diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 8905a651..00000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,12 +0,0 @@ -# These are supported funding model platforms - -github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] -patreon: # Replace with a single Patreon username -open_collective: acmesh -ko_fi: neilpang -tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel -community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry -liberapay: # Replace with a single Liberapay username -issuehunt: # Replace with a single IssueHunt username -otechie: # Replace with a single Otechie username -custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md deleted file mode 100644 index c9c1b555..00000000 --- a/.github/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,27 +0,0 @@ - - -Steps to reproduce ------------------- - -Debug log ------------------ - -``` -acme.sh --issue ..... --debug 2 -``` - - diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index 4f7ceb47..00000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,9 +0,0 @@ - \ No newline at end of file diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml deleted file mode 100644 index 615e5d8b..00000000 --- a/.github/workflows/DNS.yml +++ /dev/null @@ -1,465 +0,0 @@ -name: DNS -on: - push: - paths: - - 'dnsapi/*.sh' - - '.github/workflows/DNS.yml' - pull_request: - branches: - - 'dev' - paths: - - 'dnsapi/*.sh' - - '.github/workflows/DNS.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - CheckToken: - runs-on: ubuntu-latest - outputs: - hasToken: ${{ steps.step_one.outputs.hasToken }} - steps: - - name: Set the value - id: step_one - run: | - if [ "${{secrets.TokenName1}}" ] ; then - echo "::set-output name=hasToken::true" - else - echo "::set-output name=hasToken::false" - fi - - name: Check the value - run: echo ${{ steps.step_one.outputs.hasToken }} - - Fail: - runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'false')" - steps: - - name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" - run: | - echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" - if [ "${{github.repository_owner}}" != "acmesh-official" ]; then - false - fi - - Docker: - runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'true')" - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Set env file - run: | - cd ../acmetest - if [ "${{ secrets.TokenName1}}" ] ; then - echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env - fi - if [ "${{ secrets.TokenName2}}" ] ; then - echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env - fi - if [ "${{ secrets.TokenName3}}" ] ; then - echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env - fi - if [ "${{ secrets.TokenName4}}" ] ; then - echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env - fi - if [ "${{ secrets.TokenName5}}" ] ; then - echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env - fi - - - name: Run acmetest - run: cd ../acmetest && ./rundocker.sh testall - - - - - MacOS: - runs-on: macos-latest - needs: Docker - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Install tools - run: brew install socat - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - - - - Windows: - runs-on: windows-latest - needs: MacOS - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - name: Set git to use LF - run: | - git config --global core.autocrlf false - - uses: actions/checkout@v3 - - name: Install cygwin base packages with chocolatey - run: | - choco config get cacheLocation - choco install --no-progress cygwin - shell: cmd - - name: Install cygwin additional packages - run: | - C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git - shell: cmd - - name: Set ENV - shell: cmd - run: | - echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - shell: bash - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - - - FreeBSD: - runs-on: macos-12 - needs: Windows - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: pkg install -y socat curl - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - - - - OpenBSD: - runs-on: macos-12 - needs: FreeBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: pkg_add socat curl - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - - - - NetBSD: - runs-on: macos-12 - needs: OpenBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: | - pkg_add curl socat - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - - - - DragonFlyBSD: - runs-on: macos-12 - needs: NetBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: | - pkg install -y curl socat - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - - - - - - - Solaris: - runs-on: macos-12 - needs: DragonFlyBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Solaris doesn't accept the expired ISRG X1 root - TokenName1: ${{ secrets.TokenName1}} - TokenName2: ${{ secrets.TokenName2}} - TokenName3: ${{ secrets.TokenName3}} - TokenName4: ${{ secrets.TokenName4}} - TokenName5: ${{ secrets.TokenName5}} - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - copyback: false - prepare: pkgutil -y -i socat - run: | - pkg set-mediator -v -I default@1.1 openssl - export PATH=/usr/gnu/bin:$PATH - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}" - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}" - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}" - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}" - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}" - fi - cd ../acmetest - ./letest.sh - - diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml deleted file mode 100644 index 5a0d81ba..00000000 --- a/.github/workflows/DragonFlyBSD.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: DragonFlyBSD -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/DragonFlyBSD.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/DragonFlyBSD.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - - -jobs: - DragonFlyBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' - copyback: "false" - nat: | - "8080": "80" - prepare: | - pkg install -y curl socat libnghttp2 - usesh: true - run: | - cd ../acmetest \ - && ./letest.sh - - diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml deleted file mode 100644 index 0fa55fd4..00000000 --- a/.github/workflows/FreeBSD.