Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Support RSA and ECDSA dual certs (#262) 

* Support RSA and ECDSA dual certs

* minor

* fix RSA and ECC dual certs

* minor
pull/273/head
neil 8 years ago
committed by GitHub
parent
527dd31c70
commit
43822d37a7
1 changed files with 207 additions and 89 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 294
      acme.sh

294
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.3.6
VER=2.4.0
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -36,6 +36,9 @@ END_CERT="-----END CERTIFICATE-----"
RENEW_SKIP=2 RENEW_SKIP=2
ECC_SEP="_"
ECC_SUFFIX="${ECC_SEP}ecc"
if [ -z "$AGREEMENT" ] ; then if [ -z "$AGREEMENT" ] ; then
AGREEMENT="$DEFAULT_AGREEMENT" AGREEMENT="$DEFAULT_AGREEMENT"
fi fi
@ -47,25 +50,62 @@ if [ "$(printf '\x41')" != 'A' ] ; then
_URGLY_PRINTF=1 _URGLY_PRINTF=1
fi fi
__green() {
printf '\033[1;31;32m'
printf -- "$1"
printf '\033[0m'
}
__red() {
printf '\033[1;31;40m'
printf -- "$1"
printf '\033[0m'
}
_info() { _info() {
if [ -z "$2" ] ; then if [ -z "$2" ] ; then
echo "[$(date)] $1"
printf -- "[$(date)] $1"
else
printf -- "[$(date)] $1='$2'"
fi
printf "\n"
}
_err_e() {
if [ -z "$2" ] ; then
__red "$1" >&2
else else
echo "[$(date)] $1='$2'"
__red "$1='$2'" >&2
fi fi
} }
_err() { _err() {
_info "$@" >&2
printf -- "[$(date)] " >&2
_err_e "$@"
printf "\n"
return 1 return 1
} }
_usage() {
version
_err_e "$@"
printf "\n"
}
_debug() { _debug() {
if [ -z "$DEBUG" ] ; then if [ -z "$DEBUG" ] ; then
return return
fi fi
_err "$@"
if [ -z "$2" ] ; then
printf -- "[$(date)] $1" >&2
else
printf -- "[$(date)] $1='$2'" >&2
fi
printf "\n"
return 0 return 0
} }
@ -89,10 +129,16 @@ _startswith(){
echo "$_str" | grep "^$_sub" >/dev/null 2>&1 echo "$_str" | grep "^$_sub" >/dev/null 2>&1
} }
_endswith(){
_str="$1"
_sub="$2"
echo "$_str" | grep -- "$_sub\$" >/dev/null 2>&1
}
_contains(){ _contains(){
_str="$1" _str="$1"
_sub="$2" _sub="$2"
echo "$_str" | grep "$_sub" >/dev/null 2>&1
echo "$_str" | grep -- "$_sub" >/dev/null 2>&1
} }
_hasfield() { _hasfield() {
@ -100,7 +146,7 @@ _hasfield() {
_field="$2" _field="$2"
_sep="$3" _sep="$3"
if [ -z "$_field" ] ; then if [ -z "$_field" ] ; then
_err "Usage: str field [sep]"
_usage "Usage: str field [sep]"
return 1 return 1
fi fi
@ -121,7 +167,7 @@ _hasfield() {
_exists(){ _exists(){
cmd="$1" cmd="$1"
if [ -z "$cmd" ] ; then if [ -z "$cmd" ] ; then
_err "Usage: _exists cmd"
_usage "Usage: _exists cmd"
return 1 return 1
fi fi
if type command >/dev/null 2>&1 ; then if type command >/dev/null 2>&1 ; then
