|
@ -2707,34 +2707,39 @@ _clearupwebbroot() { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
_on_before_issue() { |
|
|
_on_before_issue() { |
|
|
|
|
|
_chk_web_roots="$1" |
|
|
|
|
|
_chk_main_domain="$2" |
|
|
|
|
|
_chk_alt_domains="$3" |
|
|
|
|
|
_chk_pre_hook="$4" |
|
|
|
|
|
_chk_local_addr="$5" |
|
|
_debug _on_before_issue |
|
|
_debug _on_before_issue |
|
|
#run pre hook |
|
|
#run pre hook |
|
|
if [ "$Le_PreHook" ]; then |
|
|
|
|
|
_info "Run pre hook:'$Le_PreHook'" |
|
|
|
|
|
|
|
|
if [ "$_chk_pre_hook" ]; then |
|
|
|
|
|
_info "Run pre hook:'$_chk_pre_hook'" |
|
|
if ! ( |
|
|
if ! ( |
|
|
cd "$DOMAIN_PATH" && eval "$Le_PreHook" |
|
|
|
|
|
|
|
|
cd "$DOMAIN_PATH" && eval "$_chk_pre_hook" |
|
|
); then |
|
|
); then |
|
|
_err "Error when run pre hook." |
|
|
_err "Error when run pre hook." |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if _hasfield "$Le_Webroot" "$NO_VALUE"; then |
|
|
|
|
|
|
|
|
if _hasfield "$_chk_web_roots" "$NO_VALUE"; then |
|
|
if ! _exists "nc"; then |
|
|
if ! _exists "nc"; then |
|
|
_err "Please install netcat(nc) tools first." |
|
|
_err "Please install netcat(nc) tools first." |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_debug Le_LocalAddress "$Le_LocalAddress" |
|
|
|
|
|
|
|
|
_debug Le_LocalAddress "$_chk_local_addr" |
|
|
|
|
|
|
|
|
alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') |
|
|
|
|
|
|
|
|
alldomains=$(echo "$_chk_main_domain,$_chk_alt_domains" | tr ',' ' ') |
|
|
_index=1 |
|
|
_index=1 |
|
|
_currentRoot="" |
|
|
_currentRoot="" |
|
|
_addrIndex=1 |
|
|
_addrIndex=1 |
|
|
for d in $alldomains; do |
|
|
for d in $alldomains; do |
|
|
_debug "Check for domain" "$d" |
|
|
_debug "Check for domain" "$d" |
|
|
_currentRoot="$(_getfield "$Le_Webroot" $_index)" |
|
|
|
|
|
|
|
|
_currentRoot="$(_getfield "$_chk_web_roots" $_index)" |
|
|
_debug "_currentRoot" "$_currentRoot" |
|
|
_debug "_currentRoot" "$_currentRoot" |
|
|
_index=$(_math $_index + 1) |
|
|
_index=$(_math $_index + 1) |
|
|
_checkport="" |
|
|
_checkport="" |
|
@ -2758,7 +2763,7 @@ _on_before_issue() { |
|
|
|
|
|
|
|
|
if [ "$_checkport" ]; then |
|
|
if [ "$_checkport" ]; then |
|
|
_debug _checkport "$_checkport" |
|
|
_debug _checkport "$_checkport" |
|
|
_checkaddr="$(_getfield "$Le_LocalAddress" $_addrIndex)" |
|
|
|
|
|
|
|
|
_checkaddr="$(_getfield "$_chk_local_addr" $_addrIndex)" |
|
|
_debug _checkaddr "$_checkaddr" |
|
|
_debug _checkaddr "$_checkaddr" |
|
|
|
|
|
|
|
|
_addrIndex="$(_math $_addrIndex + 1)" |
|
|
_addrIndex="$(_math $_addrIndex + 1)" |
|
@ -2777,7 +2782,7 @@ _on_before_issue() { |
|
|
fi |
|
|
fi |
|
|
done |
|
|
done |
|
|
|
|
|
|
|
|
if _hasfield "$Le_Webroot" "apache"; then |
|
|
|
|
|
|
|
|
if _hasfield "$_chk_web_roots" "apache"; then |
|
|
if ! _setApache; then |
|
|
if ! _setApache; then |
|
|
_err "set up apache error. Report error to me." |
|
|
_err "set up apache error. Report error to me." |
|
|
return 1 |
|
|
return 1 |
|
@ -2789,6 +2794,7 @@ _on_before_issue() { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
_on_issue_err() { |
|
|
_on_issue_err() { |
|
|
|
|
|
_chk_post_hook="$1" |