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: FreeBSD -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/FreeBSD.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/FreeBSD.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - -jobs: - FreeBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - ACME_USE_WGET: 1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' - nat: | - "8080": "80" - prepare: pkg install -y socat curl wget - usesh: true - copyback: false - run: | - cd ../acmetest \ - && ./letest.sh - - diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml deleted file mode 100644 index 156fa5df..00000000 --- a/.github/workflows/Linux.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Linux -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/Linux.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/Linux.yml' - - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - - -jobs: - Linux: - strategy: - matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] - runs-on: ubuntu-latest - env: - TEST_LOCAL: 1 - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - TEST_ACME_Server: "LetsEncrypt.org_test" - steps: - - uses: actions/checkout@v3 - - name: Clone acmetest - run: | - cd .. \ - && git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ - && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - cd ../acmetest \ - && ./rundocker.sh testplat ${{ matrix.os }} - - - diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml deleted file mode 100644 index c1f29769..00000000 --- a/.github/workflows/MacOS.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: MacOS -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/MacOS.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/MacOS.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - -jobs: - MacOS: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-latest - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - steps: - - uses: actions/checkout@v3 - - name: Install tools - run: brew install socat - - name: Clone acmetest - run: | - cd .. \ - && git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ - && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - cd ../acmetest \ - && sudo --preserve-env ./letest.sh - - diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml deleted file mode 100644 index 25872c42..00000000 --- a/.github/workflows/NetBSD.yml +++ /dev/null @@ -1,71 +0,0 @@ -name: NetBSD -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/NetBSD.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/NetBSD.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - - -jobs: - NetBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' - nat: | - "8080": "80" - prepare: | - pkg_add curl socat - usesh: true - copyback: false - run: | - cd ../acmetest \ - && ./letest.sh - - diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml deleted file mode 100644 index 745a9408..00000000 --- a/.github/workflows/OpenBSD.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: OpenBSD -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/OpenBSD.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/OpenBSD.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - -jobs: - OpenBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - ACME_USE_WGET: 1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' - nat: | - "8080": "80" - prepare: pkg_add socat curl wget libnghttp2 - usesh: true - copyback: false - run: | - cd ../acmetest \ - && ./letest.sh - - diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml deleted file mode 100644 index 9f3a98ce..00000000 --- a/.github/workflows/PebbleStrict.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: PebbleStrict -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/PebbleStrict.yml' - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/PebbleStrict.yml' - - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - -jobs: - PebbleStrict: - runs-on: ubuntu-latest - env: - TestingDomain: example.com - TestingAltDomains: www.example.com - TEST_ACME_Server: https://localhost:14000/dir - HTTPS_INSECURE: 1 - Le_HTTPPort: 5002 - TEST_LOCAL: 1 - TEST_CA: "Pebble Intermediate CA" - - steps: - - uses: actions/checkout@v3 - - name: Install tools - run: sudo apt-get install -y socat - - name: Run Pebble - run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d - - name: Set up Pebble - run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4 - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - run: cd ../acmetest && ./letest.sh - - PebbleStrict_IPCert: - runs-on: ubuntu-latest - env: - TestingDomain: 1.23.45.67 - TEST_ACME_Server: https://localhost:14000/dir - HTTPS_INSECURE: 1 - Le_HTTPPort: 5002 - Le_TLSPort: 5001 - TEST_LOCAL: 1 - TEST_CA: "Pebble Intermediate CA" - TEST_IPCERT: 1 - - steps: - - uses: actions/checkout@v3 - - name: Install tools - run: sudo apt-get install -y socat - - name: Run Pebble - run: | - docker run --rm -itd --name=pebble \ - -e PEBBLE_VA_ALWAYS_VALID=1 \ - -p 14000:14000 -p 15000:15000 letsencrypt/pebble:latest pebble -config /test/config/pebble-config.json -strict - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - run: cd ../acmetest && ./letest.sh \ No newline at end of file diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml deleted file mode 100644 index 34d31a59..00000000 --- a/.github/workflows/Solaris.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Solaris -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/Solaris.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/Solaris.yml' - - - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - Solaris: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - ACME_USE_WGET: 1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: macos-12 - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} - steps: - - uses: actions/checkout@v3 - - uses: vmactions/cf-tunnel@v0 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0 - with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' - copyback: "false" - nat: | - "8080": "80" - prepare: pkgutil -y -i socat curl wget - run: | - cd ../acmetest \ - && ./letest.sh - diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml deleted file mode 100644 index 4bf2ba29..00000000 --- a/.github/workflows/Ubuntu.yml +++ /dev/null @@ -1,103 +0,0 @@ -name: Ubuntu -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/Ubuntu.