Browse Source

Merge pull request #3552 from acmesh-official/dev

sync
pull/3568/head
neil 4 years ago
committed by GitHub
parent
commit
4967fa020f
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 103
      .github/workflows/LetsEncrypt.yml
  2. 16
      acme.sh
  3. 4
      dnsapi/dns_1984hosting.sh
  4. 6
      dnsapi/dns_vultr.sh

103
.github/workflows/LetsEncrypt.yml

@ -16,34 +16,89 @@ on:
jobs: jobs:
Ubuntu: Ubuntu:
strategy:
matrix:
include:
- TEST_ACME_Server: ""
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
CA: "ZeroSSL RSA Domain Secure Site CA"
CA_EMAIL: "githubtest@acme.sh"
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
TEST_LOCAL: 1 TEST_LOCAL: 1
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Install tools - name: Install tools
run: sudo apt-get install -y socat run: sudo apt-get install -y socat
- name: Clone acmetest - name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
run: |
cd .. \
&& git clone https://github.com/acmesh-official/acmetest.git \
&& cp -r acme.sh acmetest/
- name: Run acmetest - name: Run acmetest
run: cd ../acmetest && sudo --preserve-env ./letest.sh
run: |
cd ../acmetest \
&& sudo --preserve-env ./letest.sh
MacOS: MacOS:
strategy:
matrix:
include:
- TEST_ACME_Server: ""
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
CA: "ZeroSSL RSA Domain Secure Site CA"
CA_EMAIL: "githubtest@acme.sh"
runs-on: macos-latest runs-on: macos-latest
env: env:
TEST_LOCAL: 1 TEST_LOCAL: 1
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- name: Install tools - name: Install tools
run: brew install socat run: brew install socat
- name: Clone acmetest - name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
run: |
cd .. \
&& git clone https://github.com/acmesh-official/acmetest.git \
&& cp -r acme.sh acmetest/
- name: Run acmetest - name: Run acmetest
run: cd ../acmetest && sudo --preserve-env ./letest.sh
run: |
cd ../acmetest \
&& sudo --preserve-env ./letest.sh
Windows: Windows:
strategy:
matrix:
include:
- TEST_ACME_Server: ""
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
CA: "ZeroSSL RSA Domain Secure Site CA"
CA_EMAIL: "githubtest@acme.sh"
runs-on: windows-latest runs-on: windows-latest
env: env:
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_LOCAL: 1 TEST_LOCAL: 1
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
Le_HTTPPort: 8888 Le_HTTPPort: 8888
@ -77,9 +132,24 @@ jobs:
run: cd ../acmetest && bash.exe -c ./letest.sh run: cd ../acmetest && bash.exe -c ./letest.sh
FreeBSD: FreeBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: ""
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
CA: "ZeroSSL RSA Domain Secure Site CA"
CA_EMAIL: "githubtest@acme.sh"
runs-on: macos-latest runs-on: macos-latest
env: env:
TEST_LOCAL: 1 TEST_LOCAL: 1
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: vmactions/cf-tunnel@v0.0.2 - uses: vmactions/cf-tunnel@v0.0.2
@ -93,18 +163,34 @@ jobs:
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/freebsd-vm@v0.1.4 - uses: vmactions/freebsd-vm@v0.1.4
with: with:
envs: 'TEST_LOCAL TestingDomain'
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
nat: | nat: |
"8080": "80" "8080": "80"
prepare: pkg install -y socat curl prepare: pkg install -y socat curl
usesh: true usesh: true
run: | run: |
cd ../acmetest && ./letest.sh
cd ../acmetest \
&& ./letest.sh
Solaris: Solaris:
strategy:
matrix:
include:
- TEST_ACME_Server: ""
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
CA: "ZeroSSL RSA Domain Secure Site CA"
CA_EMAIL: "githubtest@acme.sh"
runs-on: macos-latest runs-on: macos-latest
env: env:
TEST_LOCAL: 1 TEST_LOCAL: 1
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: vmactions/cf-tunnel@v0.0.2 - uses: vmactions/cf-tunnel@v0.0.2
@ -118,10 +204,11 @@ jobs:
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/solaris-vm@v0.0.3 - uses: vmactions/solaris-vm@v0.0.3
with: with:
envs: 'TEST_LOCAL TestingDomain'
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
nat: | nat: |
"8080": "80" "8080": "80"
prepare: pkgutil -y -i socat curl prepare: pkgutil -y -i socat curl
run: | run: |
cd ../acmetest && ./letest.sh
cd ../acmetest \
&& ./letest.sh