|
|
_debug _on_issue_err |
|
|
_debug _on_issue_err |
|
|
if [ "$LOG_FILE" ]; then |
|
|
if [ "$LOG_FILE" ]; then |
|
|
_err "Please check log file for more details: $LOG_FILE" |
|
|
_err "Please check log file for more details: $LOG_FILE" |
|
@ -2802,10 +2808,10 @@ _on_issue_err() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
#run the post hook |
|
|
#run the post hook |
|
|
if [ "$Le_PostHook" ]; then |
|
|
|
|
|
_info "Run post hook:'$Le_PostHook'" |
|
|
|
|
|
|
|
|
if [ "$_chk_post_hook" ]; then |
|
|
|
|
|
_info "Run post hook:'$_chk_post_hook'" |
|
|
if ! ( |
|
|
if ! ( |
|
|
cd "$DOMAIN_PATH" && eval "$Le_PostHook" |
|
|
|
|
|
|
|
|
cd "$DOMAIN_PATH" && eval "$_chk_post_hook" |
|
|
); then |
|
|
); then |
|
|
_err "Error when run post hook." |
|
|
_err "Error when run post hook." |
|
|
return 1 |
|
|
return 1 |
|
@ -2814,12 +2820,14 @@ _on_issue_err() { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
_on_issue_success() { |
|
|
_on_issue_success() { |
|
|
|
|
|
_chk_post_hook="$1" |
|
|
|
|
|
_chk_renew_hook="$2" |
|
|
_debug _on_issue_success |
|
|
_debug _on_issue_success |
|
|
#run the post hook |
|
|
#run the post hook |
|
|
if [ "$Le_PostHook" ]; then |
|
|
|
|
|
_info "Run post hook:'$Le_PostHook'" |
|
|
|
|
|
|
|
|
if [ "$_chk_post_hook" ]; then |
|
|
|
|
|
_info "Run post hook:'$_chk_post_hook'" |
|
|
if ! ( |
|
|
if ! ( |
|
|
cd "$DOMAIN_PATH" && eval "$Le_PostHook" |
|
|
|
|
|
|
|
|
cd "$DOMAIN_PATH" && eval "$_chk_post_hook" |
|
|
); then |
|
|
); then |
|
|
_err "Error when run post hook." |
|
|
_err "Error when run post hook." |
|
|
return 1 |
|
|
return 1 |
|
@ -2827,10 +2835,10 @@ _on_issue_success() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
#run renew hook |
|
|
#run renew hook |
|
|
if [ "$IS_RENEW" ] && [ "$Le_RenewHook" ]; then |
|
|
|
|
|
_info "Run renew hook:'$Le_RenewHook'" |
|
|
|
|
|
|
|
|
if [ "$IS_RENEW" ] && [ "$_chk_renew_hook" ]; then |
|
|
|
|
|
_info "Run renew hook:'$_chk_renew_hook'" |
|
|
if ! ( |
|
|
if ! ( |
|
|
cd "$DOMAIN_PATH" && eval "$Le_RenewHook" |
|
|
|
|
|
|
|
|
cd "$DOMAIN_PATH" && eval "$_chk_renew_hook" |
|
|
); then |
|
|
); then |
|
|
_err "Error when run renew hook." |
|
|
_err "Error when run renew hook." |
|
|
return 1 |
|
|
return 1 |
|
@ -3027,38 +3035,38 @@ issue() { |
|
|
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ " |
|
|
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ " |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
Le_Webroot="$1" |
|
|
|
|
|
Le_Domain="$2" |
|
|
|
|
|
Le_Alt="$3" |
|
|
|
|
|
if _contains "$Le_Domain" ","; then |
|
|
|
|
|
Le_Domain=$(echo "$2,$3" | cut -d , -f 1) |
|
|
|
|
|
Le_Alt=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//") |
|
|
|
|
|
fi |
|
|
|
|
|
Le_Keylength="$4" |
|
|
|
|
|
Le_RealCertPath="$5" |
|
|
|
|
|
Le_RealKeyPath="$6" |
|
|
|
|
|
Le_RealCACertPath="$7" |
|
|
|
|
|
Le_ReloadCmd="$8" |
|
|
|
|
|
Le_RealFullChainPath="$9" |
|
|
|
|
|
Le_PreHook="${10}" |
|
|
|
|
|
Le_PostHook="${11}" |
|
|
|
|
|
Le_RenewHook="${12}" |
|
|
|
|
|
Le_LocalAddress="${13}" |
|
|
|
|
|
|
|
|
_web_roots="$1" |
|
|
|
|
|
_main_domain="$2" |
