|
@ -138,8 +138,8 @@ _printargs() { |
|
|
_dlg_versions() { |
|
|
_dlg_versions() { |
|
|
echo "Diagnosis versions: " |
|
|
echo "Diagnosis versions: " |
|
|
echo "openssl:$ACME_OPENSSL_BIN" |
|
|
echo "openssl:$ACME_OPENSSL_BIN" |
|
|
if _exists "$ACME_OPENSSL_BIN"; then |
|
|
|
|
|
$ACME_OPENSSL_BIN version 2>&1 |
|
|
|
|
|
|
|
|
if _exists "${ACME_OPENSSL_BIN:-openssl}"; then |
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} version 2>&1 |
|
|
else |
|
|
else |
|
|
echo "$ACME_OPENSSL_BIN doesn't exists." |
|
|
echo "$ACME_OPENSSL_BIN doesn't exists." |
|
|
fi |
|
|
fi |
|
@ -790,19 +790,19 @@ _base64() { |
|
|
[ "" ] #urgly |
|
|
[ "" ] #urgly |
|
|
if [ "$1" ]; then |
|
|
if [ "$1" ]; then |
|
|
_debug3 "base64 multiline:'$1'" |
|
|
_debug3 "base64 multiline:'$1'" |
|
|
$ACME_OPENSSL_BIN base64 -e |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} base64 -e |
|
|
else |
|
|
else |
|
|
_debug3 "base64 single line." |
|
|
_debug3 "base64 single line." |
|
|
$ACME_OPENSSL_BIN base64 -e | tr -d '\r\n' |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} base64 -e | tr -d '\r\n' |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#Usage: multiline |
|
|
#Usage: multiline |
|
|
_dbase64() { |
|
|
_dbase64() { |
|
|
if [ "$1" ]; then |
|
|
if [ "$1" ]; then |
|
|
$ACME_OPENSSL_BIN base64 -d -A |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} base64 -d -A |
|
|
else |
|
|
else |
|
|
$ACME_OPENSSL_BIN base64 -d |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} base64 -d |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -819,9 +819,9 @@ _digest() { |
|
|
|
|
|
|
|
|
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then |
|
|
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then |
|
|
if [ "$outputhex" ]; then |
|
|
if [ "$outputhex" ]; then |
|
|
$ACME_OPENSSL_BIN dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' ' |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' ' |
|
|
else |
|
|
else |
|
|
$ACME_OPENSSL_BIN dgst -"$alg" -binary | _base64 |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -binary | _base64 |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
|
_err "$alg is not supported yet" |
|
|
_err "$alg is not supported yet" |
|
@ -844,9 +844,9 @@ _hmac() { |
|
|
|
|
|
|
|
|
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then |
|
|
if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then |
|
|
if [ "$outputhex" ]; then |
|
|
if [ "$outputhex" ]; then |
|
|
($ACME_OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" 2>/dev/null || $ACME_OPENSSL_BIN dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)") | cut -d = -f 2 | tr -d ' ' |
|
|
|
|
|
|
|
|
(${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" 2>/dev/null || ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)") | cut -d = -f 2 | tr -d ' ' |
|
|
else |
|
|
else |
|
|
$ACME_OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" -binary 2>/dev/null || $ACME_OPENSSL_BIN dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)" -binary |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" -binary 2>/dev/null || ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$secret_hex" | _h2b)" -binary |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
|
_err "$alg is not supported yet" |
|
|
_err "$alg is not supported yet" |
|
@ -865,7 +865,7 @@ _sign() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_sign_openssl="$ACME_OPENSSL_BIN dgst -sign $keyfile " |
|
|
|
|
|
|
|
|
_sign_openssl="${ACME_OPENSSL_BIN:-openssl} dgst -sign $keyfile " |
|
|
if [ "$alg" = "sha256" ]; then |
|
|
if [ "$alg" = "sha256" ]; then |
|
|
_sign_openssl="$_sign_openssl -$alg" |
|
|
_sign_openssl="$_sign_openssl -$alg" |
|
|
else |
|
|
else |
|
@ -876,7 +876,7 @@ _sign() { |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
$_sign_openssl | _base64 |
|
|
$_sign_openssl | _base64 |
|
|
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then |
|
|