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/Ubuntu.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - - -jobs: - Ubuntu: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - ACME_USE_WGET: 1 - - TEST_ACME_Server: "ZeroSSL.com" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - TEST_PREFERRED_CHAIN: "" - - TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" - CA_ECDSA: "Smallstep Intermediate CA" - CA: "Smallstep Intermediate CA" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: "" - NO_REVOKE: 1 - - TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" - CA_ECDSA: "Smallstep Intermediate CA" - CA: "Smallstep Intermediate CA" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: "" - NO_REVOKE: 1 - TEST_IPCERT: 1 - TestingDomain: "172.17.0.1" - - runs-on: ubuntu-latest - env: - TEST_LOCAL: 1 - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - NO_ECC_384: ${{ matrix.NO_ECC_384 }} - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - NO_REVOKE: ${{ matrix.NO_REVOKE }} - TEST_IPCERT: ${{ matrix.TEST_IPCERT }} - TestingDomain: ${{ matrix.TestingDomain }} - ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} - steps: - - uses: actions/checkout@v3 - - name: Install tools - run: sudo apt-get install -y socat wget - - name: Start StepCA - if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} - run: | - docker run --rm -d \ - -p 9000:9000 \ - -e "DOCKER_STEPCA_INIT_NAME=Smallstep" \ - -e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ - -e "DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true" \ - -e "DOCKER_STEPCA_INIT_PASSWORD=test" \ - --name stepca \ - smallstep/step-ca:0.23.1 - - sleep 5 - docker exec stepca bash -c "echo test >test" \ - && docker exec stepca step ca provisioner add acme --type ACME --admin-subject step --admin-password-file=/home/step/test \ - && docker exec stepca kill -1 1 \ - && docker exec stepca cat /home/step/certs/root_ca.crt | sudo bash -c "cat - >>/etc/ssl/certs/ca-certificates.crt" - - name: Clone acmetest - run: | - cd .. \ - && git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ - && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - cd ../acmetest \ - && sudo --preserve-env ./letest.sh - - diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml deleted file mode 100644 index c02e2f77..00000000 --- a/.github/workflows/Windows.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: Windows -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '.github/workflows/Windows.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '.github/workflows/Windows.yml' - - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - -jobs: - Windows: - strategy: - matrix: - include: - - TEST_ACME_Server: "LetsEncrypt.org_test" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - #- TEST_ACME_Server: "ZeroSSL.com" - # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - # CA: "ZeroSSL RSA Domain Secure Site CA" - # CA_EMAIL: "githubtest@acme.sh" - # TEST_PREFERRED_CHAIN: "" - runs-on: windows-latest - env: - TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_LOCAL: 1 - #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. - Le_HTTPPort: 8888 - TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} - steps: - - name: Set git to use LF - run: | - git config --global core.autocrlf false - - uses: actions/checkout@v3 - - name: Install cygwin base packages with chocolatey - run: | - choco config get cacheLocation - choco install --no-progress cygwin - shell: cmd - - name: Install cygwin additional packages - run: | - C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd - shell: cmd - - name: Set ENV - shell: cmd - run: | - echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV% - - name: Check ENV - shell: cmd - run: | - echo "PATH=%PATH%" - - name: Clone acmetest - shell: cmd - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - shell: cmd - run: cd ../acmetest && bash.exe -c ./letest.sh - - - diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml deleted file mode 100644 index 48c44429..00000000 --- a/.github/workflows/dockerhub.yml +++ /dev/null @@ -1,73 +0,0 @@ - -name: Build DockerHub -on: - push: - branches: - - '*' - tags: - - '*' - paths: - - '**.sh' - - "Dockerfile" - - '.github/workflows/dockerhub.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - -jobs: - CheckToken: - runs-on: ubuntu-latest - outputs: - hasToken: ${{ steps.step_one.outputs.hasToken }} - env: - DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }} - steps: - - name: Set the value - id: step_one - run: | - if [ "$DOCKER_PASSWORD" ] ; then - echo "hasToken=true" >>$GITHUB_OUTPUT - else - echo "hasToken=false" >>$GITHUB_OUTPUT - fi - - name: Check the value - run: echo ${{ steps.step_one.outputs.hasToken }} - - build: - runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'true')" - steps: - - name: checkout code - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: login to docker hub - run: | - echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - name: build and push the image - run: | - DOCKER_IMAGE=neilpang/acme.sh - - if [[ $GITHUB_REF == refs/tags/* ]]; then - DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/} - fi - - if [[ $GITHUB_REF == refs/heads/* ]]; then - DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/} - - if [[ $DOCKER_IMAGE_TAG == master ]]; then - DOCKER_IMAGE_TAG=latest - AUTO_UPGRADE=1 - fi - fi - - docker buildx build \ - --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \ - --output "type=image,push=true" \ - --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \ - --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x . diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml deleted file mode 100644 index e92b0411..00000000 --- a/.github/workflows/issue.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "Update issues" -on: - issues: - types: [opened] - -jobs: - comment: - runs-on: ubuntu-latest - steps: - - uses: actions/github-script@v6 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: "Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you." - - }) \ No newline at end of file diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml deleted file mode 100644 index 5faa9105..00000000 --- a/.github/workflows/pr_dns.