|
|
|
|
|
_alt_domains="$3" |
|
|
|
|
|
if _contains "$_main_domain" ","; then |
|
|
|
|
|
_main_domain=$(echo "$2,$3" | cut -d , -f 1) |
|
|
|
|
|
_alt_domains=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//") |
|
|
|
|
|
fi |
|
|
|
|
|
_key_length="$4" |
|
|
|
|
|
_real_cert="$5" |
|
|
|
|
|
_real_key="$6" |
|
|
|
|
|
_real_ca="$7" |
|
|
|
|
|
_reload_cmd="$8" |
|
|
|
|
|
_real_fullchain="$9" |
|
|
|
|
|
_pre_hook="${10}" |
|
|
|
|
|
_post_hook="${11}" |
|
|
|
|
|
_renew_hook="${12}" |
|
|
|
|
|
_local_addr="${13}" |
|
|
|
|
|
|
|
|
#remove these later. |
|
|
#remove these later. |
|
|
if [ "$Le_Webroot" = "dns-cf" ]; then |
|
|
|
|
|
Le_Webroot="dns_cf" |
|
|
|
|
|
|
|
|
if [ "$_web_roots" = "dns-cf" ]; then |
|
|
|
|
|
_web_roots="dns_cf" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_Webroot" = "dns-dp" ]; then |
|
|
|
|
|
Le_Webroot="dns_dp" |
|
|
|
|
|
|
|
|
if [ "$_web_roots" = "dns-dp" ]; then |
|
|
|
|
|
_web_roots="dns_dp" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_Webroot" = "dns-cx" ]; then |
|
|
|
|
|
Le_Webroot="dns_cx" |
|
|
|
|
|
|
|
|
if [ "$_web_roots" = "dns-cx" ]; then |
|
|
|
|
|
_web_roots="dns_cx" |
|
|
fi |
|
|
fi |
|
|
_debug "Using api: $API" |
|
|
_debug "Using api: $API" |
|
|
|
|
|
|
|
|
if [ ! "$IS_RENEW" ]; then |
|
|
if [ ! "$IS_RENEW" ]; then |
|
|
_initpath "$Le_Domain" "$Le_Keylength" |
|
|
|
|
|
|
|
|
_initpath "$_main_domain" "$_key_length" |
|
|
mkdir -p "$DOMAIN_PATH" |
|
|
mkdir -p "$DOMAIN_PATH" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3070,7 +3078,7 @@ issue() { |
|
|
_debug _saved_domain "$_saved_domain" |
|
|
_debug _saved_domain "$_saved_domain" |
|
|
_saved_alt=$(_readdomainconf Le_Alt) |
|
|
_saved_alt=$(_readdomainconf Le_Alt) |
|
|
_debug _saved_alt "$_saved_alt" |
|
|
_debug _saved_alt "$_saved_alt" |
|
|
if [ "$_saved_domain,$_saved_alt" = "$Le_Domain,$Le_Alt" ]; then |
|
|
|
|
|
|
|
|
if [ "$_saved_domain,$_saved_alt" = "$_main_domain,$_alt_domains" ]; then |
|
|
_info "Domains not changed." |
|
|
_info "Domains not changed." |
|
|
_info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" |
|
|
_info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" |
|
|
_info "Add '$(__red '--force')' to force to renew." |
|
|
_info "Add '$(__red '--force')' to force to renew." |
|
@ -3081,16 +3089,16 @@ issue() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_savedomainconf "Le_Domain" "$Le_Domain" |
|
|
|
|
|
_savedomainconf "Le_Alt" "$Le_Alt" |
|
|
|
|
|
_savedomainconf "Le_Webroot" "$Le_Webroot" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_Domain" "$_main_domain" |
|
|
|
|
|
_savedomainconf "Le_Alt" "$_alt_domains" |
|
|
|
|
|
_savedomainconf "Le_Webroot" "$_web_roots" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_PreHook" "$Le_PreHook" |
|
|
|
|
|
_savedomainconf "Le_PostHook" "$Le_PostHook" |
|
|
|
|
|
_savedomainconf "Le_RenewHook" "$Le_RenewHook" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_PreHook" "$_pre_hook" |
|
|
|
|
|
_savedomainconf "Le_PostHook" "$_post_hook" |
|
|
|
|
|
_savedomainconf "Le_RenewHook" "$_renew_hook" |
|
|
|
|
|
|
|
|
if [ "$Le_LocalAddress" ]; then |
