diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml
new file mode 100644
index 00000000..a339f727
--- /dev/null
+++ b/.github/workflows/PebbleStrict.yml
@@ -0,0 +1,27 @@
+name: PebbleStrict
+on: [push, pull_request]
+
+jobs:
+ PebbleStrict:
+ runs-on: ubuntu-latest
+ env:
+ TestingDomain: example.com
+ TestingAltDomains: www.example.com
+ ACME_DIRECTORY: https://localhost:14000/dir
+ HTTPS_INSECURE: 1
+ Le_HTTPPort: 5002
+ TEST_LOCAL: 1
+ TEST_CA: "Pebble Intermediate CA"
+
+ steps:
+ - uses: actions/checkout@v2
+ - name: Install tools
+ run: sudo apt-get install -y socat
+ - name: Run Pebble
+ run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
+ - name: Set up Pebble
+ run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
+ - name: Clone acmetest
+ run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
+ - name: Run acmetest
+ run: cd ../acmetest && ./letest.sh
\ No newline at end of file
diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml
index f1c0025d..cf65f4a6 100644
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/dockerhub.yml
@@ -2,15 +2,45 @@
name: Build DockerHub
on:
push:
- branches: [ master, dev ]
+ branches:
+ - '*'
+ tags:
+ - '*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- - name: trigger
- run: curl -X POST https://hub.docker.com/api/build/v1/source/1813a660-2ee5-4583-a238-dd54e9a6ebac/trigger/c8cd9f1f-f269-45bc-9750-a08327257f62/call/
-
-
+ - name: checkout code
+ uses: actions/checkout@v2
+ - name: install buildx
+ id: buildx
+ uses: crazy-max/ghaction-docker-buildx@v3
+ with:
+ buildx-version: latest
+ qemu-version: latest
+ - name: login to docker hub
+ run: |
+ echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+ - name: build and push the image
+ run: |
+ DOCKER_IMAGE=neilpang/acme.sh
+
+ if [[ $GITHUB_REF == refs/tags/* ]]; then
+ DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
+ fi
+
+ if [[ $GITHUB_REF == refs/heads/* ]]; then
+ DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/}
+ if [[ $DOCKER_IMAGE_TAG == master ]]; then
+ DOCKER_IMAGE_TAG=latest
+ AUTO_UPGRADE=1
+ fi
+ fi
+ docker buildx build \
+ --tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
+ --output "type=image,push=true" \
+ --build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
+ --platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 .
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
index 529f41e1..a6f82d9e 100644
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -1,4 +1,4 @@
-name: shellcheck
+name: Shellcheck
on: [push, pull_request]
jobs:
diff --git a/Dockerfile b/Dockerfile
index f00d03bd..4cea3c06 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,9 @@ RUN apk update -f \
ENV LE_CONFIG_HOME /acme.sh
-ENV AUTO_UPGRADE 1
+ARG AUTO_UPGRADE=1
+
+ENV AUTO_UPGRADE $AUTO_UPGRADE
#Install
ADD ./ /install_acme.sh/
diff --git a/README.md b/README.md
index 6a42fae6..812e5602 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,15 @@
-# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
+# An ACME Shell script: acme.sh
+[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)
+![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
+![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
+![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
+
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
-![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg)
+
acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial
diff --git a/acme.sh b/acme.sh
index 1ba8734a..b5fafa4b 100755
--- a/acme.sh
+++ b/acme.sh
@@ -36,8 +36,8 @@ DEFAULT_CA=$CA_LETSENCRYPT_V2
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
CA_NAMES="
-Letsencrypt.org,letsencrypt
-Letsencrypt.org_test,letsencrypt_test,letsencrypttest
+LetsEncrypt.org,letsencrypt
+LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
BuyPass.com,buypass
BuyPass.com_test,buypass_test,buypasstest
ZeroSSL.com,zerossl
@@ -1375,7 +1375,7 @@ toPkcs() {
domain="$1"
pfxPassword="$2"
if [ -z "$domain" ]; then
- _usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]"
+ _usage "Usage: $PROJECT_ENTRY --to-pkcs12 --domain [--password ] [--ecc]"
return 1
fi
@@ -1396,7 +1396,7 @@ toPkcs8() {
domain="$1"
if [ -z "$domain" ]; then
- _usage "Usage: $PROJECT_ENTRY --toPkcs8 -d domain [--ecc]"
+ _usage "Usage: $PROJECT_ENTRY --to-pkcs8 --domain [--ecc]"
return 1
fi
@@ -1416,7 +1416,7 @@ toPkcs8() {
createAccountKey() {
_info "Creating account key"
if [ -z "$1" ]; then
- _usage "Usage: $PROJECT_ENTRY --createAccountKey --accountkeylength 2048"
+ _usage "Usage: $PROJECT_ENTRY --create-account-key [--accountkeylength ]"
return
fi
@@ -1459,7 +1459,7 @@ _create_account_key() {
createDomainKey() {
_info "Creating domain key"
if [ -z "$1" ]; then
- _usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]"
+ _usage "Usage: $PROJECT_ENTRY --create-domain-key --domain [--keylength ]"
return
fi
@@ -1499,7 +1499,7 @@ createDomainKey() {
createCSR() {
_info "Creating csr"
if [ -z "$1" ]; then
- _usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]"
+ _usage "Usage: $PROJECT_ENTRY --create-csr --domain [--domain ...]"