@ -208,7 +254,7 @@ _sed_i() {
options="$1" options="$1"
filename="$2" filename="$2"
if [ -z "$filename" ] ; then if [ -z "$filename" ] ; then
_err "Usage:_sed_i options filename"
_usage "Usage:_sed_i options filename"
return 1 return 1
fi fi
_debug2 options "$options" _debug2 options "$options"
@ -236,7 +282,7 @@ _getfile() {
startline="$2" startline="$2"
endline="$3" endline="$3"
if [ -z "$endline" ] ; then if [ -z "$endline" ] ; then
_err "Usage: file startline endline"
_usage "Usage: file startline endline"
return 1 return 1
fi fi
@ -283,7 +329,7 @@ _dbase64() {
_digest() { _digest() {
alg="$1" alg="$1"
if [ -z "$alg" ] ; then if [ -z "$alg" ] ; then
_err "Usage: _digest hashalg"
_usage "Usage: _digest hashalg"
return 1 return 1
fi fi
@ -308,7 +354,7 @@ _sign() {
keyfile="$1" keyfile="$1"
alg="$2" alg="$2"
if [ -z "$alg" ] ; then if [ -z "$alg" ] ; then
_err "Usage: _sign keyfile hashalg"
_usage "Usage: _sign keyfile hashalg"
return 1 return 1
fi fi
@ -321,27 +367,29 @@ _sign() {
} }
#keylength
_isEccKey() {
_length="$1"
if [ -z "$_length" ] ;then
return 1
fi
[ "$_length" != "1024" ] \
&& [ "$_length" != "2048" ] \
&& [ "$_length" != "3172" ] \
&& [ "$_length" != "4096" ] \
&& [ "$_length" != "8192" ]
}
# _createkey 2048|ec-256 file # _createkey 2048|ec-256 file
_createkey() { _createkey() {
length="$1" length="$1"
f="$2" f="$2"
isec=""
eccname="$length"
if _startswith "$length" "ec-" ; then if _startswith "$length" "ec-" ; then
isec="1"
length=$(printf $length | cut -d '-' -f 2-100) length=$(printf $length | cut -d '-' -f 2-100)
eccname="$length"
fi
if [ -z "$length" ] ; then
if [ "$isec" ] ; then
length=256
else
length=2048
fi
fi
_info "Use length $length"
if [ "$isec" ] ; then
if [ "$length" = "256" ] ; then if [ "$length" = "256" ] ; then
eccname="prime256v1" eccname="prime256v1"
fi fi
@ -351,15 +399,27 @@ _createkey() {
if [ "$length" = "521" ] ; then if [ "$length" = "521" ] ; then
eccname="secp521r1" eccname="secp521r1"
fi fi
_info "Using ec name: $eccname"
fi fi
#generate account key
if [ "$isec" ] ; then
if [ -z "$length" ] ; then
length=2048
fi
_info "Use length $length"
if _isEccKey "$length" ; then
_info "Using ec name: $eccname"
openssl ecparam -name $eccname -genkey 2>/dev/null > "$f" openssl ecparam -name $eccname -genkey 2>/dev/null > "$f"
else else
_info "Using RSA: $length"
openssl genrsa $length 2>/dev/null > "$f" openssl genrsa $length 2>/dev/null > "$f"
fi fi
if [ "$?" != "0" ] ; then
_err "Create key error."