|
|
|
|
|
_savedomainconf "Le_LocalAddress" "$Le_LocalAddress" |
|
|
|
|
|
|
|
|
if [ "$_local_addr" ]; then |
|
|
|
|
|
_savedomainconf "Le_LocalAddress" "$_local_addr" |
|
|
else |
|
|
else |
|
|
_cleardomainconf "Le_LocalAddress" |
|
|
_cleardomainconf "Le_LocalAddress" |
|
|
fi |
|
|
fi |
|
@ -3098,15 +3106,15 @@ issue() { |
|
|
Le_API="$API" |
|
|
Le_API="$API" |
|
|
_savedomainconf "Le_API" "$Le_API" |
|
|
_savedomainconf "Le_API" "$Le_API" |
|
|
|
|
|
|
|
|
if [ "$Le_Alt" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_Alt="" |
|
|
|
|
|
|
|
|
if [ "$_alt_domains" = "$NO_VALUE" ]; then |
|
|
|
|
|
_alt_domains="" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_Keylength" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_Keylength="" |
|
|
|
|
|
|
|
|
if [ "$_key_length" = "$NO_VALUE" ]; then |
|
|
|
|
|
_key_length="" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if ! _on_before_issue; then |
|
|
|
|
|
|
|
|
if ! _on_before_issue "$_web_roots" "$_main_domain" "$_alt_domains" "$_pre_hook" "$_local_addr"; then |
|
|
_err "_on_before_issue." |
|
|
_err "_on_before_issue." |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
@ -3116,7 +3124,7 @@ issue() { |
|
|
|
|
|
|
|
|
if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then |
|
|
if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then |
|
|
if ! _regAccount "$_accountkeylength"; then |
|
|
if ! _regAccount "$_accountkeylength"; then |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
@ -3128,24 +3136,24 @@ issue() { |
|
|
else |
|
|
else |
|
|
_key=$(_readdomainconf Le_Keylength) |
|
|
_key=$(_readdomainconf Le_Keylength) |
|
|
_debug "Read key length:$_key" |
|
|
_debug "Read key length:$_key" |
|
|
if [ ! -f "$CERT_KEY_PATH" ] || [ "$Le_Keylength" != "$_key" ]; then |
|
|
|
|
|
if ! createDomainKey "$Le_Domain" "$Le_Keylength"; then |
|
|
|
|
|
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ]; then |
|
|
|
|
|
if ! createDomainKey "$_main_domain" "$_key_length"; then |
|
|
_err "Create domain key error." |
|
|
_err "Create domain key error." |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if ! _createcsr "$Le_Domain" "$Le_Alt" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then |
|
|
|
|
|
|
|
|
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then |
|
|
_err "Create CSR error." |
|
|
_err "Create CSR error." |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_savedomainconf "Le_Keylength" "$Le_Keylength" |
|
|
|
|
|
|
|
|
_savedomainconf "Le_Keylength" "$_key_length" |
|
|
|
|
|
|
|
|
vlist="$Le_Vlist" |
|
|
vlist="$Le_Vlist" |
|
|
|
|
|
|
|
@ -3153,12 +3161,12 @@ issue() { |
|
|
sep='#' |
|
|
sep='#' |
|
|
dvsep=',' |
|
|
dvsep=',' |
|
|
if [ -z "$vlist" ]; then |
|
|
if [ -z "$vlist" ]; then |
|
|
alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') |
|
|
|
|
|
|
|
|
alldomains=$(echo "$_main_domain,$_alt_domains" | tr ',' ' ') |
|
|
_index=1 |
|
|
_index=1 |
|
|
_currentRoot="" |
|
|
_currentRoot="" |
|
|
for d in $alldomains; do |
|
|
for d in $alldomains; do |
|
|
_info "Getting webroot for domain" "$d" |
|
|
_info "Getting webroot for domain" "$d" |