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Check dns api - -on: - pull_request_target: - types: - - opened - branches: - - 'dev' - paths: - - 'dnsapi/*.sh' - - -jobs: - welcome: - runs-on: ubuntu-latest - steps: - - uses: actions/github-script@v6 - with: - script: | - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `**Welcome** - Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). - Then reply on this message, otherwise, your code will not be reviewed or merged. - We look forward to reviewing your Pull request shortly ✨ - ` - }) - diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml deleted file mode 100644 index 4844e297..00000000 --- a/.github/workflows/pr_notify.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Check dns api - -on: - pull_request_target: - types: - - opened - branches: - - 'dev' - paths: - - 'notify/*.sh' - - -jobs: - welcome: - runs-on: ubuntu-latest - steps: - - uses: actions/github-script@v6 - with: - script: | - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `**Welcome** - Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). - Then reply on this message, otherwise, your code will not be reviewed or merged. - We look forward to reviewing your Pull request shortly ✨ - ` - }) - diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml deleted file mode 100644 index a5a08bbf..00000000 --- a/.github/workflows/shellcheck.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Shellcheck -on: - push: - branches: - - '*' - paths: - - '**.sh' - - '.github/workflows/shellcheck.yml' - pull_request: - branches: - - dev - paths: - - '**.sh' - - '.github/workflows/shellcheck.yml' - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - - -jobs: - ShellCheck: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Install Shellcheck - run: sudo apt-get install -y shellcheck - - name: DoShellcheck - run: shellcheck -V && shellcheck -e SC2181 -e SC2089 **/*.sh && echo "shellcheck OK" - - shfmt: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Install shfmt - run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt - - name: shfmt - run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK" diff --git a/README.md b/README.md index 73ff3321..17234a4c 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,5 @@ # An ACME Shell script: acme.sh -[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml) -[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml) -[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml) -[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml) -[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) -[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) -[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml) -[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml) - - -![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) -![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) -![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) - - - -[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) -[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") -[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") - - - - An ACME protocol client written purely in Shell (Unix shell) language. - Full ACME protocol implementation. - Support ECDSA certs @@ -34,6 +12,7 @@ - Docker ready - IPv6 ready - Cron job notifications for renewal or error etc. +- A fork which doesn't target your Apache / Nginx configuration with intention to mess them completely up It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates. @@ -51,44 +30,19 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) - [ruby-china.org](https://ruby-china.org/topics/31983) - [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management) - [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89) +- [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt) - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty) - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709) - [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html) - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) +- [archlinux](https://www.archlinux.org/packages/community/any/acme.sh) - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) -- [CentOS Web Panel](https://control-webpanel.com) +- [CentOS Web Panel](http://centos-webpanel.com/) - [lnmp.org](https://lnmp.org/) - [more...](https://github.com/acmesh-official/acme.sh/wiki/Blogs-and-tutorials) # Tested OS -| NO | Status| Platform| -|----|-------|---------| -|1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX -|2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included) -|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD -|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris -|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu -|6|NA|pfsense -|7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD -|8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD -|9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD -|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian -|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS -|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE -|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) -|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux -|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora -|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux -|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux -|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia -|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux -|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux -|11|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|22|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|23|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) - - Check our [testing project](https://github.com/acmesh-official/acmetest): https://github.com/acmesh-official/acmetest @@ -99,7 +53,6 @@ https://github.com/acmesh-official/acmetest - Letsencrypt.org CA - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA) -- [Google.com Public CA](https://github.com/acmesh-official/acme.sh/wiki/Google-Public-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA @@ -108,8 +61,6 @@ https://github.com/acmesh-official/acmetest - Webroot mode - Standalone mode - Standalone tls-alpn mode -- Apache mode -- Nginx mode - DNS mode - [DNS alias mode](https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode) - [Stateless mode](https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode) @@ -119,16 +70,14 @@ https://github.com/acmesh-official/acmetest ### 1. Install online -Check this project: https://github.com/acmesh-official/get.acme.sh - ```bash -curl https://get.acme.sh | sh -s email=my@example.com +curl https://raw.githubusercontent.com/HQJaTu/acme.sh/main/acme.sh | sh -s email=my@example.com ``` Or: ```bash -wget -O - https://get.acme.sh | sh -s email=my@example.com +wget -O - https://raw.githubusercontent.com/HQJaTu/acme.sh/main/acme.sh | sh -s email=my@example.com ``` @@ -137,7 +86,7 @@ wget -O - https://get.acme.sh | sh -s email=my@example.com Clone this project and launch installation: ```bash -git clone https://github.com/acmesh-official/acme.sh.git +git clone https://github.com/HQJaTu/acme.sh.git cd ./acme.sh ./acme.sh --install -m my@example.com ``` @@ -210,37 +159,9 @@ More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-ce # 3. Install the cert to Apache/Nginx etc. +Not with this tool! -After the cert is generated, you probably want to install/copy the cert to your Apache/Nginx or other servers. -You **MUST** use this command to copy the certs to the target files, **DO NOT** use the certs files in **~/.acme.sh/** folder, they are for internal use only, the folder structure may change in the future. - -**Apache** example: -```bash -acme.sh --install-cert -d example.com \ ---cert-file /path/to/certfile/in/apache/cert.pem \ ---key-file /path/to/keyfile/in/apache/key.pem \ ---fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \ ---reloadcmd "service apache2 force-reload" -``` - -**Nginx** example: -```bash -acme.sh --install-cert -d example.com \ ---key-file /path/to/keyfile/in/nginx/key.pem \ ---fullchain-file /path/to/fullchain/nginx/cert.pem \ ---reloadcmd "service nginx force-reload" -``` - -Only the domain is required, all the other parameters are optional. - -The ownership and permission info of existing files are preserved. You can pre-create the files to define the ownership and permission. - -Install/copy the cert/key to the production Apache or Nginx path. - -The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`. - - -**Please take care: The reloadcmd is very important. The cert can be automatically renewed, but, without a correct 'reloadcmd' the cert may not be flushed to your server(like nginx or apache), then your website will not be able to show renewed cert in 60 days.** +If you want a poorly written crappy tool to overwrite your precious configuration, use something else! # 4. Use Standalone server to issue cert @@ -267,50 +188,6 @@ acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert -# 6. Use Apache mode - -**(requires you to be root/sudoer, since it is required to interact with Apache server)** - -If you are running a web server, it is recommended to use the `Webroot mode`. - -Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder. - -Just set string "apache" as the second argument and it will force use of apache plugin automatically. - -```sh -acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com -``` - -**This apache mode is only to issue the cert, it will not change your apache config files. -You will need to configure your website config files to use the cert by yourself. -We don't want to mess with your apache server, don't worry.** - -More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert - -# 7. Use Nginx mode - -**(requires you to be root/sudoer, since it is required to interact with Nginx server)** - -If you are running a web server, it is recommended to use the `Webroot mode`. - -Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder. - -Just set string "nginx" as the second argument. - -It will configure nginx server automatically to verify the domain and then restore the nginx config to the original version. - -So, the config is not changed. - -```sh -acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com -``` - -**This nginx mode is only to issue the cert, it will not change your nginx config files. -You will need to configure your website config files to use the cert by yourself. -We don't want to mess with your nginx server, don't worry.** - -More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert - # 8. Automatic DNS API integration If your DNS provider supports API access, we can use that API to automatically issue the certs. @@ -321,6 +198,86 @@ You don't have to do anything manually! https://github.com/acmesh-official/acme.sh/wiki/dnsapi +1. CloudFlare.com API +1. DNSPod.cn API +1. CloudXNS.com API +1. GoDaddy.com API +1. PowerDNS.com API +1. OVH, kimsufi, soyoustart and runabove API +1. nsupdate API +1. LuaDNS.com API +1. DNSMadeEasy.com API +1. AWS Route 53 +1. aliyun.com(阿里云) API +1. ISPConfig 3.1 API +1. Alwaysdata.com API +1. Linode.com API +1. FreeDNS (https://freedns.afraid.org/) +1. cyon.ch +1. Domain-Offensive/Resellerinterface/Domainrobot API +1. Gandi LiveDNS API +1. Knot DNS API +1. DigitalOcean API (native) +1. ClouDNS.net API +1. Infoblox NIOS API (https://www.infoblox.com/) +1. VSCALE (https://vscale.io/) +1. Dynu API (https://www.dynu.com) +1. DNSimple API +1. NS1.com API +1. DuckDNS.org API +1. Name.com API +1. Dyn Managed DNS API +1. Yandex PDD API (https://pdd.yandex.ru) +1. Hurricane Electric DNS service (https://dns.he.net) +1. UnoEuro API (https://www.unoeuro.com/) +1. INWX (https://www.inwx.de/) +1. Servercow (https://servercow.de) +1. Namesilo (https://www.namesilo.com) +1. InternetX autoDNS API (https://internetx.com) +1. Azure DNS +1. selectel.com(selectel.ru) DNS API +1. zonomi.com DNS API +1. DreamHost.com API +1. DirectAdmin API +1. KingHost (https://www.kinghost.com.br/) +1. Zilore (https://zilore.com) +1. Loopia.se API +1. acme-dns (https://github.com/joohoi/acme-dns) +1. TELE3 (https://www.tele3.cz) +1. EUSERV.EU (https://www.euserv.eu) +1. DNSPod.com API (https://www.dnspod.com) +1. Google Cloud DNS API +1. ConoHa (https://www.conoha.jp) +1. netcup DNS API (https://www.netcup.de) +1. GratisDNS.dk (https://gratisdns.dk) +1. Namecheap API (https://www.namecheap.com/) +1. MyDNS.JP API (https://www.mydns.jp/) +1. hosting.de (https://www.hosting.de) +1. Neodigit.net API (https://www.neodigit.net) +1. Exoscale.com API (https://www.exoscale.com/) +1. PointDNS API (https://pointhq.com/) +1. Active24.cz API (https://www.active24.cz/) +1. do.de API (https://www.do.de/) +1. NederHost API (https://www.nederhost.nl/) +1. Nexcess API (https://www.nexcess.net) +1. Thermo.io API (https://www.thermo.io) +1. Futurehosting API (https://www.futurehosting.com) +1. Rackspace Cloud DNS (https://www.rackspace.com) +1. Online.net API (https://online.net/) +1. MyDevil.net (https://www.mydevil.net/) + +And: + +**lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api + (DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)** + + +**More APIs coming soon...