return 1
fi
} }
#_createcsr cn san_list keyfile csrfile conf #_createcsr cn san_list keyfile csrfile conf
@ -385,7 +445,7 @@ _createcsr() {
fi fi
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\nsubjectAltName=$alt" > "$csrconf"
printf -- "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\nsubjectAltName=$alt" > "$csrconf"
openssl req -new -sha256 -key "$key" -subj "/CN=$domain" -config "$csrconf" -out "$csr" openssl req -new -sha256 -key "$key" -subj "/CN=$domain" -config "$csrconf" -out "$csr"
fi fi
} }
@ -434,15 +494,18 @@ _ss() {
return 1 return 1
} }
#domain [password] [isEcc]
toPkcs() { toPkcs() {
domain="$1" domain="$1"
pfxPassword="$2" pfxPassword="$2"
if [ -z "$domain" ] ; then if [ -z "$domain" ] ; then
echo "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]"
_usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]"
return 1 return 1
fi fi
_initpath "$domain"
_isEcc="$3"
_initpath "$domain" "$_isEcc"
if [ "$pfxPassword" ] ; then if [ "$pfxPassword" ] ; then
openssl pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword" openssl pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword"
@ -460,7 +523,7 @@ toPkcs() {
createAccountKey() { createAccountKey() {
_info "Creating account key" _info "Creating account key"
if [ -z "$1" ] ; then if [ -z "$1" ] ; then
echo Usage: $PROJECT_ENTRY --createAccountKey -d domain.com [--accountkeylength 2048]
_usage "Usage: $PROJECT_ENTRY --createAccountKey -d domain.com [--accountkeylength 2048]"
return return
fi fi
@ -488,19 +551,19 @@ createAccountKey() {
} }
#domain length
#domain [length]
createDomainKey() { createDomainKey() {
_info "Creating domain key" _info "Creating domain key"
if [ -z "$1" ] ; then if [ -z "$1" ] ; then
echo Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]
_usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]"
return return
fi fi
domain=$1 domain=$1
_initpath $domain
length=$2 length=$2
_initpath $domain "$length"
if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then
_createkey "$length" "$CERT_KEY_PATH" _createkey "$length" "$CERT_KEY_PATH"
else else
@ -516,23 +579,30 @@ createDomainKey() {
} }
# domain domainlist
# domain domainlist isEcc
createCSR() { createCSR() {
_info "Creating csr" _info "Creating csr"
if [ -z "$1" ] ; then if [ -z "$1" ] ; then
echo "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]"
_usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]"
return return
fi fi
domain=$1
_initpath "$domain"
domainlist=$2
domain="$1"
domainlist="$2"
_isEcc="$3"
_initpath "$domain" "$_isEcc"
if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then
_info "CSR exists, skip" _info "CSR exists, skip"
return return
fi fi
if [ ! -f "$CERT_KEY_PATH" ] ; then
_err "The key file is not found: $CERT_KEY_PATH"
_err "Please create the key file first."
return 1
fi
_createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" _createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"
} }
@ -582,7 +652,7 @@ _stat() {
_calcjwk() { _calcjwk() {
keyfile="$1" keyfile="$1"
if [ -z "$keyfile" ] ; then if [ -z "$keyfile" ] ; then
_err "Usage: _calcjwk keyfile"
_usage "Usage: _calcjwk keyfile"
return 1 return 1
fi fi
EC_SIGN="" EC_SIGN=""
@ -825,7 +895,7 @@ _setopt() {
__val="$4" __val="$4"
__end="$5" __end="$5"
if [ -z "$__opt" ] ; then if [ -z "$__opt" ] ; then
echo usage: _setopt '"file" "opt" "=" "value" [";"]'
_usage usage: _setopt '"file" "opt" "=" "value" [";"]'
return return
fi fi
if [ ! -f "$__conf" ] ; then if [ ! -f "$__conf" ] ; then
@ -1012,6 +1082,7 @@ _starttlsserver() {
_debug serverproc $serverproc _debug serverproc $serverproc
} }
#[domain] [keylength]
_initpath() { _initpath() {
if [ -z "$LE_WORKING_DIR" ] ; then if [ -z "$LE_WORKING_DIR" ] ; then
@ -1091,55 +1162,67 @@ _initpath() {
fi fi
domain="$1" domain="$1"
length="$2"
if [ -z "$domain" ] ; then if [ -z "$domain" ] ; then
return 0 return 0
fi fi
domainhome="$CERT_HOME/$domain"
mkdir -p "$domainhome"
if [ -z "$DOMAIN_PATH" ] ; then if [ -z "$DOMAIN_PATH" ] ; then
domainhome="$CERT_HOME/$domain"
domainhomeecc="$CERT_HOME/$domain$ECC_SUFFIX"
DOMAIN_PATH="$domainhome" DOMAIN_PATH="$domainhome"
if _isEccKey "$length" ; then
DOMAIN_PATH="$domainhomeecc"
else
if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ] ; then
_info "The domain '$domain' seems to be a ECC domain, please add '$(__red "--ecc")' parameter next time."
