|
@ -1,6 +1,6 @@ |
|
|
#!/usr/bin/env sh |
|
|
#!/usr/bin/env sh |
|
|
|
|
|
|
|
|
VER=2.2.2 |
|
|
|
|
|
|
|
|
VER=2.2.3 |
|
|
|
|
|
|
|
|
PROJECT_NAME="acme.sh" |
|
|
PROJECT_NAME="acme.sh" |
|
|
|
|
|
|
|
@ -684,7 +684,17 @@ _savedomainconf() { |
|
|
key="$1" |
|
|
key="$1" |
|
|
value="$2" |
|
|
value="$2" |
|
|
if [ "$DOMAIN_CONF" ] ; then |
|
|
if [ "$DOMAIN_CONF" ] ; then |
|
|
_setopt $DOMAIN_CONF "$key" "=" "$value" |
|
|
|
|
|
|
|
|
_setopt "$DOMAIN_CONF" "$key" "=" "\"$value\"" |
|
|
|
|
|
else |
|
|
|
|
|
_err "DOMAIN_CONF is empty, can not save $key=$value" |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
#_cleardomainconf key |
|
|
|
|
|
_cleardomainconf() { |
|
|
|
|
|
key="$1" |
|
|
|
|
|
if [ "$DOMAIN_CONF" ] ; then |
|
|
|
|
|
_sed_i "s/^$key.*$//" "$DOMAIN_CONF" |
|
|
else |
|
|
else |
|
|
_err "DOMAIN_CONF is empty, can not save $key=$value" |
|
|
_err "DOMAIN_CONF is empty, can not save $key=$value" |
|
|
fi |
|
|
fi |
|
@ -695,7 +705,7 @@ _saveaccountconf() { |
|
|
key="$1" |
|
|
key="$1" |
|
|
value="$2" |
|
|
value="$2" |
|
|
if [ "$ACCOUNT_CONF_PATH" ] ; then |
|
|
if [ "$ACCOUNT_CONF_PATH" ] ; then |
|
|
_setopt $ACCOUNT_CONF_PATH "$key" "=" "\"$value\"" |
|
|
|
|
|
|
|
|
_setopt "$ACCOUNT_CONF_PATH" "$key" "=" "\"$value\"" |
|
|
else |
|
|
else |
|
|
_err "ACCOUNT_CONF_PATH is empty, can not save $key=$value" |
|
|
_err "ACCOUNT_CONF_PATH is empty, can not save $key=$value" |
|
|
fi |
|
|
fi |
|
@ -1035,15 +1045,10 @@ issue() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_Domain" "=" "$Le_Domain" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_Alt" "=" "$Le_Alt" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_Webroot" "=" "$Le_Webroot" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_Keylength" "=" "$Le_Keylength" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealCertPath" "=" "\"$Le_RealCertPath\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealCACertPath" "=" "\"$Le_RealCACertPath\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealKeyPath" "=" "\"$Le_RealKeyPath\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_ReloadCmd" "=" "\"$Le_ReloadCmd\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealFullChainPath" "=" "\"$Le_RealFullChainPath\"" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_Domain" "$Le_Domain" |
|
|
|
|
|
_savedomainconf "Le_Alt" "$Le_Alt" |
|
|
|
|
|
_savedomainconf "Le_Webroot" "$Le_Webroot" |
|
|
|
|
|
_savedomainconf "Le_Keylength" "$Le_Keylength" |
|
|
|
|
|
|
|
|
if [ "$Le_Alt" = "no" ] ; then |
|
|
if [ "$Le_Alt" = "no" ] ; then |
|
|
Le_Alt="" |
|
|
Le_Alt="" |
|
@ -1051,22 +1056,6 @@ issue() { |
|
|
if [ "$Le_Keylength" = "no" ] ; then |
|
|
if [ "$Le_Keylength" = "no" ] ; then |
|
|
Le_Keylength="" |
|
|
Le_Keylength="" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_RealCertPath" = "no" ] ; then |
|
|
|
|
|
Le_RealCertPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_RealKeyPath" = "no" ] ; then |
|
|
|
|
|
Le_RealKeyPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_RealCACertPath" = "no" ] ; then |
|
|
|
|
|
Le_RealCACertPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_ReloadCmd" = "no" ] ; then |
|
|
|
|
|
Le_ReloadCmd="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_RealFullChainPath" = "no" ] ; then |
|
|
|
|
|
Le_RealFullChainPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if _contains "$Le_Webroot" "no" ; then |
|
|
