Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #1992 from Neilpang/dev 

sync
pull/2021/head
neil 6 years ago
committed by GitHub
parent
a13b2b4018 c4094c68ee
commit
86366ae157
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 43 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      README.md
  2. 29
      acme.sh
  3. 31
      dnsapi/dns_cf.sh

4
README.md
View File

@ -70,6 +70,10 @@ For all build statuses, check our [weekly build project](https://github.com/Neil
https://github.com/Neilpang/acmetest
# Supported CA
- Letsencrypt.org CA(default)
- [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA)
# Supported modes

29
acme.sh
View File

@ -36,12 +36,11 @@ _OLD_STAGE_CA_HOST="https://acme-staging.api.letsencrypt.org"
VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01"
VTYPE_TLS="tls-sni-01"
VTYPE_TLS2="tls-sni-02"
VTYPE_ALPN="tls-alpn-01"
LOCAL_ANY_ADDRESS="0.0.0.0"
MAX_RENEW=60
DEFAULT_RENEW=60
DEFAULT_DNS_SLEEP=120
@ -1875,11 +1874,7 @@ _send_signed_request() {
sig="$(printf "%s" "$_sig_t" | _url_replace)"
_debug3 sig "$sig"
if [ "$ACME_VERSION" = "2" ]; then
body="{\"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
else
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
fi
body="{\"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
_debug3 body "$body"
response="$(_post "$body" "$url" "$needbase64" "POST" "$__request_conent_type")"
@ -3448,10 +3443,12 @@ __trigger_validation() {
_debug2 _t_url "$_t_url"
_t_key_authz="$2"
_debug2 _t_key_authz "$_t_key_authz"
_t_vtype="$3"
_debug2 _t_vtype "$_t_vtype"
if [ "$ACME_VERSION" = "2" ]; then
_send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}"
else
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}"
fi
}
@ -3702,11 +3699,7 @@ $_authorizations_map"
fi
if [ "$_currentRoot" = "$W_TLS" ]; then
if [ "$ACME_VERSION" = "2" ]; then
vtype="$VTYPE_TLS2"
else
vtype="$VTYPE_TLS"
fi
vtype="$VTYPE_TLS"
fi
if [ "$_currentRoot" = "$W_ALPN" ]; then
@ -4038,7 +4031,7 @@ $_authorizations_map"
fi
fi
if ! __trigger_validation "$uri" "$keyauthorization"; then
if ! __trigger_validation "$uri" "$keyauthorization" "$vtype"; then
_err "$d:Can not get challenge: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
@ -4047,7 +4040,7 @@ $_authorizations_map"
fi
if [ "$code" ] && [ "$code" != '202' ]; then
if [ "$ACME_VERSION" = "2" ] && [ "$code" = '200' ]; then
if [ "$code" = '200' ]; then
_debug "trigger validation code: $code"
else
_err "$d:Challenge error: $response"
@ -4274,8 +4267,8 @@ $_authorizations_map"
Le_CertCreateTimeStr=$(date -u)
_savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr"
if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ]; then
Le_RenewalDays="$MAX_RENEW"
if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ]; then
Le_RenewalDays="$DEFAULT_RENEW"
else
_savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
fi
@ -5527,7 +5520,7 @@ Parameters:
--useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey Specifies the account key path, only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
--days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.

31
dnsapi/dns_cf.sh
View File

@ -34,9 +34,6 @@ dns_cf_add() {
_saveaccountconf_mutable CF_Key "$CF_Key"
_saveaccountconf_mutable CF_Email "$CF_Email"
_DOMAIN_CF_ZONES_CACHE_NAME_="$(echo "${CF_Email}_CF_ZONES_" | tr '+@.' '___')"
_cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
@ -105,16 +102,11 @@ dns_cf_rm() {
return 1
fi
_DOMAIN_CF_ZONES_CACHE_NAME_="$(echo "${CF_Email}_CF_ZONES_" | tr '+@.' '___')"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
_err "invalid domain"
return 1
fi
_cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
@ -154,21 +146,6 @@ dns_cf_rm() {
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
_cf_zones="$(_readdomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_")"
_debug2 "_cf_zones" "$_cf_zones"
if [ -z "$_cf_zones" ]; then
_debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ is none, so get it."
if ! _cf_rest GET "zones"; then
return 1
fi
_cf_zones="$response"
_savedomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_" "$(echo "$_cf_zones" | _base64)"
else
_debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ found"
_cf_zones="$(echo "$_cf_zones" | _dbase64)"
fi
domain=$1
i=2
p=1
@ -180,8 +157,12 @@ _get_root() {
return 1
fi
if _contains "$_cf_zones" "\"name\":\"$h\"" >/dev/null; then
_domain_id=$(echo "$_cf_zones" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "^\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
if ! _cf_rest GET "zones?name=$h"; then
return 1
fi
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h

Write Preview
Loading…
Cancel
Save