DOMAIN_PATH="$domainhomeecc"
fi
fi
_debug DOMAIN_PATH "$DOMAIN_PATH"
fi fi
if [ -z "$DOMAIN_CONF" ] ; then if [ -z "$DOMAIN_CONF" ] ; then
DOMAIN_CONF="$domainhome/$domain.conf"
DOMAIN_CONF="$DOMAIN_PATH/$domain.conf"
fi fi
if [ -z "$DOMAIN_SSL_CONF" ] ; then if [ -z "$DOMAIN_SSL_CONF" ] ; then
DOMAIN_SSL_CONF="$domainhome/$domain.ssl.conf"
DOMAIN_SSL_CONF="$DOMAIN_PATH/$domain.ssl.conf"
fi fi
if [ -z "$CSR_PATH" ] ; then if [ -z "$CSR_PATH" ] ; then
CSR_PATH="$domainhome/$domain.csr"
CSR_PATH="$DOMAIN_PATH/$domain.csr"
fi fi
if [ -z "$CERT_KEY_PATH" ] ; then if [ -z "$CERT_KEY_PATH" ] ; then
CERT_KEY_PATH="$domainhome/$domain.key"
CERT_KEY_PATH="$DOMAIN_PATH/$domain.key"
fi fi
if [ -z "$CERT_PATH" ] ; then if [ -z "$CERT_PATH" ] ; then
CERT_PATH="$domainhome/$domain.cer"
CERT_PATH="$DOMAIN_PATH/$domain.cer"
fi fi
if [ -z "$CA_CERT_PATH" ] ; then if [ -z "$CA_CERT_PATH" ] ; then
CA_CERT_PATH="$domainhome/ca.cer"
CA_CERT_PATH="$DOMAIN_PATH/ca.cer"
fi fi
if [ -z "$CERT_FULLCHAIN_PATH" ] ; then if [ -z "$CERT_FULLCHAIN_PATH" ] ; then
CERT_FULLCHAIN_PATH="$domainhome/fullchain.cer"
CERT_FULLCHAIN_PATH="$DOMAIN_PATH/fullchain.cer"
fi fi
if [ -z "$CERT_PFX_PATH" ] ; then if [ -z "$CERT_PFX_PATH" ] ; then
CERT_PFX_PATH="$domainhome/$domain.pfx"
CERT_PFX_PATH="$DOMAIN_PATH/$domain.pfx"
fi fi
if [ -z "$TLS_CONF" ] ; then if [ -z "$TLS_CONF" ] ; then
TLS_CONF="$domainhome/tls.valdation.conf"
TLS_CONF="$DOMAIN_PATH/tls.valdation.conf"
fi fi
if [ -z "$TLS_CERT" ] ; then if [ -z "$TLS_CERT" ] ; then
TLS_CERT="$domainhome/tls.valdation.cert"
TLS_CERT="$DOMAIN_PATH/tls.valdation.cert"
fi fi
if [ -z "$TLS_KEY" ] ; then if [ -z "$TLS_KEY" ] ; then
TLS_KEY="$domainhome/tls.valdation.key"
TLS_KEY="$DOMAIN_PATH/tls.valdation.key"
fi fi
if [ -z "$TLS_CSR" ] ; then if [ -z "$TLS_CSR" ] ; then
TLS_CSR="$domainhome/tls.valdation.csr"
TLS_CSR="$DOMAIN_PATH/tls.valdation.csr"
fi fi
} }
@ -1326,7 +1409,7 @@ _clearupwebbroot() {
issue() { issue() {
if [ -z "$2" ] ; then if [ -z "$2" ] ; then
echo "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
return 1 return 1
fi fi
Le_Webroot="$1" Le_Webroot="$1"
@ -1350,7 +1433,10 @@ issue() {
Le_Webroot="dns_cx" Le_Webroot="dns_cx"
fi fi
_initpath $Le_Domain
if [ ! "$IS_RENEW" ] ; then
_initpath $Le_Domain "$Le_Keylength"
mkdir -p "$DOMAIN_PATH"
fi
if [ -f "$DOMAIN_CONF" ] ; then if [ -f "$DOMAIN_CONF" ] ; then
Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime)
@ -1482,7 +1568,7 @@ issue() {
_savedomainconf "Le_Keylength" "$Le_Keylength" _savedomainconf "Le_Keylength" "$Le_Keylength"
if ! createCSR $Le_Domain $Le_Alt ; then
if ! _createcsr "$Le_Domain" "$Le_Alt" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" ; then
_err "Create CSR error." _err "Create CSR error."