if _contains "$Le_Webroot" "no" ; then |
|
|
_info "Standalone mode." |
|
|
_info "Standalone mode." |
|
@ -1078,7 +1067,7 @@ issue() { |
|
|
if [ -z "$Le_HTTPPort" ] ; then |
|
|
if [ -z "$Le_HTTPPort" ] ; then |
|
|
Le_HTTPPort=80 |
|
|
Le_HTTPPort=80 |
|
|
fi |
|
|
fi |
|
|
_setopt "$DOMAIN_CONF" "Le_HTTPPort" "=" "$Le_HTTPPort" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_HTTPPort" "$Le_HTTPPort" |
|
|
|
|
|
|
|
|
netprc="$(_ss "$Le_HTTPPort" | grep "$Le_HTTPPort")" |
|
|
netprc="$(_ss "$Le_HTTPPort" | grep "$Le_HTTPPort")" |
|
|
if [ "$netprc" ] ; then |
|
|
if [ "$netprc" ] ; then |
|
@ -1279,7 +1268,7 @@ issue() { |
|
|
done |
|
|
done |
|
|
|
|
|
|
|
|
if [ "$dnsadded" = '0' ] ; then |
|
|
if [ "$dnsadded" = '0' ] ; then |
|
|
_setopt "$DOMAIN_CONF" "Le_Vlist" "=" "\"$vlist\"" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_Vlist" "$vlist" |
|
|
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." |
|
|
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." |
|
|
_err "Please add the TXT records to the domains, and retry again." |
|
|
_err "Please add the TXT records to the domains, and retry again." |
|
|
_clearup |
|
|
_clearup |
|
@ -1426,7 +1415,7 @@ issue() { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Le_LinkCert="$(grep -i -o '^Location.*$' $HTTP_HEADER | head -1 | tr -d "\r\n" | cut -d " " -f 2)" |
|
|
Le_LinkCert="$(grep -i -o '^Location.*$' $HTTP_HEADER | head -1 | tr -d "\r\n" | cut -d " " -f 2)" |
|
|
_setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_LinkCert" "$Le_LinkCert" |
|
|
|
|
|
|
|
|
if [ "$Le_LinkCert" ] ; then |
|
|
if [ "$Le_LinkCert" ] ; then |
|
|
echo "$BEGIN_CERT" > "$CERT_PATH" |
|
|
echo "$BEGIN_CERT" > "$CERT_PATH" |
|
@ -1451,10 +1440,10 @@ issue() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_setopt "$DOMAIN_CONF" 'Le_Vlist' '=' "\"\"" |
|
|
|
|
|
|
|
|
_cleardomainconf "Le_Vlist" |
|
|
|
|
|
|
|
|
Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | head -1 | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) |
|
|
Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | head -1 | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) |
|
|
_setopt "$DOMAIN_CONF" "Le_LinkIssuer" "=" "$Le_LinkIssuer" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" |
|
|
|
|
|
|
|
|
if [ "$Le_LinkIssuer" ] ; then |
|
|
if [ "$Le_LinkIssuer" ] ; then |
|
|
echo "$BEGIN_CERT" > "$CA_CERT_PATH" |
|
|
echo "$BEGIN_CERT" > "$CA_CERT_PATH" |
|
@ -1466,22 +1455,22 @@ issue() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
Le_CertCreateTime=$(date -u "+%s") |
|
|
Le_CertCreateTime=$(date -u "+%s") |
|
|
_setopt "$DOMAIN_CONF" "Le_CertCreateTime" "=" "$Le_CertCreateTime" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" |
|
|
|
|
|
|
|
|
Le_CertCreateTimeStr=$(date -u ) |
|
|
Le_CertCreateTimeStr=$(date -u ) |
|
|
_setopt "$DOMAIN_CONF" "Le_CertCreateTimeStr" "=" "\"$Le_CertCreateTimeStr\"" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" |
|
|
|
|
|
|
|
|
if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "80" ] ; then |
|
|
if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "80" ] ; then |
|
|
Le_RenewalDays=80 |
|
|
Le_RenewalDays=80 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RenewalDays" "=" "$Le_RenewalDays" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_RenewalDays" "$Le_RenewalDays" |
|
|
|
|
|
|
|
|
Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) |
|
|
Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) |
|
|
_setopt "$DOMAIN_CONF" "Le_NextRenewTime" "=" "$Le_NextRenewTime" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" |
|
|
|
|
|
|
|
|
Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime ) |
|
|
Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime ) |
|
|
_setopt "$DOMAIN_CONF" "Le_NextRenewTimeStr" "=" "\"$Le_NextRenewTimeStr\"" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
installcert $Le_Domain "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" |
|
|
installcert $Le_Domain "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" |
|
@ -1518,47 +1507,12 @@ renew() { |
|
|
|
|
|
|
|
|
renewAll() { |
|
|
renewAll() { |
|
|
_initpath |
|
|
_initpath |
|
|
_info "renewAll" |
|
|
|
|
|
|
|
|
|
|
|
for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do |
|
|
for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do |
|
|
d=$(echo $d | cut -d '/' -f 1) |
|
|
d=$(echo $d | cut -d '/' -f 1) |
|
|
_info "renew $d" |
|
|
|
|
|
|
|
|
|
|
|
Le_LinkCert="" |
|
|
|
|
|
Le_Domain="" |
|
|
|
|
|
Le_Alt="no" |
|
|
|
|
|
Le_Webroot="" |
|
|
|
|
|
Le_Keylength="" |
|
|
|
|
|
Le_LinkIssuer="" |
|
|
|
|
|
|
|
|
|
|
|
Le_CertCreateTime="" |
|
|
|
|
|
Le_CertCreateTimeStr="" |
|
|
|
|
|
Le_RenewalDays="" |
|
|
|
|
|
Le_NextRenewTime="" |
|
|
|
|
|
Le_NextRenewTimeStr="" |
|
|
|
|
|
|
|
|
|
|
|
Le_RealCertPath="" |
|
|
|
|
|
Le_RealKeyPath="" |
|
|
|
|
|
|
|
|
|
|
|
Le_RealCACertPath="" |
|
|
|
|
|
|
|
|
|
|
|
Le_ReloadCmd="" |
|
|
|
|
|
Le_RealFullChainPath="" |
|
|
|
|
|
|
|
|
|
|
|
DOMAIN_PATH="" |
|
|
|
|
|
DOMAIN_CONF="" |
|
|
|
|
|
DOMAIN_SSL_CONF="" |
|
|
|
|
|
CSR_PATH="" |
|
|
|
|
|
CERT_KEY_PATH="" |
|
|
|
|
|
CERT_PATH="" |
|
|
|
|
|
CA_CERT_PATH="" |
|
|
|
|
|
CERT_PFX_PATH="" |
|
|
|
|
|
CERT_FULLCHAIN_PATH="" |
|
|
|
|
|
ACCOUNT_KEY_PATH="" |
|
|
|
|
|
|
|
|
|
|
|
wellknown_path="" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
( |
|
|
|
|
|
_info "Renew: $d" |
|
|
renew "$d" |
|
|
renew "$d" |
|
|
|
|
|
) |
|
|
done |
|
|
done |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
@ -1578,13 +1532,32 @@ installcert() { |
|
|
|
|
|
|
|
|
_initpath $Le_Domain |
|
|
_initpath $Le_Domain |
|
|
|
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealCertPath" "=" "\"$Le_RealCertPath\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealCACertPath" "=" "\"$Le_RealCACertPath\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealKeyPath" "=" "\"$Le_RealKeyPath\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_ReloadCmd" "=" "\"$Le_ReloadCmd\"" |
|
|
|
|
|
_setopt "$DOMAIN_CONF" "Le_RealFullChainPath" "=" "\"$Le_RealFullChainPath\"" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_RealCertPath" "$Le_RealCertPath" |
|
|
|
|
|
_savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" |
|
|
|
|
|
_savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" |
|
|
|
|
|
_savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd" |
|
|
|
|
|
_savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath" |
|
|
|
|
|
|
|
|
|
|
|
if [ "$Le_RealCertPath" = "no" ] ; then |
|
|
|
|
|
Le_RealCertPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_RealKeyPath" = "no" ] ; then |
|
|
|
|
|
Le_RealKeyPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_RealCACertPath" = "no" ] ; then |
|
|
|
|
|
Le_RealCACertPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_ReloadCmd" = "no" ] ; then |
|
|
|
|
|