|
|
_w="$(echo $Le_Webroot | cut -d , -f $_index)" |
|
|
|
|
|
|
|
|
_w="$(echo $_web_roots | cut -d , -f $_index)" |
|
|
_debug _w "$_w" |
|
|
_debug _w "$_w" |
|
|
if [ "$_w" ]; then |
|
|
if [ "$_w" ]; then |
|
|
_currentRoot="$_w" |
|
|
_currentRoot="$_w" |
|
@ -3177,7 +3185,7 @@ issue() { |
|
|
|
|
|
|
|
|
if ! __get_domain_new_authz "$d"; then |
|
|
if ! __get_domain_new_authz "$d"; then |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3190,7 +3198,7 @@ issue() { |
|
|
if [ -z "$entry" ]; then |
|
|
if [ -z "$entry" ]; then |
|
|
_err "Error, can not get domain token $d" |
|
|
_err "Error, can not get domain token $d" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
token="$(printf "%s\n" "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" |
|
|
token="$(printf "%s\n" "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" |
|
@ -3271,7 +3279,7 @@ issue() { |
|
|
|
|
|
|
|
|
if [ "$?" != "0" ]; then |
|
|
if [ "$?" != "0" ]; then |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
dnsadded='1' |
|
|
dnsadded='1' |
|
@ -3283,7 +3291,7 @@ issue() { |
|
|
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." |
|
|
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." |
|
|
_err "Please add the TXT records to the domains, and retry again." |
|
|
_err "Please add the TXT records to the domains, and retry again." |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3329,12 +3337,12 @@ issue() { |
|
|
if [ "$vtype" = "$VTYPE_HTTP" ]; then |
|
|
if [ "$vtype" = "$VTYPE_HTTP" ]; then |
|
|
if [ "$_currentRoot" = "$NO_VALUE" ]; then |
|
|
if [ "$_currentRoot" = "$NO_VALUE" ]; then |
|
|
_info "Standalone mode server" |
|
|
_info "Standalone mode server" |
|
|
_ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" |
|
|
|
|
|
|
|
|
_ncaddr="$(_getfield "$_local_addr" "$_ncIndex")" |
|
|
_ncIndex="$(_math $_ncIndex + 1)" |
|
|
_ncIndex="$(_math $_ncIndex + 1)" |
|
|
_startserver "$keyauthorization" "$_ncaddr" & |
|
|
_startserver "$keyauthorization" "$_ncaddr" & |
|
|
if [ "$?" != "0" ]; then |
|
|
if [ "$?" != "0" ]; then |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
serverproc="$!" |
|
|
serverproc="$!" |
|
@ -3350,7 +3358,7 @@ issue() { |
|
|
BACKUP_NGINX_CONF="" |
|
|
BACKUP_NGINX_CONF="" |
|
|
if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then |
|
|
if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3385,7 +3393,7 @@ issue() { |
|
|
_err "$d:Can not write token to file : $wellknown_path/$token" |
|
|
_err "$d:Can not write token to file : $wellknown_path/$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3424,13 +3432,13 @@ issue() { |
|
|
_SAN_B="$_x.$_y.acme.invalid" |
|
|
_SAN_B="$_x.$_y.acme.invalid" |
|
|
_debug2 _SAN_B "$_SAN_B" |
|
|
_debug2 _SAN_B "$_SAN_B" |
|
|
|
|
|
|
|
|
_ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" |
|
|
|
|
|
|
|
|
_ncaddr="$(_getfield "$_local_addr" "$_ncIndex")" |
|
|
_ncIndex="$(_math "$_ncIndex" + 1)" |
|
|
_ncIndex="$(_math "$_ncIndex" + 1)" |
|
|
if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then |
|
|
if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then |
|
|
