staple, --ocsp Generate ocsp must Staple extension. --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. --listen-v4 Force standalone/tls server to listen at ipv4. @@ -3623,6 +3700,7 @@ _process() { _pre_hook="" _post_hook="" _renew_hook="" + _deploy_hook="" _logfile="" _log="" _local_address="" @@ -3653,6 +3731,9 @@ _process() { --issue) _CMD="issue" ;; + --deploy) + _CMD="deploy" + ;; --signcsr) _CMD="signcsr" ;; @@ -3915,6 +3996,10 @@ _process() { _renew_hook="$2" shift ;; + --deploy-hook) + _deploy_hook="$2" + shift + ;; --ocsp-must-staple|--ocsp) Le_OCSP_Stable="1" ;; @@ -3992,6 +4077,9 @@ _process() { issue) issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" ;; + deploy) + deploy "$_domain" "$_deploy_hook" "$_ecc" + ;; signcsr) signcsr "$_csr" "$_webroot" ;; From 3db446633c504a45300ac067519e4aee870753ee Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 25 Oct 2016 21:09:01 +0800 Subject: [PATCH 2/2] add deploy api --- deploy/myapi.sh | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 deploy/myapi.sh diff --git a/deploy/myapi.sh b/deploy/myapi.sh new file mode 100644 index 00000000..52e313e7 --- /dev/null +++ b/deploy/myapi.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env sh + +#Here is a sample custom api script. +#This file name is "myapi.sh" +#So, here must be a method myapi_deploy() +#Which will be called by acme.sh to deploy the cert +#returns 0 means success, otherwise error. + + + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +myapi_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + + _err "Not implemented yet" + return 1 + +} + +