_clearup _clearup
return 1 return 1
@ -1861,7 +1947,7 @@ issue() {
echo "$BEGIN_CERT" > "$CERT_PATH" echo "$BEGIN_CERT" > "$CERT_PATH"
_get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH"
echo "$END_CERT" >> "$CERT_PATH" echo "$END_CERT" >> "$CERT_PATH"
_info "Cert success."
_info "$(__green "Cert success.")"
cat "$CERT_PATH" cat "$CERT_PATH"
_info "Your cert is in $CERT_PATH" _info "Your cert is in $CERT_PATH"
@ -1918,22 +2004,26 @@ issue() {
if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ] ; then if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ] ; then
installcert $Le_Domain "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath"
_installcert
fi fi
} }
#domain [isEcc]
renew() { renew() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ] ; then if [ -z "$Le_Domain" ] ; then
_err "Usage: $PROJECT_ENTRY --renew -d domain.com"
_usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]"
return 1 return 1
fi fi
_initpath $Le_Domain
_info "Renew: $Le_Domain"
_isEcc="$2"
_initpath $Le_Domain "$_isEcc"
_info "Renew: '$Le_Domain'"
if [ ! -f "$DOMAIN_CONF" ] ; then if [ ! -f "$DOMAIN_CONF" ] ; then
_info "$Le_Domain is not a issued domain, skip."
_info "'$Le_Domain' is not a issued domain, skip."
return 0; return 0;
fi fi
@ -1961,10 +2051,15 @@ renewAll() {
_stopRenewOnError="$1" _stopRenewOnError="$1"
_debug "_stopRenewOnError" "$_stopRenewOnError" _debug "_stopRenewOnError" "$_stopRenewOnError"
_ret="0" _ret="0"
for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do
d=$(echo $d | cut -d '/' -f 1) d=$(echo $d | cut -d '/' -f 1)
( (
renew "$d"
if _endswith $d "$ECC_SUFFIX" ; then
_isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2)
d=$(echo $d | cut -d "$ECC_SEP" -f 1)
fi
renew "$d" "$_isEcc"
) )
rc="$?" rc="$?"