|
|
|
|
|
|
if ! _signedECText="$($_sign_openssl | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then |
|
|
_err "Sign failed: $_sign_openssl" |
|
|
_err "Sign failed: $_sign_openssl" |
|
|
_err "Key file: $keyfile" |
|
|
_err "Key file: $keyfile" |
|
|
_err "Key content:$(wc -l <"$keyfile") lines" |
|
|
_err "Key content:$(wc -l <"$keyfile") lines" |
|
@ -948,10 +948,10 @@ _createkey() { |
|
|
|
|
|
|
|
|
if _isEccKey "$length"; then |
|
|
if _isEccKey "$length"; then |
|
|
_debug "Using ec name: $eccname" |
|
|
_debug "Using ec name: $eccname" |
|
|
$ACME_OPENSSL_BIN ecparam -name "$eccname" -genkey 2>/dev/null >"$f" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null >"$f" |
|
|
else |
|
|
else |
|
|
_debug "Using RSA: $length" |
|
|
_debug "Using RSA: $length" |
|
|
$ACME_OPENSSL_BIN genrsa "$length" 2>/dev/null >"$f" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null >"$f" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$?" != "0" ]; then |
|
|
if [ "$?" != "0" ]; then |
|
@ -1038,9 +1038,9 @@ _createcsr() { |
|
|
_csr_cn="$(_idn "$domain")" |
|
|
_csr_cn="$(_idn "$domain")" |
|
|
_debug2 _csr_cn "$_csr_cn" |
|
|
_debug2 _csr_cn "$_csr_cn" |
|
|
if _contains "$(uname -a)" "MINGW"; then |
|
|
if _contains "$(uname -a)" "MINGW"; then |
|
|
$ACME_OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr" |
|
|
else |
|
|
else |
|
|
$ACME_OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
@ -1052,7 +1052,7 @@ _signcsr() { |
|
|
cert="$4" |
|
|
cert="$4" |
|
|
_debug "_signcsr" |
|
|
_debug "_signcsr" |
|
|
|
|
|
|
|
|
_msg="$($ACME_OPENSSL_BIN x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)" |
|
|
|
|
|
|
|
|
_msg="$(${ACME_OPENSSL_BIN:-openssl} x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)" |
|
|
_ret="$?" |
|
|
_ret="$?" |
|
|
_debug "$_msg" |
|
|
_debug "$_msg" |
|
|
return $_ret |
|
|
return $_ret |
|
@ -1065,7 +1065,7 @@ _readSubjectFromCSR() { |
|
|
_usage "_readSubjectFromCSR mycsr.csr" |
|
|
_usage "_readSubjectFromCSR mycsr.csr" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
$ACME_OPENSSL_BIN req -noout -in "$_csrfile" -subject | _egrep_o "CN *=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n' |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} req -noout -in "$_csrfile" -subject | _egrep_o "CN *=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n' |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#_csrfile |
|
|
#_csrfile |
|
@ -1080,7 +1080,7 @@ _readSubjectAltNamesFromCSR() { |
|
|
_csrsubj="$(_readSubjectFromCSR "$_csrfile")" |
|
|
_csrsubj="$(_readSubjectFromCSR "$_csrfile")" |
|
|
_debug _csrsubj "$_csrsubj" |
|
|
_debug _csrsubj "$_csrsubj" |
|
|
|
|
|
|
|
|
_dnsAltnames="$($ACME_OPENSSL_BIN req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" |
|
|
|
|
|
|
|
|
_dnsAltnames="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" |
|
|
_debug _dnsAltnames "$_dnsAltnames" |
|
|
_debug _dnsAltnames "$_dnsAltnames" |
|
|
|
|
|
|
|
|
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then |
|
|
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then |
|
@ -1101,7 +1101,7 @@ _readKeyLengthFromCSR() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_outcsr="$($ACME_OPENSSL_BIN req -noout -text -in "$_csrfile")" |
|
|
|
|
|
|
|
|
_outcsr="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile")" |
|
|
if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then |
|
|
if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then |
|
|
_debug "ECC CSR" |
|
|
_debug "ECC CSR" |
|
|
echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' ' |
|
|
echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' ' |
|
@ -1159,9 +1159,9 @@ toPkcs() { |
|
|
_initpath "$domain" "$_isEcc" |
|
|
_initpath "$domain" "$_isEcc" |
|
|
|
|
|
|
|
|
if [ "$pfxPassword" ]; then |
|
|
if [ "$pfxPassword" ]; then |
|
|
$ACME_OPENSSL_BIN pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword" |
|
|
else |
