Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #3800 from acmesh-official/dev 

sync
pull/3818/head
neil 3 years ago
committed by GitHub
parent
b2fc84c98e 640c7c5fa3
commit
5e574a355d
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 140 additions and 19 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      .github/workflows/PebbleStrict.yml
  2. 1
      Dockerfile
  3. 79
      acme.sh
  4. 1
      deploy/synology_dsm.sh
  5. 48
      notify/feishu.sh
  6. 3
      notify/mail.sh

23
.github/workflows/PebbleStrict.yml
View File

@ -37,3 +37,26 @@ jobs:
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest - name: Run acmetest
run: cd ../acmetest && ./letest.sh run: cd ../acmetest && ./letest.sh
PebbleStrict_IPCert:
runs-on: ubuntu-latest
env:
TestingDomain: 10.30.50.1
ACME_DIRECTORY: https://localhost:14000/dir
HTTPS_INSECURE: 1
Le_HTTPPort: 5002
Le_TLSPort: 5001
TEST_LOCAL: 1
TEST_CA: "Pebble Intermediate CA"
TEST_IPCERT: 1
steps:
- uses: actions/checkout@v2
- name: Install tools
run: sudo apt-get install -y socat
- name: Run Pebble
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
- name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && ./letest.sh

1
Dockerfile
View File

@ -55,6 +55,7 @@ RUN for verb in help \
deactivate-account \ deactivate-account \
set-notify \ set-notify \
set-default-ca \ set-default-ca \
set-default-chain \
; do \ ; do \
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
; done ; done

79
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=3.0.1
VER=3.0.2
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -59,6 +59,9 @@ VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01" VTYPE_DNS="dns-01"
VTYPE_ALPN="tls-alpn-01" VTYPE_ALPN="tls-alpn-01"
ID_TYPE_DNS="dns"
ID_TYPE_IP="ip"
LOCAL_ANY_ADDRESS="0.0.0.0" LOCAL_ANY_ADDRESS="0.0.0.0"
DEFAULT_RENEW=60 DEFAULT_RENEW=60
@ -426,13 +429,11 @@ _secure_debug3() {
} }
_upper_case() { _upper_case() {
# shellcheck disable=SC2018,SC2019
tr 'a-z' 'A-Z'
tr '[:lower:]' '[:upper:]'
} }
_lower_case() { _lower_case() {
# shellcheck disable=SC2018,SC2019
tr 'A-Z' 'a-z'
tr '[:upper:]' '[:lower:]'
} }
_startswith() { _startswith() {
@ -1222,19 +1223,27 @@ _createcsr() {
if [ "$acmeValidationv1" ]; then if [ "$acmeValidationv1" ]; then
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf"
_debug2 domainlist "$domainlist"
alt=""
for dl in $(echo "$domainlist" | tr "," ' '); do
if [ "$alt" ]; then
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
else
alt="$(_getIdType "$dl" | _upper_case):$dl"
fi
done
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf"
printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf"
else else
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
_debug2 domainlist "$domainlist" _debug2 domainlist "$domainlist"
if _contains "$domainlist" ","; then
alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")"
else
alt="DNS:$(_idn "$domain"),DNS:$domainlist"
fi
alt="$(_getIdType "$domain" | _upper_case):$domain"
for dl in $(echo "$domainlist" | tr "," ' '); do
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
done
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
printf -- "\nsubjectAltName=$alt" >>"$csrconf" printf -- "\nsubjectAltName=$alt" >>"$csrconf"
@ -4174,6 +4183,36 @@ _match_issuer() {
_contains "$_rootissuer" "$_missuer" _contains "$_rootissuer" "$_missuer"
} }
#ip
_isIPv4() {
for seg in $(echo "$1" | tr '.' ' '); do
if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then
continue
fi
return 1
done
return 0
}
#ip6
_isIPv6() {
_contains "$1" ":"
}
#ip
_isIP() {
_isIPv4 "$1" || _isIPv6 "$1"
}
#identifier
_getIdType() {
if _isIP "$1"; then
echo "$ID_TYPE_IP"
else
echo "$ID_TYPE_DNS"
fi
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
@ -4330,7 +4369,7 @@ issue() {
dvsep=',' dvsep=','
if [ -z "$vlist" ]; then if [ -z "$vlist" ]; then
#make new order request #make new order request
_identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}"
_identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}"
_w_index=1 _w_index=1
while true; do while true; do
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")" d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
@ -4339,7 +4378,7 @@ issue() {
if [ -z "$d" ]; then if [ -z "$d" ]; then
break break
fi fi
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}"
_identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
done done
_debug2 _identifiers "$_identifiers" _debug2 _identifiers "$_identifiers"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
@ -5673,10 +5712,18 @@ installcronjob() {
_CRONTAB="crontab" _CRONTAB="crontab"
if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then
lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY" lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY"
else
_debug "_SCRIPT_" "$_SCRIPT_"
_script="$(_readlink "$_SCRIPT_")"
_debug _script "$_script"
if [ -f "$_script" ]; then
_info "Using the current script from: $_script"
lesh="$_script"
else else
_err "Can not install cronjob, $PROJECT_ENTRY not found." _err "Can not install cronjob, $PROJECT_ENTRY not found."
return 1 return 1
fi fi
fi
if [ "$_c_home" ]; then if [ "$_c_home" ]; then
_c_entry="--config-home \"$_c_home\" " _c_entry="--config-home \"$_c_home\" "
fi fi
@ -5902,7 +5949,7 @@ _deactivate() {
_initAPI _initAPI
fi fi
_identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}"
_identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
_err "Can not get domain new order." _err "Can not get domain new order."
return 1 return 1
@ -5938,7 +5985,7 @@ _deactivate() {
thumbprint="$(__calc_account_thumbprint)" thumbprint="$(__calc_account_thumbprint)"
fi fi
_debug "Trigger validation." _debug "Trigger validation."
vtype="$VTYPE_DNS"
vtype="$(_getIdType "$_d_domain")"
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
_debug entry "$entry" _debug entry "$entry"
if [ -z "$entry" ]; then if [ -z "$entry" ]; then

