@ -1077,11 +1077,11 @@ _isEccKey() {
return 1
return 1
fi
fi
[ " $_length " != "1024" ] \
&& [ " $_length " != "2048" ] \
&& [ " $_length " != "3072" ] \
&& [ " $_length " != "4096" ] \
&& [ " $_length " != "8192" ]
[ " $_length " != "1024" ] &&
[ " $_length " != "2048" ] &&
[ " $_length " != "3072" ] &&
[ " $_length " != "4096" ] &&
[ " $_length " != "8192" ]
}
}
# _createkey 2048|ec-256 file
# _createkey 2048|ec-256 file
@ -1473,7 +1473,7 @@ createDomainKey() {
_initpath " $domain " " $_cdl "
_initpath " $domain " " $_cdl "
if [ ! -f " $CERT_KEY_PATH " ] || [ ! -s " $CERT_KEY_PATH " ] || ( [ " $FORCE " ] && ! [ " $IS_RENEW " ] ) || [ " $Le_ForceNewDomainKey " = "1" ] ; then
if [ ! -f " $CERT_KEY_PATH " ] || [ ! -s " $CERT_KEY_PATH " ] || ( [ " $FORCE " ] && ! [ " $_ACME_ IS_RENEW " ] ) || [ " $Le_ForceNewDomainKey " = "1" ] ; then
if _createkey " $_cdl " " $CERT_KEY_PATH " ; then
if _createkey " $_cdl " " $CERT_KEY_PATH " ; then
_savedomainconf Le_Keylength " $_cdl "
_savedomainconf Le_Keylength " $_cdl "
_info " The domain key is here: $( __green $CERT_KEY_PATH ) "
_info " The domain key is here: $( __green $CERT_KEY_PATH ) "
@ -1483,7 +1483,7 @@ createDomainKey() {
return 1
return 1
fi
fi
else
else
if [ " $IS_RENEW " ] ; then
if [ " $_ACME_ IS_RENEW " ] ; then
_info "Domain key exists, skip"
_info "Domain key exists, skip"
return 0
return 0
else
else
@ -1509,7 +1509,7 @@ createCSR() {
_initpath " $domain " " $_isEcc "
_initpath " $domain " " $_isEcc "
if [ -f " $CSR_PATH " ] && [ " $IS_RENEW " ] && [ -z " $FORCE " ] ; then
if [ -f " $CSR_PATH " ] && [ " $_ACME_ IS_RENEW " ] && [ -z " $FORCE " ] ; then
_info "CSR exists, skip"
_info "CSR exists, skip"
return
return
fi
fi
@ -2585,7 +2585,7 @@ _initpath() {
. " $ACCOUNT_CONF_PATH "
. " $ACCOUNT_CONF_PATH "
fi
fi
if [ " $ACME_IN_CRON " ] ; then
if [ " $_ ACME_IN_CRON " ] ; then
if [ ! " $_USER_PATH_EXPORTED " ] ; then
if [ ! " $_USER_PATH_EXPORTED " ] ; then
_USER_PATH_EXPORTED = 1
_USER_PATH_EXPORTED = 1
export PATH = " $USER_PATH : $PATH "
export PATH = " $USER_PATH : $PATH "
@ -2599,7 +2599,7 @@ _initpath() {
if [ -z " $ACME_DIRECTORY " ] ; then
if [ -z " $ACME_DIRECTORY " ] ; then
if [ " $STAGE " ] ; then
if [ " $STAGE " ] ; then
ACME_DIRECTORY = " $DEFAULT_STAGING_CA "
ACME_DIRECTORY = " $DEFAULT_STAGING_CA "
_info " Using stage ACME_DIRECTORY: $ACME_DIRECTORY "
_info " Using ACME_DIRECTORY: $ACME_DIRECTORY "
else
else
default_acme_server = $( _readaccountconf "DEFAULT_ACME_SERVER" )
default_acme_server = $( _readaccountconf "DEFAULT_ACME_SERVER" )
_debug default_acme_server " $default_acme_server "
_debug default_acme_server " $default_acme_server "
@ -3387,7 +3387,7 @@ _on_issue_err() {
)
)
fi
fi
if [ " $IS_RENEW " = "1" ] && _hasfield " $Le_Webroot " " $W_DNS " ; then