|
|
else |
|
|
$ACME_OPENSSL_BIN pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$?" = "0" ]; then |
|
|
if [ "$?" = "0" ]; then |
|
@ -1183,7 +1183,7 @@ toPkcs8() { |
|
|
|
|
|
|
|
|
_initpath "$domain" "$_isEcc" |
|
|
_initpath "$domain" "$_isEcc" |
|
|
|
|
|
|
|
|
$ACME_OPENSSL_BIN pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_KEY_PATH" -out "$CERT_PKCS8_PATH" |
|
|
|
|
|
|
|
|
${ACME_OPENSSL_BIN:-openssl} pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in "$CERT_KEY_PATH" -out "$CERT_PKCS8_PATH" |
|
|
|
|
|
|
|
|
if [ "$?" = "0" ]; then |
|
|
if [ "$?" = "0" ]; then |
|
|
_info "Success, $CERT_PKCS8_PATH" |
|
|
_info "Success, $CERT_PKCS8_PATH" |
|
@ -1344,7 +1344,7 @@ _calcjwk() { |
|
|
|
|
|
|
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
_debug "RSA key" |
|
|
_debug "RSA key" |
|
|
pub_exp=$($ACME_OPENSSL_BIN rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) |
|
|
|
|
|
|
|
|
pub_exp=$(${ACME_OPENSSL_BIN:-openssl} rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) |
|
|
if [ "${#pub_exp}" = "5" ]; then |
|
|
if [ "${#pub_exp}" = "5" ]; then |
|
|
pub_exp=0$pub_exp |
|
|
pub_exp=0$pub_exp |
|
|
fi |
|
|
fi |
|
@ -1353,7 +1353,7 @@ _calcjwk() { |
|
|
e=$(echo "$pub_exp" | _h2b | _base64) |
|
|
e=$(echo "$pub_exp" | _h2b | _base64) |
|
|
_debug3 e "$e" |
|
|
_debug3 e "$e" |
|
|
|
|
|
|
|
|
modulus=$($ACME_OPENSSL_BIN rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2) |
|
|
|
|
|
|
|
|
modulus=$(${ACME_OPENSSL_BIN:-openssl} rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2) |
|
|
_debug3 modulus "$modulus" |
|
|
_debug3 modulus "$modulus" |
|
|
n="$(printf "%s" "$modulus" | _h2b | _base64 | _url_replace)" |
|
|
n="$(printf "%s" "$modulus" | _h2b | _base64 | _url_replace)" |
|
|
_debug3 n "$n" |
|
|
_debug3 n "$n" |
|
@ -1366,12 +1366,12 @@ _calcjwk() { |
|
|
JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' |
|
|
JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' |
|
|
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
_debug "EC key" |
|
|
_debug "EC key" |
|
|
crv="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
|
|
|
|
|
|
crv="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
_debug3 crv "$crv" |
|
|
_debug3 crv "$crv" |
|
|
|
|
|
|
|
|
if [ -z "$crv" ]; then |
|
|
if [ -z "$crv" ]; then |
|
|
_debug "Let's try ASN1 OID" |
|
|
_debug "Let's try ASN1 OID" |
|
|
crv_oid="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
|
|
|
|
|
|
crv_oid="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" |
|
|
_debug3 crv_oid "$crv_oid" |
|
|
_debug3 crv_oid "$crv_oid" |
|
|
case "${crv_oid}" in |
|
|
case "${crv_oid}" in |
|
|
"prime256v1") |
|
|
"prime256v1") |
|
@ -1391,15 +1391,15 @@ _calcjwk() { |
|
|
_debug3 crv "$crv" |
|
|
_debug3 crv "$crv" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
pubi="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" |
|
|
|
|
|
|
|
|
pubi="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" |
|
|
pubi=$(_math "$pubi" + 1) |
|
|
pubi=$(_math "$pubi" + 1) |
|
|
_debug3 pubi "$pubi" |
|
|
_debug3 pubi "$pubi" |
|
|
|
|
|
|
|
|
pubj="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" |
|
|
|
|
|
|
|
|
pubj="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" |
|
|
pubj=$(_math "$pubj" - 1) |
|
|
pubj=$(_math "$pubj" - 1) |
|
|
_debug3 pubj "$pubj" |
|
|
_debug3 pubj "$pubj" |
|
|
|
|
|
|
|
|
pubtext="$($ACME_OPENSSL_BIN ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" |
|
|
|
|
|
|
|
|
pubtext="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" |
|
|
_debug3 pubtext "$pubtext" |
|
|
_debug3 pubtext "$pubtext" |
|
|
|
|
|
|
|
|
xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" |
|
|
xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" |
|
@ -2017,7 +2017,7 @@ _starttlsserver() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
__S_OPENSSL="$ACME_OPENSSL_BIN s_server -cert $TLS_CERT -key $TLS_KEY " |
|
|
|
|
|
|