16
acme.sh

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.9.0
VER=3.0.0
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -29,7 +29,7 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90" CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email" _ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
DEFAULT_CA=$CA_LETSENCRYPT_V2
DEFAULT_CA=$CA_ZEROSSL
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
CA_NAMES=" CA_NAMES="
@ -3056,7 +3056,7 @@ _checkConf() {
_debug "Try include files" _debug "Try include files"
for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
_debug "check included $included" _debug "check included $included"
if !_startswith "$included" "/" && _exists dirname; then
if ! _startswith "$included" "/" && _exists dirname; then
_relpath="$(dirname "$_c_file")" _relpath="$(dirname "$_c_file")"
_debug "_relpath" "$_relpath" _debug "_relpath" "$_relpath"
included="$_relpath/included" included="$_relpath/included"
@ -3526,8 +3526,10 @@ _regAccount() {
if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
_info "No EAB credentials found for ZeroSSL, let's get one" _info "No EAB credentials found for ZeroSSL, let's get one"
if [ -z "$_email" ]; then if [ -z "$_email" ]; then
_err "Please provide a email address for ZeroSSL account."
_err "See ZeroSSL usage: $_ZEROSSL_WIKI"
_info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")"
_info "$(__green "Please update your account with an email address first.")"
_info "$(__green "$PROJECT_ENTRY --register-account -m my@example.com")"
_info "See: $(__green "$_ZEROSSL_WIKI")"
return 1 return 1
fi fi
_eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT) _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
@ -3538,11 +3540,13 @@ _regAccount() {
fi fi
_debug2 "$_eabresp" _debug2 "$_eabresp"
_eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
_secure_debug2 _eab_id "$_eab_id"
if [ -z "$_eab_id" ]; then if [ -z "$_eab_id" ]; then
_err "Can not resolve _eab_id" _err "Can not resolve _eab_id"
return 1 return 1
fi fi
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
_secure_debug2 _eab_hmac_key "$_eab_hmac_key"
if [ -z "$_eab_hmac_key" ]; then if [ -z "$_eab_hmac_key" ]; then
_err "Can not resolve _eab_hmac_key" _err "Can not resolve _eab_hmac_key"
return 1 return 1
@ -3564,7 +3568,7 @@ _regAccount() {
eab_sign_t="$eab_protected64.$eab_payload64" eab_sign_t="$eab_protected64.$eab_payload64"
_debug3 eab_sign_t "$eab_sign_t" _debug3 eab_sign_t "$eab_sign_t"
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')"
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')"
_debug3 key_hex "$key_hex" _debug3 key_hex "$key_hex"
eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace) eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)

4
dnsapi/dns_1984hosting.sh

@ -59,7 +59,7 @@ dns_1984hosting_add() {
if _contains "$response" '"haserrors": true'; then if _contains "$response" '"haserrors": true'; then
_err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post" _err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
return 1 return 1
elif _contains "$response" "<html>"; then
elif _contains "$response" "html>"; then
_err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file" _err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
return 1 return 1
elif _contains "$response" '"auth": false'; then elif _contains "$response" '"auth": false'; then
@ -204,7 +204,7 @@ _get_root() {
fi fi
_authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
if _contains "$_response" "serial" && ! _contains "$_response" 'null}'; then
if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain="$h" _domain="$h"
return 0 return 0

6
dnsapi/dns_vultr.sh

@ -33,7 +33,7 @@ dns_vultr_add() {
_debug 'Getting txt records' _debug 'Getting txt records'
_vultr_rest GET "dns/records?domain=$_domain" _vultr_rest GET "dns/records?domain=$_domain"
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
_err 'Error' _err 'Error'
return 1 return 1
fi fi
@ -73,12 +73,12 @@ dns_vultr_rm() {
_debug 'Getting txt records' _debug 'Getting txt records'
_vultr_rest GET "dns/records?domain=$_domain" _vultr_rest GET "dns/records?domain=$_domain"
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
_err 'Error' _err 'Error'
return 1 return 1
fi fi
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
_debug _record_id "$_record_id" _debug _record_id "$_record_id"
if [ "$_record_id" ]; then if [ "$_record_id" ]; then
_info "Successfully retrieved the record id for ACME challenge." _info "Successfully retrieved the record id for ACME challenge."

Loading…
Cancel
Save