** + +If your DNS provider is not on the supported list above, you can write your own DNS API script easily. If you do, please consider submitting a [Pull Request](https://github.com/Neilpang/acme.sh/pulls) and contribute it to the project. + +For more details: [How to use DNS API](dnsapi) + # 9. Use DNS manual mode: See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first. @@ -359,6 +316,10 @@ Ok, it's done. # 10. Issue ECC certificates +`Let's Encrypt` can now issue **ECDSA** certificates. + +And we support them too! + Just set the `keylength` parameter with a prefix `ec-`. For example: @@ -379,12 +340,10 @@ Please look at the `keylength` parameter above. Valid values are: -1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)** +1. **ec-256 (prime256v1, "ECDSA P-256")** 2. **ec-384 (secp384r1, "ECDSA P-384")** 3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)** -4. **2048 (RSA2048)** -5. **3072 (RSA3072)** -6. **4096 (RSA4096)** + # 11. Issue Wildcard certificates @@ -437,20 +396,6 @@ You can update acme.sh to the latest code: acme.sh --upgrade ``` -You can also enable auto upgrade: - -```sh -acme.sh --upgrade --auto-upgrade -``` - -Then **acme.sh** will be kept up to date automatically. - -Disable auto upgrade: - -```sh -acme.sh --upgrade --auto-upgrade 0 -``` - # 15. Issue a cert from an existing CSR @@ -461,6 +406,9 @@ https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR https://github.com/acmesh-official/acme.sh/wiki/notify +# 16. Send notifications in cronjob + +https://github.com/Neilpang/acme.sh/wiki/notify # 17. Under the Hood @@ -474,55 +422,8 @@ TODO: 1. Acme-tiny: https://github.com/diafygi/acme-tiny 2. ACME protocol: https://github.com/ietf-wg-acme/acme - -## Contributors - -### Code Contributors - -This project exists thanks to all the people who contribute. - - -### Financial Contributors - -Become a financial contributor and help us sustain our community. [[Contribute](https://opencollective.com/acmesh/contribute)] - -#### Individuals - - - -#### Organizations - -Support this project with your organization. Your logo will show up here with a link to your website. [[Contribute](https://opencollective.com/acmesh/contribute)] - - - - - - - - - - - - - -#### Sponsors - -[![quantumca-acmesh-logo](https://user-images.githubusercontent.com/8305679/183255712-634ee1db-bb61-4c03-bca0-bacce99e078c.svg)](https://www.quantumca.com.cn/?__utm_source=acmesh-donation) - - # 19. License & Others License is GPLv3 Please Star and Fork me. - -[Issues](https://github.com/acmesh-official/acme.sh/issues) and [pull requests](https://github.com/acmesh-official/acme.sh/pulls) are welcome. - - -# 20. Donate -Your donation makes **acme.sh** better: - -1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/) - -[Donate List](https://github.com/acmesh-official/acme.sh/wiki/Donate-list) diff --git a/acme.sh b/acme.sh index 75efde4c..fd02a5ae 100755 --- a/acme.sh +++ b/acme.sh @@ -79,10 +79,6 @@ MODE_STATELESS="stateless" STATE_VERIFIED="verified_ok" -NGINX="nginx:" -NGINX_START="#ACME_NGINX_START" -NGINX_END="#ACME_NGINX_END" - BEGIN_CSR="-----BEGIN [NEW ]\{0,4\}CERTIFICATE REQUEST-----" END_CSR="-----END [NEW ]\{0,4\}CERTIFICATE REQUEST-----" @@ -231,20 +227,6 @@ _dlg_versions() { echo "$ACME_OPENSSL_BIN doesn't exist." fi - echo "apache:" - if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then - $_APACHECTL -V 2>&1 - else - echo "apache doesn't exist." - fi - - echo "nginx:" - if _exists "nginx"; then - nginx -V 2>&1 - else - echo "nginx doesn't exist." - fi - echo "socat:" if _exists "socat"; then socat -V 2>&1 @@ -2864,10 +2846,6 @@ _initpath() { ACME_DIR="/home/.acme" fi - if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then - APACHE_CONF_BACKUP_DIR="$LE_CONFIG_HOME" - fi - if [ -z "$USER_AGENT" ]; then USER_AGENT="$DEFAULT_USER_AGENT" fi @@ -2956,405 +2934,9 @@ _initpath() { } -_apachePath() { - _APACHECTL="apachectl" - if ! _exists apachectl; then - if _exists apache2ctl; then - _APACHECTL="apache2ctl" - else - _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'" - _err "Please use webroot mode to try again." - return 1 - fi - fi - - if ! $_APACHECTL -V >/dev/null; then - return 1 - fi - - if [ "$APACHE_HTTPD_CONF" ]; then - _saveaccountconf APACHE_HTTPD_CONF "$APACHE_HTTPD_CONF" - httpdconf="$APACHE_HTTPD_CONF" - httpdconfname="$(basename "$httpdconfname")" - else - httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"')" - _debug httpdconfname "$httpdconfname" - - if [ -z "$httpdconfname" ]; then - _err "Can not read apache config file." - return 1 - fi - - if _startswith "$httpdconfname" '/'; then - httpdconf="$httpdconfname" - httpdconfname="$(basename "$httpdconfname")" - else - httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"')" - _debug httpdroot "$httpdroot" - httpdconf="$httpdroot/$httpdconfname" - httpdconfname="$(basename "$httpdconfname")" - fi - fi - _debug httpdconf "$httpdconf" - _debug httpdconfname "$httpdconfname" - if [ ! -f "$httpdconf" ]; then - _err "Apache Config file not found" "$httpdconf" - return 1 - fi - return 0 -} - -_restoreApache() { - if [ -z "$usingApache" ]; then - return 0 - fi - _initpath - if ! _apachePath; then - return 1 - fi - - if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ]; then - _debug "No config file to restore." - return 0 - fi - - cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf" - _debug "Restored: $httpdconf." - if ! $_APACHECTL -t; then - _err "Sorry, restore