_err "Start tls server error." |
|
|
_err "Start tls server error." |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
@ -3439,7 +3447,7 @@ issue() { |
|
|
_err "$d:Can not get challenge: $response" |
|
|
_err "$d:Can not get challenge: $response" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3447,7 +3455,7 @@ issue() { |
|
|
_err "$d:Challenge error: $response" |
|
|
_err "$d:Challenge error: $response" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3474,7 +3482,7 @@ issue() { |
|
|
_err "$d:Verify error:$response" |
|
|
_err "$d:Verify error:$response" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
_debug2 original "$response" |
|
|
_debug2 original "$response" |
|
@ -3509,7 +3517,7 @@ issue() { |
|
|
fi |
|
|
fi |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3519,7 +3527,7 @@ issue() { |
|
|
_err "$d:Verify error:$response" |
|
|
_err "$d:Verify error:$response" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3533,7 +3541,7 @@ issue() { |
|
|
|
|
|
|
|
|
if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then |
|
|
if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then |
|
|
_err "Sign failed." |
|
|
_err "Sign failed." |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3575,7 +3583,7 @@ issue() { |
|
|
if [ -z "$Le_LinkCert" ]; then |
|
|
if [ -z "$Le_LinkCert" ]; then |
|
|
response="$(echo "$response" | _dbase64 "multiline" | _normalizeJson)" |
|
|
response="$(echo "$response" | _dbase64 "multiline" | _normalizeJson)" |
|
|
_err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" |
|
|
_err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" |
|
|
_on_issue_err |
|
|
|
|
|
|
|
|
_on_issue_err "$_post_hook" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -3637,10 +3645,15 @@ issue() { |
|
|
Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) |
|
|
Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) |
|
|
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" |
|
|
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" |
|
|
|
|
|
|
|
|
_on_issue_success |
|
|
|
|
|
|
|
|
_on_issue_success "$_post_hook" "$_renew_hook" |
|
|
|
|
|
|
|
|
if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ]; then |
|
|
|
|
|
_installcert |
|
|
|
|
|
|
|
|
if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then |
|
|
|
|
|
_savedomainconf "Le_RealCertPath" "$_real_cert" |
|
|
|
|
|
_savedomainconf "Le_RealCACertPath" "$_real_ca" |
|
|
|
|
|
_savedomainconf "Le_RealKeyPath" "$_real_key" |
|
|
|
|
|
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" |
|
|
|
|
|
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain" |
|
|
|
|
|
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
@ -3926,104 +3939,107 @@ deploy() { |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
installcert() { |
|
|
installcert() { |
|
|
Le_Domain="$1" |
|
|
|
|
|
if [ -z "$Le_Domain" ]; then |
|
|
|
|
|
|
|
|
_main_domain="$1" |
|
|
|
|
|
if [ -z "$_main_domain" ]; then |
|
|
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]" |
|
|
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
Le_RealCertPath="$2" |
|
|
|
|
|
Le_RealKeyPath="$3" |
|
|