1
deploy/synology_dsm.sh
View File

@ -100,6 +100,7 @@ synology_dsm_deploy() {
if [ -z "$token" ]; then if [ -z "$token" ]; then
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme." _err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
_err "Check your username and password." _err "Check your username and password."
_err "If two-factor authentication is enabled for the user, you have to choose another user."
return 1 return 1
fi fi
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p') sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')

48
notify/feishu.sh
View File

@ -0,0 +1,48 @@
#!/usr/bin/env sh
#Support feishu webhooks api
#required
#FEISHU_WEBHOOK="xxxx"
#optional
#FEISHU_KEYWORD="yyyy"
# subject content statusCode
feishu_send() {
_subject="$1"
_content="$2"
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
_debug "_subject" "$_subject"
_debug "_content" "$_content"
_debug "_statusCode" "$_statusCode"
FEISHU_WEBHOOK="${FEISHU_WEBHOOK:-$(_readaccountconf_mutable FEISHU_WEBHOOK)}"
if [ -z "$FEISHU_WEBHOOK" ]; then
FEISHU_WEBHOOK=""
_err "You didn't specify a feishu webhooks FEISHU_WEBHOOK yet."
_err "You can get yours from https://www.feishu.cn"
return 1
fi
_saveaccountconf_mutable FEISHU_WEBHOOK "$FEISHU_WEBHOOK"
FEISHU_KEYWORD="${FEISHU_KEYWORD:-$(_readaccountconf_mutable FEISHU_KEYWORD)}"
if [ "$FEISHU_KEYWORD" ]; then
_saveaccountconf_mutable FEISHU_KEYWORD "$FEISHU_KEYWORD"
fi
_content=$(echo "$_content" | _json_encode)
_subject=$(echo "$_subject" | _json_encode)
_data="{\"msg_type\": \"text\", \"content\": {\"text\": \"[$FEISHU_KEYWORD]\n$_subject\n$_content\"}}"
response="$(_post "$_data" "$FEISHU_WEBHOOK" "" "POST" "application/json")"
if [ "$?" = "0" ] && _contains "$response" "StatusCode\":0"; then
_info "feishu webhooks event fired success."
return 0
fi
_err "feishu webhooks event fired error."
_err "$response"
return 1
}

3
notify/mail.sh
View File

@ -62,7 +62,7 @@ mail_send() {
fi fi
contenttype="text/plain; charset=utf-8" contenttype="text/plain; charset=utf-8"
subject="=?UTF-8?B?$(echo "$_subject" | _base64)?="
subject="=?UTF-8?B?$(printf -- "%b" "$_subject" | _base64)?="
result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1) result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1)
# shellcheck disable=SC2181 # shellcheck disable=SC2181
@ -131,6 +131,7 @@ _mail_body() {
echo "To: $MAIL_TO" echo "To: $MAIL_TO"
echo "Subject: $subject" echo "Subject: $subject"
echo "Content-Type: $contenttype" echo "Content-Type: $contenttype"
echo "MIME-Version: 1.0"
echo echo
;; ;;
esac esac

Write Preview
Loading…
Cancel
Save