apache config error, please contact me." - return 1 - fi - _debug "Restored successfully." - rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" - return 0 -} - -_setApache() { - _initpath - if ! _apachePath; then - return 1 - fi - - #test the conf first - _info "Checking if there is an error in the apache config file before starting." - - if ! $_APACHECTL -t >/dev/null; then - _err "The apache config file has error, please fix it first, then try again." - _err "Don't worry, there is nothing changed to your system." - return 1 - else - _info "OK" - fi - - #backup the conf - _debug "Backup apache config file" "$httpdconf" - if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then - _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." - _err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT" - return 1 - fi - _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" - _info "In case there is an error that can not be restored automatically, you may try restore it yourself." - _info "The backup file will be deleted on success, just forget it." - - #add alias - - apacheVer="$($_APACHECTL -V | grep "Server version:" | cut -d : -f 2 | cut -d " " -f 2 | cut -d '/' -f 2)" - _debug "apacheVer" "$apacheVer" - apacheMajor="$(echo "$apacheVer" | cut -d . -f 1)" - apacheMinor="$(echo "$apacheVer" | cut -d . -f 2)" - - if [ "$apacheVer" ] && [ "$apacheMajor$apacheMinor" -ge "24" ]; then - echo " -Alias /.well-known/acme-challenge $ACME_DIR - - -Require all granted - - " >>"$httpdconf" - else - echo " -Alias /.well-known/acme-challenge $ACME_DIR - - -Order allow,deny -Allow from all - - " >>"$httpdconf" - fi - - _msg="$($_APACHECTL -t 2>&1)" - if [ "$?" != "0" ]; then - _err "Sorry, apache config error" - if _restoreApache; then - _err "The apache config file is restored." - else - _err "Sorry, the apache config file can not be restored, please report bug." - fi - return 1 - fi - - if [ ! -d "$ACME_DIR" ]; then - mkdir -p "$ACME_DIR" - chmod 755 "$ACME_DIR" - fi - - if ! $_APACHECTL graceful; then - _err "$_APACHECTL graceful error, please contact me." - _restoreApache - return 1 - fi - usingApache="1" - return 0 -} - -#find the real nginx conf file -#backup -#set the nginx conf -#returns the real nginx conf file -_setNginx() { - _d="$1" - _croot="$2" - _thumbpt="$3" - - FOUND_REAL_NGINX_CONF="" - FOUND_REAL_NGINX_CONF_LN="" - BACKUP_NGINX_CONF="" - _debug _croot "$_croot" - _start_f="$(echo "$_croot" | cut -d : -f 2)" - _debug _start_f "$_start_f" - if [ -z "$_start_f" ]; then - _debug "find start conf from nginx command" - if [ -z "$NGINX_CONF" ]; then - if ! _exists "nginx"; then - _err "nginx command is not found." - return 1 - fi - NGINX_CONF="$(nginx -V 2>&1 | _egrep_o "--conf-path=[^ ]* " | tr -d " ")" - _debug NGINX_CONF "$NGINX_CONF" - NGINX_CONF="$(echo "$NGINX_CONF" | cut -d = -f 2)" - _debug NGINX_CONF "$NGINX_CONF" - if [ -z "$NGINX_CONF" ]; then - _err "Can not find nginx conf." - NGINX_CONF="" - return 1 - fi - if [ ! -f "$NGINX_CONF" ]; then - _err "'$NGINX_CONF' doesn't exist." - NGINX_CONF="" - return 1 - fi - _debug "Found nginx conf file:$NGINX_CONF" - fi - _start_f="$NGINX_CONF" - fi - _debug "Start detect nginx conf for $_d from:$_start_f" - if ! _checkConf "$_d" "$_start_f"; then - _err "Can not find conf file for domain $d" - return 1 - fi - _info "Found conf file: $FOUND_REAL_NGINX_CONF" - - _ln=$FOUND_REAL_NGINX_CONF_LN - _debug "_ln" "$_ln" - - _lnn=$(_math $_ln + 1) - _debug _lnn "$_lnn" - _start_tag="$(sed -n "$_lnn,${_lnn}p" "$FOUND_REAL_NGINX_CONF")" - _debug "_start_tag" "$_start_tag" - if [ "$_start_tag" = "$NGINX_START" ]; then - _info "The domain $_d is already configured, skip" - FOUND_REAL_NGINX_CONF="" - return 0 - fi - - mkdir -p "$DOMAIN_BACKUP_PATH" - _backup_conf="$DOMAIN_BACKUP_PATH/$_d.nginx.conf" - _debug _backup_conf "$_backup_conf" - BACKUP_NGINX_CONF="$_backup_conf" - _info "Backup $FOUND_REAL_NGINX_CONF to $_backup_conf" - if ! cp "$FOUND_REAL_NGINX_CONF" "$_backup_conf"; then - _err "backup error." - FOUND_REAL_NGINX_CONF="" - return 1 - fi - - if ! _exists "nginx"; then - _err "nginx command is not found." - return 1 - fi - _info "Check the nginx conf before setting up." - if ! nginx -t >/dev/null; then - return 1 - fi - - _info "OK, Set up nginx config file" - - if ! sed -n "1,${_ln}p" "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"; then - cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - _err "write nginx conf error, but don't worry, the file is restored to the original version." - return 1 - fi - - echo "$NGINX_START -location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" { - default_type text/plain; - return 200 \"\$1.$_thumbpt\"; -} -#NGINX_START -" >>"$FOUND_REAL_NGINX_CONF" - - if ! sed -n "${_lnn},99999p" "$_backup_conf" >>"$FOUND_REAL_NGINX_CONF"; then - cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - _err "write nginx conf error, but don't worry, the file is restored." - return 1 - fi - _debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)" - _info "nginx conf is done, let's check it again." - if ! nginx -t >/dev/null; then - _err "It seems that nginx conf was broken, let's restore." - cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - return 1 - fi - - _info "Reload nginx" - if ! nginx -s reload >/dev/null; then - _err "It seems that nginx reload error, let's restore." - cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - return 1 - fi - - return 0 -} - -#d , conf -_checkConf() { - _d="$1" - _c_file="$2" - _debug "Start _checkConf from:$_c_file" - if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then - _debug "wildcard" - for _w_f in $2; do - if [ -f "$_w_f" ] && _checkConf "$1" "$_w_f"; then - return 0 - fi - done - #not found - return 1 - elif [ -f "$2" ]; then - _debug "single" - if _isRealNginxConf "$1" "$2"; then - _debug "$2 is found." - FOUND_REAL_NGINX_CONF="$2" - return 0 - fi - if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then - _debug "Try include files" - for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do - _debug "check included $included" - if ! _startswith "$included" "/" && _exists dirname; then - _relpath="$(dirname "$2")" - _debug "_relpath" "$_relpath" - included="$_relpath/$included" - fi - if _checkConf "$1" "$included"; then - return 0 - fi - done - fi - return 1 - else - _debug "$2 not found." - return 1 - fi - return 1 -} - -#d , conf -_isRealNginxConf() { - _debug "_isRealNginxConf $1 $2" - if [ -f "$2" ]; then - for _fln in $(tr "\t" ' ' <"$2" | grep -n "^ *server_name.