|
|
|
Le_RealCACertPath="$4" |
|
|
|
|
|
Le_ReloadCmd="$5" |
|
|
|
|
|
Le_RealFullChainPath="$6" |
|
|
|
|
|
|
|
|
_real_cert="$2" |
|
|
|
|
|
_real_key="$3" |
|
|
|
|
|
_real_ca="$4" |
|
|
|
|
|
_reload_cmd="$5" |
|
|
|
|
|
_real_fullchain="$6" |
|
|
_isEcc="$7" |
|
|
_isEcc="$7" |
|
|
|
|
|
|
|
|
_initpath "$Le_Domain" "$_isEcc" |
|
|
|
|
|
|
|
|
_initpath "$_main_domain" "$_isEcc" |
|
|
if [ ! -d "$DOMAIN_PATH" ]; then |
|
|
if [ ! -d "$DOMAIN_PATH" ]; then |
|
|
_err "Domain is not valid:'$Le_Domain'" |
|
|
|
|
|
|
|
|
_err "Domain is not valid:'$_main_domain'" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_installcert |
|
|
|
|
|
|
|
|
_savedomainconf "Le_RealCertPath" "$_real_cert" |
|
|
|
|
|
_savedomainconf "Le_RealCACertPath" "$_real_ca" |
|
|
|
|
|
_savedomainconf "Le_RealKeyPath" "$_real_key" |
|
|
|
|
|
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" |
|
|
|
|
|
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain" |
|
|
|
|
|
|
|
|
|
|
|
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
_installcert() { |
|
|
_installcert() { |
|
|
_savedomainconf "Le_RealCertPath" "$Le_RealCertPath" |
|
|
|
|
|
_savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" |
|
|
|
|
|
_savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" |
|
|
|
|
|
_savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd" |
|
|
|
|
|
_savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath" |
|
|
|
|
|
|
|
|
_main_domain="$1" |
|
|
|
|
|
_real_cert="$2" |
|
|
|
|
|
_real_key="$3" |
|
|
|
|
|
_real_ca="$4" |
|
|
|
|
|
_reload_cmd="$5" |
|
|
|
|
|
_real_fullchain="$6" |
|
|
|
|
|
|
|
|
if [ "$Le_RealCertPath" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_RealCertPath="" |
|
|
|
|
|
|
|
|
if [ "$_real_cert" = "$NO_VALUE" ]; then |
|
|
|
|
|
_real_cert="" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_RealKeyPath" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_RealKeyPath="" |
|
|
|
|
|
|
|
|
if [ "$_real_key" = "$NO_VALUE" ]; then |
|
|
|
|
|
_real_key="" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_RealCACertPath" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_RealCACertPath="" |
|
|
|
|
|
|
|
|
if [ "$_real_ca" = "$NO_VALUE" ]; then |
|
|
|
|
|
_real_ca="" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_ReloadCmd" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_ReloadCmd="" |
|
|
|
|
|
|
|
|
if [ "$_reload_cmd" = "$NO_VALUE" ]; then |
|
|
|
|
|
_reload_cmd="" |
|
|
fi |
|
|
fi |
|
|
if [ "$Le_RealFullChainPath" = "$NO_VALUE" ]; then |
|
|
|
|
|
Le_RealFullChainPath="" |
|
|
|
|
|
|
|
|
if [ "$_real_fullchain" = "$NO_VALUE" ]; then |
|
|
|
|
|
_real_fullchain="" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RealCertPath" ]; then |
|
|
|
|
|
|
|
|
|
|
|
_info "Installing cert to:$Le_RealCertPath" |
|
|
|
|
|
if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ]; then |
|
|
|
|
|
|
|
|
if [ "$_real_cert" ]; then |
|
|
|
|
|
_info "Installing cert to:$_real_cert" |
|
|
|
|
|
if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
cp "$Le_RealCertPath" "$DOMAIN_BACKUP_PATH/cert.bak" |
|
|
|
|
|
|
|
|