Le_ReloadCmd="" |
|
|
|
|
|
fi |
|
|
|
|
|
if [ "$Le_RealFullChainPath" = "no" ] ; then |
|
|
|
|
|
Le_RealFullChainPath="" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
_installed="0" |
|
|
if [ "$Le_RealCertPath" ] ; then |
|
|
if [ "$Le_RealCertPath" ] ; then |
|
|
|
|
|
_installed=1 |
|
|
|
|
|
_info "Installing cert to:$Le_RealCertPath" |
|
|
if [ -f "$Le_RealCertPath" ] ; then |
|
|
if [ -f "$Le_RealCertPath" ] ; then |
|
|
cp "$Le_RealCertPath" "$Le_RealCertPath".bak |
|
|
cp "$Le_RealCertPath" "$Le_RealCertPath".bak |
|
|
fi |
|
|
fi |
|
@ -1592,6 +1565,8 @@ installcert() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RealCACertPath" ] ; then |
|
|
if [ "$Le_RealCACertPath" ] ; then |
|
|
|
|
|
_installed=1 |
|
|
|
|
|
_info "Installing CA to:$Le_RealCACertPath" |
|
|
if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ] ; then |
|
|
if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ] ; then |
|
|
echo "" >> "$Le_RealCACertPath" |
|
|
echo "" >> "$Le_RealCACertPath" |
|
|
cat "$CA_CERT_PATH" >> "$Le_RealCACertPath" |
|
|
cat "$CA_CERT_PATH" >> "$Le_RealCACertPath" |
|
@ -1605,6 +1580,8 @@ installcert() { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$Le_RealKeyPath" ] ; then |
|
|
if [ "$Le_RealKeyPath" ] ; then |
|
|
|
|
|
_installed=1 |
|
|
|
|
|
_info "Installing key to:$Le_RealKeyPath" |
|
|
if [ -f "$Le_RealKeyPath" ] ; then |
|
|
if [ -f "$Le_RealKeyPath" ] ; then |
|
|
cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak |
|
|
cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak |
|
|
fi |
|
|
fi |
|
@ -1612,6 +1589,8 @@ installcert() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RealFullChainPath" ] ; then |
|
|
if [ "$Le_RealFullChainPath" ] ; then |
|
|
|
|
|
_installed=1 |
|
|
|
|
|
_info "Installing full chain to:$Le_RealFullChainPath" |
|
|
if [ -f "$Le_RealFullChainPath" ] ; then |
|
|
if [ -f "$Le_RealFullChainPath" ] ; then |
|
|
cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak |
|
|
cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak |
|
|
fi |
|
|
fi |
|
@ -1619,8 +1598,18 @@ installcert() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_ReloadCmd" ] ; then |
|
|
if [ "$Le_ReloadCmd" ] ; then |
|
|
|
|
|
_installed=1 |
|
|
_info "Run Le_ReloadCmd: $Le_ReloadCmd" |
|
|
_info "Run Le_ReloadCmd: $Le_ReloadCmd" |
|
|
(cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") |
|
|
|
|
|
|
|
|
if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") ; then |
|
|
|
|
|
_info "Reload success." |
|
|
|
|
|
else |
|
|
|
|
|
_err "Reload error for :$Le_Domain" |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ "$_installed" = "0" ] ; then |
|
|
|
|
|
_err "Nothing to install. You don't specify any parameter." |
|
|
|
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
@ -2083,7 +2072,7 @@ _process() { |
|
|
_keypath="no" |
|
|
_keypath="no" |
|
|
_capath="no" |
|
|
_capath="no" |
|
|
_fullchainpath="no" |
|
|
_fullchainpath="no" |
|
|
_reloadcmd="no" |
|
|
|
|
|
|
|
|
_reloadcmd="" |
|
|
_password="" |
|
|
_password="" |
|
|
_accountconf="" |
|
|
_accountconf="" |
|
|
_useragent="" |
|
|
_useragent="" |
|
@ -2116,7 +2105,7 @@ _process() { |
|
|
--renew|-r) |
|
|
--renew|-r) |
|
|
_CMD="renew" |
|
|
_CMD="renew" |
|
|
;; |
|
|
;; |
|
|
--renewAll|-renewall) |
|
|
|
|
|
|
|
|
--renewAll|--renewall) |
|
|
_CMD="renewAll" |
|
|
_CMD="renewAll" |
|
|
;; |
|
|
;; |
|
|
--revoke) |
|
|
--revoke) |
|
|