_debug "Return code: $rc" _debug "Return code: $rc"
@ -1990,14 +2085,18 @@ list() {
_sep="|" _sep="|"
if [ "$_raw" ] ; then if [ "$_raw" ] ; then
printf "Main_Domain${_sep}SAN_Domains${_sep}Created${_sep}Renew\n"
printf "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew\n"
for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do
d=$(echo $d | cut -d '/' -f 1) d=$(echo $d | cut -d '/' -f 1)
( (
_initpath $d
if _endswith $d "$ECC_SUFFIX" ; then
_isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2)
d=$(echo $d | cut -d "$ECC_SEP" -f 1)
fi
_initpath $d "$_isEcc"
if [ -f "$DOMAIN_CONF" ] ; then if [ -f "$DOMAIN_CONF" ] ; then
. "$DOMAIN_CONF" . "$DOMAIN_CONF"
printf "$Le_Domain${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr\n"
printf "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr\n"
fi fi
) )
done done
@ -2005,7 +2104,7 @@ list() {
if _exists column ; then if _exists column ; then
list "raw" | column -t -s "$_sep" list "raw" | column -t -s "$_sep"
else else
list "raw" | tr '|' '\t'
list "raw" | tr "$_sep" '\t'
fi fi
fi fi
@ -2015,7 +2114,7 @@ list() {
installcert() { installcert() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ] ; then if [ -z "$Le_Domain" ] ; then
echo "Usage: $PROJECT_ENTRY --installcert -d domain.com [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]"
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]"
return 1 return 1
fi fi
@ -2024,8 +2123,19 @@ installcert() {
Le_RealCACertPath="$4" Le_RealCACertPath="$4"
Le_ReloadCmd="$5" Le_ReloadCmd="$5"
Le_RealFullChainPath="$6" Le_RealFullChainPath="$6"
_isEcc="$7"
_initpath $Le_Domain "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ] ; then
_err "Domain is not valid:'$Le_Domain'"
return 1
fi
_installcert
}
_initpath $Le_Domain
_installcert() {
_savedomainconf "Le_RealCertPath" "$Le_RealCertPath" _savedomainconf "Le_RealCertPath" "$Le_RealCertPath"
_savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath"
@ -2053,7 +2163,7 @@ installcert() {
if [ "$Le_RealCertPath" ] ; then if [ "$Le_RealCertPath" ] ; then
_installed=1 _installed=1
_info "Installing cert to:$Le_RealCertPath" _info "Installing cert to:$Le_RealCertPath"
if [ -f "$Le_RealCertPath" ] ; then
if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ] ; then
cp "$Le_RealCertPath" "$Le_RealCertPath".bak cp "$Le_RealCertPath" "$Le_RealCertPath".bak
fi fi
cat "$CERT_PATH" > "$Le_RealCertPath" cat "$CERT_PATH" > "$Le_RealCertPath"
@ -2066,7 +2176,7 @@ installcert() {
echo "" >> "$Le_RealCACertPath" echo "" >> "$Le_RealCACertPath"
cat "$CA_CERT_PATH" >> "$Le_RealCACertPath" cat "$CA_CERT_PATH" >> "$Le_RealCACertPath"
else else
if [ -f "$Le_RealCACertPath" ] ; then
if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ] ; then
cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak
fi fi
cat "$CA_CERT_PATH" > "$Le_RealCACertPath" cat "$CA_CERT_PATH" > "$Le_RealCACertPath"
@ -2077,7 +2187,7 @@ installcert() {
if [ "$Le_RealKeyPath" ] ; then if [ "$Le_RealKeyPath" ] ; then
_installed=1 _installed=1
_info "Installing key to:$Le_RealKeyPath" _info "Installing key to:$Le_RealKeyPath"
if [ -f "$Le_RealKeyPath" ] ; then
if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ] ; then
cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak
fi fi
cat "$CERT_KEY_PATH" > "$Le_RealKeyPath" cat "$CERT_KEY_PATH" > "$Le_RealKeyPath"
@ -2086,7 +2196,7 @@ installcert() {
if [ "$Le_RealFullChainPath" ] ; then if [ "$Le_RealFullChainPath" ] ; then
_installed=1 _installed=1
_info "Installing full chain to:$Le_RealFullChainPath" _info "Installing full chain to:$Le_RealFullChainPath"
if [ -f "$Le_RealFullChainPath" ] ; then
if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ] ; then
cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak
fi fi
cat "$CERT_FULLCHAIN_PATH" > "$Le_RealFullChainPath" cat "$CERT_FULLCHAIN_PATH" > "$Le_RealFullChainPath"
@ -2096,7 +2206,7 @@ installcert() {
_installed=1 _installed=1
_info "Run Le_ReloadCmd: $Le_ReloadCmd" _info "Run Le_ReloadCmd: $Le_ReloadCmd"
if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") ; then if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") ; then
_info "Reload success."