if [ " $_ACME_ IS_RENEW " = "1" ] && _hasfield " $Le_Webroot " " $W_DNS " ; then
_err " $_DNS_MANUAL_ERR "
_err " $_DNS_MANUAL_ERR "
fi
fi
@ -3419,7 +3419,7 @@ _on_issue_success() {
fi
fi
#run renew hook
#run renew hook
if [ " $IS_RENEW " ] && [ " $_chk_renew_hook " ] ; then
if [ " $_ACME_ IS_RENEW " ] && [ " $_chk_renew_hook " ] ; then
_info " Run renew hook:' $_chk_renew_hook ' "
_info " Run renew hook:' $_chk_renew_hook ' "
if ! (
if ! (
export CERT_PATH
export CERT_PATH
@ -3990,17 +3990,22 @@ _check_dns_entries() {
}
}
#file
#file
_get_cert_issuer( ) {
_get_cert_issuers ( ) {
_cfile = " $1 "
_cfile = " $1 "
echo $( openssl x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2)
if _contains " $( ${ ACME_OPENSSL_BIN :- openssl } help crl2pkcs7 2>& 1) " "Usage: crl2pkcs7" ; then
${ ACME_OPENSSL_BIN :- openssl } crl2pkcs7 -nocrl -certfile $_cfile | openssl pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
else
${ ACME_OPENSSL_BIN :- openssl } x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
fi
}
}
#cert issuer
#cert issuer
_match_issuer( ) {
_match_issuer( ) {
_cfile = " $1 "
_cfile = " $1 "
_missuer = " $2 "
_missuer = " $2 "
_fissuer = $( _get_cert_issuer $_cfile )
[ " $_missuer " = " $_fissuer " ]
_fissuers = " $( _get_cert_issuers $_cfile ) "
_debug2 _fissuers " $_fissuers "
_contains " $_fissuers " " $_missuer "
}
}
#webroot, domain domainlist keylength
#webroot, domain domainlist keylength
@ -4037,7 +4042,7 @@ issue() {
_challenge_alias = " ${ 14 } "
_challenge_alias = " ${ 14 } "
_preferred_chain = " ${ 15 } "
_preferred_chain = " ${ 15 } "
if [ ! " $ IS_RENEW " ] ; then
if [ -z " $_ACME_ IS_RENEW " ] ; then
_initpath " $_main_domain " " $_key_length "
_initpath " $_main_domain " " $_key_length "
mkdir -p " $DOMAIN_PATH "
mkdir -p " $DOMAIN_PATH "
fi
fi
@ -4689,7 +4694,8 @@ $_authorizations_map"
der = " $( _getfile " ${ CSR_PATH } " " ${ BEGIN_CSR } " " ${ END_CSR } " | tr -d "\r\n" | _url_replace) "
der = " $( _getfile " ${ CSR_PATH } " " ${ BEGIN_CSR } " " ${ END_CSR } " | tr -d "\r\n" | _url_replace) "
if [ " $ACME_VERSION " = "2" ] ; then
if [ " $ACME_VERSION " = "2" ] ; then
_info " Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize "
_info "Lets finalize the order."
_info "Le_OrderFinalize" " $Le_OrderFinalize "
if ! _send_signed_request " ${ Le_OrderFinalize } " " {\"csr\": \" $der \"} " ; then
if ! _send_signed_request " ${ Le_OrderFinalize } " " {\"csr\": \" $der \"} " ; then
_err "Sign failed."
_err "Sign failed."
_on_issue_err " $_post_hook "
_on_issue_err " $_post_hook "
@ -4760,7 +4766,8 @@ $_authorizations_map"
_on_issue_err " $_post_hook "
_on_issue_err " $_post_hook "
return 1
return 1
fi
fi
_info " Downloading cert, Le_LinkCert: $Le_LinkCert "
_info "Downloading cert."