|
|
__S_OPENSSL="${ACME_OPENSSL_BIN:-openssl} s_server -cert $TLS_CERT -key $TLS_KEY " |
|
|
if [ "$opaddr" ]; then |
|
|
if [ "$opaddr" ]; then |
|
|
__S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" |
|
|
__S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" |
|
|
else |
|
|
else |
|
@ -3635,6 +3635,7 @@ issue() { |
|
|
|
|
|
|
|
|
_rcert="$response" |
|
|
_rcert="$response" |
|
|
Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" |
|
|
Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" |
|
|
|
|
|
_debug "Le_LinkCert" "$Le_LinkCert" |
|
|
_savedomainconf "Le_LinkCert" "$Le_LinkCert" |
|
|
_savedomainconf "Le_LinkCert" "$Le_LinkCert" |
|
|
|
|
|
|
|
|
if [ "$Le_LinkCert" ]; then |
|
|
if [ "$Le_LinkCert" ]; then |
|
@ -3681,16 +3682,34 @@ issue() { |
|
|
if ! _contains "$Le_LinkIssuer" ":"; then |
|
|
if ! _contains "$Le_LinkIssuer" ":"; then |
|
|
Le_LinkIssuer="$API$Le_LinkIssuer" |
|
|
Le_LinkIssuer="$API$Le_LinkIssuer" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
_debug Le_LinkIssuer "$Le_LinkIssuer" |
|
|
_savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" |
|
|
_savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" |
|
|
|
|
|
|
|
|
if [ "$Le_LinkIssuer" ]; then |
|
|
if [ "$Le_LinkIssuer" ]; then |
|
|
echo "$BEGIN_CERT" >"$CA_CERT_PATH" |
|
|
|
|
|
_get "$Le_LinkIssuer" | _base64 "multiline" >>"$CA_CERT_PATH" |
|
|
|
|
|
echo "$END_CERT" >>"$CA_CERT_PATH" |
|
|
|
|
|
_info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")" |
|
|
|
|
|
cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH" |
|
|
|
|
|
_info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")" |
|
|
|
|
|
|
|
|
_link_issuer_retry=0; |
|
|
|
|
|
_MAX_ISSUER_RETRY=5; |
|
|
|
|
|
while [ "$_link_issuer_retry" -lt "$_MAX_ISSUER_RETRY" ]; do |
|
|
|
|
|
_debug _link_issuer_retry "$_link_issuer_retry" |
|
|
|
|
|
if _get "$Le_LinkIssuer" >"$CA_CERT_PATH.der"; then |
|
|
|
|
|
echo "$BEGIN_CERT" >"$CA_CERT_PATH" |
|
|
|
|
|
_base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH" |
|
|
|
|
|
echo "$END_CERT" >>"$CA_CERT_PATH" |
|
|
|
|
|
|
|
|
|
|
|
_info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")" |
|
|
|
|
|
cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH" |
|
|
|
|
|
_info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")" |
|
|
|
|
|
|
|
|
|
|
|
rm -f "$CA_CERT_PATH.der" |
|
|
|
|
|
break |
|
|
|
|
|
fi |
|
|
|
|
|
_link_issuer_retry=$(_math $_link_issuer_retry + 1) |
|
|
|
|
|
_sleep "$_link_issuer_retry" |
|
|
|
|
|
done |
|
|
|
|
|
if [ "$_link_issuer_retry" = "$_MAX_ISSUER_RETRY" ]; then |
|
|
|
|
|
_err "Max retry for issuer ca cert is reached." |
|
|
|
|
|
fi |
|
|
|
|
|
else |
|
|
|
|
|
_debug "No Le_LinkIssuer header found." |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
Le_CertCreateTime=$(_time) |
|
|
Le_CertCreateTime=$(_time) |
|
@ -4463,7 +4482,7 @@ _precheck() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if ! _exists "$ACME_OPENSSL_BIN"; then |
|
|
|
|
|
|
|
|
if ! _exists "${ACME_OPENSSL_BIN:-openssl}"; then |
|
|
_err "Please install openssl first. ACME_OPENSSL_BIN=$ACME_OPENSSL_BIN" |
|
|
_err "Please install openssl first. ACME_OPENSSL_BIN=$ACME_OPENSSL_BIN" |
|
|
_err "We need openssl to generate keys." |
|
|
_err "We need openssl to generate keys." |
|
|
return 1 |
|
|
return 1 |
|
@ -4705,6 +4724,7 @@ _uninstallalias() { |
|
|
cron() { |
|
|
cron() { |
|
|
IN_CRON=1 |
|
|
IN_CRON=1 |
|
|
_initpath |
|
|
_initpath |
|
|
|
|
|
_info "$(__green "===Starting cron===")" |
|
|
if [ "$AUTO_UPGRADE" = "1" ]; then |
|
|
if [ "$AUTO_UPGRADE" = "1" ]; then |
|
|
export LE_WORKING_DIR |
|
|
export LE_WORKING_DIR |
|
|
( |
|
|
( |
|
@ -4724,6 +4744,7 @@ cron() { |
|
|
renewAll |
|
|
renewAll |
|
|
_ret="$?" |
|
|
_ret="$?" |
|
|
IN_CRON="" |
|
|
IN_CRON="" |
|
|
|
|
|
_info "$(__green "===End cron===")" |
|
|
exit $_ret |
|
|
exit $_ret |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|