_info "$(__green "Reload success")"
else else
_err "Reload error for :$Le_Domain" _err "Reload error for :$Le_Domain"
fi fi
@ -2158,11 +2268,13 @@ uninstallcronjob() {
revoke() { revoke() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ] ; then if [ -z "$Le_Domain" ] ; then
echo "Usage: $PROJECT_ENTRY --revoke -d domain.com"
_usage "Usage: $PROJECT_ENTRY --revoke -d domain.com"
return 1 return 1
fi fi
_initpath $Le_Domain
_isEcc="$2"
_initpath $Le_Domain "$_isEcc"
if [ ! -f "$DOMAIN_CONF" ] ; then if [ ! -f "$DOMAIN_CONF" ] ; then
_err "$Le_Domain is not a issued domain, skip." _err "$Le_Domain is not a issued domain, skip."
return 1; return 1;
@ -2341,7 +2453,7 @@ _setShebang() {
_file="$1" _file="$1"
_shebang="$2" _shebang="$2"
if [ -z "$_shebang" ] ; then if [ -z "$_shebang" ] ; then
_err "Usage: file shebang"
_usage "Usage: file shebang"
return 1 return 1
fi fi
cp "$_file" "$_file.tmp" cp "$_file" "$_file.tmp"
@ -2592,6 +2704,7 @@ Parameters:
--stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal. --stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
--ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
" "
} }
@ -2665,6 +2778,7 @@ _process() {
_stopRenewOnError="" _stopRenewOnError=""
_insecure="" _insecure=""
_nocron="" _nocron=""
_ecc=""
while [ ${#} -gt 0 ] ; do while [ ${#} -gt 0 ] ; do
case "${1}" in case "${1}" in
@ -2908,6 +3022,10 @@ _process() {
--nocron) --nocron)
_nocron="1" _nocron="1"
;; ;;
--ecc)
_ecc="isEcc"
;;
*) *)
_err "Unknown parameter : $1" _err "Unknown parameter : $1"
return 1 return 1
@ -2929,16 +3047,16 @@ _process() {
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath"
;; ;;
installcert) installcert)
installcert "$_domain" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath"
installcert "$_domain" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_ecc"
;; ;;
renew) renew)
renew "$_domain"
renew "$_domain" "$_ecc"
;; ;;
renewAll) renewAll)
renewAll "$_stopRenewOnError" renewAll "$_stopRenewOnError"
;; ;;
revoke) revoke)
revoke "$_domain"
revoke "$_domain" "$_ecc"
;; ;;
list) list)
list "$_listraw" list "$_listraw"
@ -2947,7 +3065,7 @@ _process() {
uninstallcronjob) uninstallcronjob ;; uninstallcronjob) uninstallcronjob ;;
cron) cron ;; cron) cron ;;
toPkcs) toPkcs)
toPkcs "$_domain" "$_password"
toPkcs "$_domain" "$_password" "$_ecc"
;; ;;
createAccountKey) createAccountKey)
createAccountKey "$_domain" "$_accountkeylength" createAccountKey "$_domain" "$_accountkeylength"
@ -2956,7 +3074,7 @@ _process() {
createDomainKey "$_domain" "$_keylength" createDomainKey "$_domain" "$_keylength"
;; ;;
createCSR) createCSR)
createCSR "$_domain" "$_altdomains"
createCSR "$_domain" "$_altdomains" "$_ecc"
;; ;;
*) *)

Write Preview
Loading…
Cancel
Save