* $1" | cut -d : -f 1); do - _debug _fln "$_fln" - if [ "$_fln" ]; then - _start=$(tr "\t" ' ' <"$2" | _head_n "$_fln" | grep -n "^ *server *" | grep -v server_name | _tail_n 1) - _debug "_start" "$_start" - _start_n=$(echo "$_start" | cut -d : -f 1) - _start_nn=$(_math $_start_n + 1) - _debug "_start_n" "$_start_n" - _debug "_start_nn" "$_start_nn" - - _left="$(sed -n "${_start_nn},99999p" "$2")" - _debug2 _left "$_left" - _end="$(echo "$_left" | tr "\t" ' ' | grep -n "^ *server *" | grep -v server_name | _head_n 1)" - _debug "_end" "$_end" - if [ "$_end" ]; then - _end_n=$(echo "$_end" | cut -d : -f 1) - _debug "_end_n" "$_end_n" - _seg_n=$(echo "$_left" | sed -n "1,${_end_n}p") - else - _seg_n="$_left" - fi - - _debug "_seg_n" "$_seg_n" - - _skip_ssl=1 - for _listen_i in $(echo "$_seg_n" | tr "\t" ' ' | grep "^ *listen" | tr -d " "); do - if [ "$_listen_i" ]; then - if [ "$(echo "$_listen_i" | _egrep_o "listen.*ssl")" ]; then - _debug2 "$_listen_i is ssl" - else - _debug2 "$_listen_i is plain text" - _skip_ssl="" - break - fi - fi - done - - if [ "$_skip_ssl" = "1" ]; then - _debug "ssl on, skip" - else - FOUND_REAL_NGINX_CONF_LN=$_fln - _debug3 "found FOUND_REAL_NGINX_CONF_LN" "$FOUND_REAL_NGINX_CONF_LN" - return 0 - fi - fi - done - fi - return 1 -} - -#restore all the nginx conf -_restoreNginx() { - if [ -z "$NGINX_RESTORE_VLIST" ]; then - _debug "No need to restore nginx, skip." - return - fi - _debug "_restoreNginx" - _debug "NGINX_RESTORE_VLIST" "$NGINX_RESTORE_VLIST" - - for ng_entry in $(echo "$NGINX_RESTORE_VLIST" | tr "$dvsep" ' '); do - _debug "ng_entry" "$ng_entry" - _nd=$(echo "$ng_entry" | cut -d "$sep" -f 1) - _ngconf=$(echo "$ng_entry" | cut -d "$sep" -f 2) - _ngbackupconf=$(echo "$ng_entry" | cut -d "$sep" -f 3) - _info "Restoring from $_ngbackupconf to $_ngconf" - cat "$_ngbackupconf" >"$_ngconf" - done - - _info "Reload nginx" - if ! nginx -s reload >/dev/null; then - _err "It seems that nginx reload error, please report bug." - return 1 - fi - return 0 -} - _clearup() { _stopserver "$serverproc" serverproc="" - _restoreApache - _restoreNginx _clearupdns if [ -z "$DEBUG" ]; then rm -f "$TLS_CONF" @@ -3540,15 +3122,6 @@ _on_before_issue() { fi done - if _hasfield "$_chk_web_roots" "apache"; then - if ! _setApache; then - _err "set up apache error. Report error to me." - return 1 - fi - else - usingApache="" - fi - } _on_issue_err() { @@ -4338,7 +3911,7 @@ issue() { return 1 fi if [ -z "$1" ]; then - _usage "Please specify at least one validation method: '--webroot', '--standalone', '--apache', '--nginx' or '--dns' etc." + _usage "Please specify at least one validation method: '--webroot', '--standalone' or '--dns' etc." return 1 fi _web_roots="$1" @@ -4862,7 +4435,6 @@ $_authorizations_map" fi fi - NGINX_RESTORE_VLIST="" _debug "ok, let's start to verify" _ncIndex=1 @@ -4905,54 +4477,6 @@ $_authorizations_map" elif [ "$_currentRoot" = "$MODE_STATELESS" ]; then _info "Stateless mode for domain:$d" _sleep 1 - elif _startswith "$_currentRoot" "$NGINX"; then - _info "Nginx mode for domain:$d" - #set up nginx server - FOUND_REAL_NGINX_CONF="" - BACKUP_NGINX_CONF="" - if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then - _clearup - _on_issue_err "$_post_hook" "$vlist" - return 1 - fi - - if [ "$FOUND_REAL_NGINX_CONF" ]; then - _realConf="$FOUND_REAL_NGINX_CONF" - _backup="$BACKUP_NGINX_CONF" - _debug _realConf "$_realConf" - NGINX_RESTORE_VLIST="$d$sep$_realConf$sep$_backup$dvsep$NGINX_RESTORE_VLIST" - fi - _sleep 1 - else - if [ "$_currentRoot" = "apache" ]; then - wellknown_path="$ACME_DIR" - else - wellknown_path="$_currentRoot/.well-known/acme-challenge" - if [ ! -d "$_currentRoot/.well-known" ]; then - removelevel='1' - elif [ ! -d "$_currentRoot/.well-known/acme-challenge" ]; then - removelevel='2' - else - removelevel='3' - fi - fi - - _debug wellknown_path "$wellknown_path" - - _debug "writing token:$token to $wellknown_path/$token" - - mkdir -p "$wellknown_path" - - if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then - _err "$d:Can not write token to file : $wellknown_path/$token" - _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - _clearup - _on_issue_err "$_post_hook" "$vlist" - return 1 - fi - if ! chmod a+r "$wellknown_path/$token"; then - _debug "chmod failed, but we just continue." - fi fi elif [ "$vtype" = "$VTYPE_ALPN" ]; then acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")" @@ -6852,7 +6376,6 @@ Commands: --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --issue Issue a cert. --deploy Deploy the cert to your server. - -i, --install-cert Install the issued cert to apache/nginx or any other server. -r, --renew Renew a cert. --renew-all Renew all the certs. --revoke Revoke a cert. @@ -6908,7 +6431,6 @@ Parameters: --stateless Use stateless mode. See: $_STATELESS_WIKI - --apache Use apache mode. --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted. See: $_DNS_API_WIKI @@ -6923,14 +6445,6 @@ Parameters: --eab-hmac-key HMAC key for External Account Binding. - These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: - - --cert-file Path to copy the cert file to after issue/renew.. - --key-file Path to copy the key file to after issue/renew. - --ca-file Path to copy the intermediate cert file to after issue/renew. - --fullchain-file Path to copy the fullchain cert file to after issue/renew. - --reloadcmd Command to execute after issue/renew to reload the server. - --server ACME Directory Resource URI. (default: $DEFAULT_CA) See: $_SERVER_WIKI @@ -7464,26 +6978,6 @@ _process() { _local_address="$_local_address$lvalue," shift ;; - --apache) - wvalue="apache" - if [ -z "$_webroot" ]; then - _webroot="$wvalue" - else - _webroot="$_webroot,$wvalue" - fi - ;; - --nginx) - wvalue="$NGINX" - if [ "$2" ] && ! _startswith "$2" "-"; then - wvalue="$NGINX$2" - shift - fi - if [ -z "$_webroot" ]; then - _webroot="$wvalue" - else - _webroot="$_webroot,$wvalue" - fi - ;; --dns) wvalue="$W_DNS" if [ "$2" ] && ! _startswith "$2" "-"; then