_info "Le_LinkCert" " $Le_LinkCert "
if ! _send_signed_request " $Le_LinkCert " ; then
if ! _send_signed_request " $Le_LinkCert " ; then
_err " Sign failed, can not download cert: $Le_LinkCert . "
_err " Sign failed, can not download cert: $Le_LinkCert . "
_err " $response "
_err " $response "
@ -4771,10 +4778,8 @@ $_authorizations_map"
echo " $response " >" $CERT_PATH "
echo " $response " >" $CERT_PATH "
_split_cert_chain " $CERT_PATH " " $CERT_FULLCHAIN_PATH " " $CA_CERT_PATH "
_split_cert_chain " $CERT_PATH " " $CERT_FULLCHAIN_PATH " " $CA_CERT_PATH "
if [ " $_preferred_chain " ] ; then
_cert_issuer = $( _get_cert_issuer " $CA_CERT_PATH " )
_debug _cert_issuer " $_cert_issuer "
if ! _match_issuer " $CA_CERT_PATH " " $_preferred_chain " ; then
if [ " $_preferred_chain " ] && [ -f " $CERT_FULLCHAIN_PATH " ] ; then
if ! _match_issuer " $CERT_FULLCHAIN_PATH " " $_preferred_chain " ; then
rels = " $( echo " $responseHeaders " | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1) "
rels = " $( echo " $responseHeaders " | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1) "
_debug2 "rels" " $rels "
_debug2 "rels" " $rels "
for rel in $rels ; do
for rel in $rels ; do
@ -4789,7 +4794,7 @@ $_authorizations_map"
_relca = " $CA_CERT_PATH .alt "
_relca = " $CA_CERT_PATH .alt "
echo " $response " >" $_relcert "
echo " $response " >" $_relcert "
_split_cert_chain " $_relcert " " $_relfullchain " " $_relca "
_split_cert_chain " $_relcert " " $_relfullchain " " $_relca "
if _match_issuer " $_relca " " $_preferred_chain " ; then
if _match_issuer " $_relfull ch ain " " $_preferred_chain " ; then
_info " Matched issuer in: $rel "
_info " Matched issuer in: $rel "
cat $_relcert >" $CERT_PATH "
cat $_relcert >" $CERT_PATH "
cat $_relfullchain >" $CERT_FULLCHAIN_PATH "
cat $_relfullchain >" $CERT_FULLCHAIN_PATH "
@ -4842,7 +4847,7 @@ $_authorizations_map"
_info " Your cert key is in $( __green " $CERT_KEY_PATH " ) "
_info " Your cert key is in $( __green " $CERT_KEY_PATH " ) "
fi
fi
if [ ! " $USER_PATH " ] || [ ! " $ACME_IN_CRON " ] ; then
if [ ! " $USER_PATH " ] || [ ! " $_ ACME_IN_CRON " ] ; then
USER_PATH = " $PATH "
USER_PATH = " $PATH "
_saveaccountconf "USER_PATH" " $USER_PATH "
_saveaccountconf "USER_PATH" " $USER_PATH "
fi
fi
@ -5033,12 +5038,12 @@ renew() {
return " $RENEW_SKIP "
return " $RENEW_SKIP "
fi
fi
if [ " $ACME_IN_CRON " = "1" ] && [ -z " $Le_CertCreateTime " ] ; then
if [ " $_ ACME_IN_CRON " = "1" ] && [ -z " $Le_CertCreateTime " ] ; then
_info " Skip invalid cert for: $Le_Domain "
_info " Skip invalid cert for: $Le_Domain "
return $RENEW_SKIP
return $RENEW_SKIP
fi
fi
IS_RENEW = "1"
_ACME_ IS_RENEW= "1"
Le_ReloadCmd = " $( _readdomainconf Le_ReloadCmd) "
Le_ReloadCmd = " $( _readdomainconf Le_ReloadCmd) "
Le_PreHook = " $( _readdomainconf Le_PreHook) "
Le_PreHook = " $( _readdomainconf Le_PreHook) "
Le_PostHook = " $( _readdomainconf Le_PostHook) "
Le_PostHook = " $( _readdomainconf Le_PostHook) "