cp "$_real_cert" "$DOMAIN_BACKUP_PATH/cert.bak" |
|
|
fi |
|
|
fi |
|
|
cat "$CERT_PATH" >"$Le_RealCertPath" |
|
|
|
|
|
|
|
|
cat "$CERT_PATH" >"$_real_cert" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RealCACertPath" ]; then |
|
|
|
|
|
|
|
|
|
|
|
_info "Installing CA to:$Le_RealCACertPath" |
|
|
|
|
|
if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ]; then |
|
|
|
|
|
echo "" >>"$Le_RealCACertPath" |
|
|
|
|
|
cat "$CA_CERT_PATH" >>"$Le_RealCACertPath" |
|
|
|
|
|
|
|
|
if [ "$_real_ca" ]; then |
|
|
|
|
|
_info "Installing CA to:$_real_ca" |
|
|
|
|
|
if [ "$_real_ca" = "$_real_cert" ]; then |
|
|
|
|
|
echo "" >>"$_real_ca" |
|
|
|
|
|
cat "$CA_CERT_PATH" >>"$_real_ca" |
|
|
else |
|
|
else |
|
|
if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ]; then |
|
|
|
|
|
|
|
|
if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
cp "$Le_RealCACertPath" "$DOMAIN_BACKUP_PATH/ca.bak" |
|
|
|
|
|
|
|
|
cp "$_real_ca" "$DOMAIN_BACKUP_PATH/ca.bak" |
|
|
fi |
|
|
fi |
|
|
cat "$CA_CERT_PATH" >"$Le_RealCACertPath" |
|
|
|
|
|
|
|
|
cat "$CA_CERT_PATH" >"$_real_ca" |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RealKeyPath" ]; then |
|
|
|
|
|
|
|
|
|
|
|
_info "Installing key to:$Le_RealKeyPath" |
|
|
|
|
|
if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ]; then |
|
|
|
|
|
|
|
|
if [ "$_real_key" ]; then |
|
|
|
|
|
_info "Installing key to:$_real_key" |
|
|
|
|
|
if [ -f "$_real_key" ] && [ ! "$IS_RENEW" ]; then |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
cp "$Le_RealKeyPath" "$DOMAIN_BACKUP_PATH/key.bak" |
|
|
|
|
|
|
|
|
cp "$_real_key" "$DOMAIN_BACKUP_PATH/key.bak" |
|
|
fi |
|
|
fi |
|
|
cat "$CERT_KEY_PATH" >"$Le_RealKeyPath" |
|
|
|
|
|
|
|
|
cat "$CERT_KEY_PATH" >"$_real_key" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RealFullChainPath" ]; then |
|
|
|
|
|
|
|
|
|
|
|
_info "Installing full chain to:$Le_RealFullChainPath" |
|
|
|
|
|
if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ]; then |
|
|
|
|
|
|
|
|
if [ "$_real_fullchain" ]; then |
|
|
|
|
|
_info "Installing full chain to:$_real_fullchain" |
|
|
|
|
|
if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
mkdir -p "$DOMAIN_BACKUP_PATH" |
|
|
cp "$Le_RealFullChainPath" "$DOMAIN_BACKUP_PATH/fullchain.bak" |
|
|
|
|
|
|
|
|
cp "$_real_fullchain" "$DOMAIN_BACKUP_PATH/fullchain.bak" |
|
|
fi |
|
|
fi |
|
|
cat "$CERT_FULLCHAIN_PATH" >"$Le_RealFullChainPath" |
|
|
|
|
|
|
|
|
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_ReloadCmd" ]; then |
|
|
|
|
|
_info "Run Le_ReloadCmd: $Le_ReloadCmd" |
|
|
|
|
|
|
|
|
if [ "$_reload_cmd" ]; then |
|
|
|
|
|
_info "Run reload cmd: $_reload_cmd" |
|
|
if ( |
|
|
if ( |
|
|
export CERT_PATH |
|
|
export CERT_PATH |
|
|
export CERT_KEY_PATH |
|
|
export CERT_KEY_PATH |
|
|
export CA_CERT_PATH |
|
|
export CA_CERT_PATH |
|
|
export CERT_FULLCHAIN_PATH |
|
|
export CERT_FULLCHAIN_PATH |
|
|
cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd" |
|
|
|
|
|
|
|
|
cd "$DOMAIN_PATH" && eval "$_reload_cmd" |
|
|
); then |
|
|
); then |
|
|
_info "$(__green "Reload success")" |
|
|
_info "$(__green "Reload success")" |
|
|
else |
|
|
else |
|
|