diff --git a/acme.sh b/acme.sh index 1e6b0a56..5a0ee4e7 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.0 +VER=2.6.1 PROJECT_NAME="acme.sh" @@ -482,6 +482,42 @@ _createkey() { fi } + +#domain +_is_idn() { + _is_idn_d="$1" + echo "$_is_idn_d" | grep "[^0-9a-zA-Z.,]" >/dev/null 2>&1 +} + +#aa.com +#aa.com,bb.com,cc.com +_idn() { + __idn_d="$1" + if ! _is_idn "$__idn_d" ; then + printf "%s" "$__idn_d" + return 0 + fi + + if _exists idn ; then + if _contains "$__idn_d" ',' ; then + _i_first="1" + for f in $(echo "$__idn_d" | tr ',' ' ') ; do + [ -z "$f" ] && continue + if [ -z "$_i_first" ] ; then + printf "%s" "," + else + _i_first="" + fi + idn "$f" | tr -d "\r\n" + done + else + idn "$__idn_d" | tr -d "\r\n" + fi + else + _err "Please install idn to process IDN names." + fi +} + #_createcsr cn san_list keyfile csrfile conf _createcsr() { _debug _createcsr @@ -502,6 +538,8 @@ _createcsr() { #single domain _info "Single domain" "$domain" else + domainlist="$(_idn $domainlist)" + _debug2 domainlist "$domainlist" if _contains "$domainlist" "," ; then alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" else @@ -515,7 +553,10 @@ _createcsr() { _savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable" printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf" fi - openssl req -new -sha256 -key "$csrkey" -subj "/CN=$domain" -config "$csrconf" -out "$csr" + + _csr_cn="$(_idn "$domain")" + _debug2 _csr_cn "$_csr_cn" + openssl req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" } #_signcsr key csr conf cert @@ -2144,7 +2185,7 @@ issue() { _info "Getting new-authz for domain" $d - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}" ; then + if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$d")\"}}" ; then _err "Can not get domain token." _clearup _on_issue_err @@ -3027,7 +3068,7 @@ _deactivate() { do _info "Deactivate: $_d_domain" _d_i="$(_math $_d_i + 1)" - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$_d_domain\"}}" ; then + if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_d_domain")\"}}" ; then _err "Can not get domain token." return 1 fi @@ -3727,6 +3768,10 @@ _process() { _err "'$_dvalue' is not a valid domain for parameter '$1'" return 1 fi + if _is_idn "$_dvalue" && ! _exists idn ; then + _err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first." + return 1 + fi if [ -z "$_domain" ] ; then _domain="$_dvalue"