@ -5054,7 +5059,7 @@ renew() {
res = " $? "
res = " $? "
fi
fi
IS_RENEW = ""
_ACME_ IS_RENEW= ""
return " $res "
return " $res "
}
}
@ -5094,7 +5099,7 @@ renewAll() {
_error_level = " $NOTIFY_LEVEL_RENEW "
_error_level = " $NOTIFY_LEVEL_RENEW "
_notify_code = 0
_notify_code = 0
fi
fi
if [ " $ACME_IN_CRON " ] ; then
if [ " $_ ACME_IN_CRON " ] ; then
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ] ; then
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ] ; then
if [ " $NOTIFY_MODE " = " $NOTIFY_MODE_CERT " ] ; then
if [ " $NOTIFY_MODE " = " $NOTIFY_MODE_CERT " ] ; then
_send_notify " Renew $d success " "Good, the cert is renewed." " $NOTIFY_HOOK " 0
_send_notify " Renew $d success " "Good, the cert is renewed." " $NOTIFY_HOOK " 0
@ -5108,7 +5113,7 @@ renewAll() {
_error_level = " $NOTIFY_LEVEL_SKIP "
_error_level = " $NOTIFY_LEVEL_SKIP "
_notify_code = $RENEW_SKIP
_notify_code = $RENEW_SKIP
fi
fi
if [ " $ACME_IN_CRON " ] ; then
if [ " $_ ACME_IN_CRON " ] ; then
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ] ; then
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ] ; then
if [ " $NOTIFY_MODE " = " $NOTIFY_MODE_CERT " ] ; then
if [ " $NOTIFY_MODE " = " $NOTIFY_MODE_CERT " ] ; then
_send_notify " Renew $d skipped " "Good, the cert is skipped." " $NOTIFY_HOOK " " $RENEW_SKIP "
_send_notify " Renew $d skipped " "Good, the cert is skipped." " $NOTIFY_HOOK " " $RENEW_SKIP "
@ -5123,7 +5128,7 @@ renewAll() {
_error_level = " $NOTIFY_LEVEL_ERROR "
_error_level = " $NOTIFY_LEVEL_ERROR "
_notify_code = 1
_notify_code = 1
fi
fi
if [ " $ACME_IN_CRON " ] ; then
if [ " $_ ACME_IN_CRON " ] ; then
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ] ; then
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ] ; then
if [ " $NOTIFY_MODE " = " $NOTIFY_MODE_CERT " ] ; then
if [ " $NOTIFY_MODE " = " $NOTIFY_MODE_CERT " ] ; then
_send_notify " Renew $d error " "There is an error." " $NOTIFY_HOOK " 1
_send_notify " Renew $d error " "There is an error." " $NOTIFY_HOOK " 1
@ -5144,7 +5149,7 @@ renewAll() {
done
done
_debug _error_level " $_error_level "
_debug _error_level " $_error_level "
_debug _set_level " $_set_level "
_debug _set_level " $_set_level "
if [ " $ACME_IN_CRON " ] && [ $_error_level -le $_set_level ] ; then
if [ " $_ ACME_IN_CRON " ] && [ $_error_level -le $_set_level ] ; then
if [ -z " $NOTIFY_MODE " ] || [ " $NOTIFY_MODE " = " $NOTIFY_MODE_BULK " ] ; then
if [ -z " $NOTIFY_MODE " ] || [ " $NOTIFY_MODE " = " $NOTIFY_MODE_BULK " ] ; then
_msg_subject = "Renew"
_msg_subject = "Renew"
if [ " $_error_msg " ] ; then
if [ " $_error_msg " ] ; then
@ -5442,7 +5447,7 @@ _installcert() {
if [ " $_real_cert " ] ; then
if [ " $_real_cert " ] ; then
_info " Installing cert to: $_real_cert "
_info " Installing cert to: $_real_cert "
if [ -f " $_real_cert " ] && [ ! " $IS_RENEW " ] ; then
if [ -f " $_real_cert " ] && [ ! " $_ACME_ IS_RENEW " ] ; then
cp " $_real_cert " " $_backup_path /cert.bak "
cp " $_real_cert " " $_backup_path /cert.bak "
fi
fi
cat " $CERT_PATH " >" $_real_cert " || return 1
cat " $CERT_PATH " >" $_real_cert " || return 1
@ -5454,7 +5459,7 @@ _installcert() {
echo "" >>" $_real_ca "
echo "" >>" $_real_ca "
cat " $CA_CERT_PATH " >>" $_real_ca " || return 1
cat " $CA_CERT_PATH " >>" $_real_ca " || return 1
else
else
if [ -f " $_real_ca " ] && [ ! " $IS_RENEW " ] ; then
if [ -f " $_real_ca " ] && [ ! " $_ACME_ IS_RENEW " ] ; then
cp " $_real_ca " " $_backup_path /ca.bak "
cp " $_real_ca " " $_backup_path /ca.bak "
fi
fi
cat " $CA_CERT_PATH " >" $_real_ca " || return 1
cat " $CA_CERT_PATH " >" $_real_ca " || return 1
@ -5463,7 +5468,7 @@ _installcert() {
if [ " $_real_key " ] ; then
if [ " $_real_key " ] ; then
_info " Installing key to: $_real_key "
_info " Installing key to: $_real_key "
if [ -f " $_real_key " ] && [ ! " $IS_RENEW " ] ; then
if [ -f " $_real_key " ] && [ ! " $_ACME_ IS_RENEW " ] ; then
cp " $_real_key " " $_backup_path /key.bak "
cp " $_real_key " " $_backup_path /key.bak "
fi
fi
if [ -f " $_real_key " ] ; then
if [ -f " $_real_key " ] ; then
@ -5476,7 +5481,7 @@ _installcert() {
if [ " $_real_fullchain " ] ; then
if [ " $_real_fullchain " ] ; then
_info " Installing full chain to: $_real_fullchain "
_info " Installing full chain to: $_real_fullchain "
if [ -f " $_real_fullchain " ] && [ ! " $IS_RENEW " ] ; then
if [ -f " $_real_fullchain " ] && [ ! " $_ACME_ IS_RENEW " ] ; then
cp " $_real_fullchain " " $_backup_path /fullchain.bak "
cp " $_real_fullchain " " $_backup_path /fullchain.bak "
fi
fi
cat " $CERT_FULLCHAIN_PATH " >" $_real_fullchain " || return 1
cat " $CERT_FULLCHAIN_PATH " >" $_real_fullchain " || return 1
@ -6093,7 +6098,7 @@ install() {
_debug "Skip install cron job"
_debug "Skip install cron job"
fi
fi
if [ " $ACME_IN_CRON " != "1" ] ; then
if [ " $_ ACME_IN_CRON " != "1" ] ; then
if ! _precheck " $_nocron " ; then
if ! _precheck " $_nocron " ; then
_err "Pre-check failed, can not install."
_err "Pre-check failed, can not install."
return 1
return 1
@ -6150,7 +6155,7 @@ install() {
_info " Installed to $LE_WORKING_DIR / $PROJECT_ENTRY "
_info " Installed to $LE_WORKING_DIR / $PROJECT_ENTRY "
if [ " $ACME_IN_CRON " != "1" ] && [ -z " $_noprofile " ] ; then
if [ " $_ ACME_IN_CRON " != "1" ] && [ -z " $_noprofile " ] ; then
_installalias " $_c_home "
_installalias " $_c_home "
fi
fi
@ -6248,7 +6253,7 @@ _uninstallalias() {
}
}
cron( ) {
cron( ) {
export ACME_IN_CRON = 1
export _ ACME_IN_CRON= 1
_initpath
_initpath
_info " $( __green "===Starting cron===" ) "
_info " $( __green "===Starting cron===" ) "
if [ " $AUTO_UPGRADE " = "1" ] ; then
if [ " $AUTO_UPGRADE " = "1" ] ; then
@ -6269,7 +6274,7 @@ cron() {
fi
fi
renewAll
renewAll
_ret = " $? "
_ret = " $? "
ACME_IN_CRON = ""
_ ACME_IN_CRON= ""
_info " $( __green "===End cron===" ) "
_info " $( __green "===End cron===" ) "
exit $_ret
exit $_ret
}
}