return
fi
@@ -2888,7 +2888,7 @@ Allow from all
if _restoreApache; then
_err "The apache config file is restored."
else
- _err "Sorry, The apache config file can not be restored, please report bug."
+ _err "Sorry, the apache config file can not be restored, please report bug."
fi
return 1
fi
@@ -4012,7 +4012,7 @@ _match_issuer() {
#webroot, domain domainlist keylength
issue() {
if [ -z "$2" ]; then
- _usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
+ _usage "Usage: $PROJECT_ENTRY --issue --domain --webroot "
return 1
fi
if [ -z "$1" ]; then
@@ -4993,7 +4993,7 @@ _split_cert_chain() {
renew() {
Le_Domain="$1"
if [ -z "$Le_Domain" ]; then
- _usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]"
+ _usage "Usage: $PROJECT_ENTRY --renew --domain [--ecc]"
return 1
fi
@@ -5003,7 +5003,7 @@ renew() {
_info "$(__green "Renew: '$Le_Domain'")"
if [ ! -f "$DOMAIN_CONF" ]; then
- _info "'$Le_Domain' is not a issued domain, skip."
+ _info "'$Le_Domain' is not an issued domain, skip."
return $RENEW_SKIP
fi
@@ -5049,6 +5049,7 @@ renew() {
Le_PreHook="$(_readdomainconf Le_PreHook)"
Le_PostHook="$(_readdomainconf Le_PostHook)"
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
+ Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain"
res="$?"
if [ "$res" != "0" ]; then
@@ -5081,7 +5082,7 @@ renewAll() {
for di in "${CERT_HOME}"/*.*/; do
_debug di "$di"
if ! [ -d "$di" ]; then
- _debug "Not directory, skip: $di"
+ _debug "Not a directory, skip: $di"
continue
fi
d=$(basename "$di")
@@ -5184,7 +5185,7 @@ signcsr() {
_csrfile="$1"
_csrW="$2"
if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then
- _usage "Usage: $PROJECT_ENTRY --signcsr --csr mycsr.csr -w /path/to/webroot/a.com/ "
+ _usage "Usage: $PROJECT_ENTRY --sign-csr --csr --webroot "
return 1
fi
@@ -5252,7 +5253,7 @@ showcsr() {
_csrfile="$1"
_csrd="$2"
if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then
- _usage "Usage: $PROJECT_ENTRY --showcsr --csr mycsr.csr"
+ _usage "Usage: $PROJECT_ENTRY --show-csr --csr "
return 1
fi
@@ -5369,7 +5370,7 @@ deploy() {
_hooks="$2"
_isEcc="$3"
if [ -z "$_hooks" ]; then
- _usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] "
+ _usage "Usage: $PROJECT_ENTRY --deploy --domain --deploy-hook [--ecc] "
return 1
fi
@@ -5390,7 +5391,7 @@ deploy() {
installcert() {
_main_domain="$1"
if [ -z "$_main_domain" ]; then
- _usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchain-file fullchain-path]"
+ _usage "Usage: $PROJECT_ENTRY --install-cert --domain [--ecc] [--cert-file ] [--key-file ] [--ca-file ] [ --reloadcmd ] [--fullchain-file ]"
return 1
fi
@@ -5669,7 +5670,7 @@ uninstallcronjob() {
revoke() {
Le_Domain="$1"
if [ -z "$Le_Domain" ]; then
- _usage "Usage: $PROJECT_ENTRY --revoke -d domain.com [--ecc]"
+ _usage "Usage: $PROJECT_ENTRY --revoke --domain [--ecc]"
return 1
fi
@@ -5740,7 +5741,7 @@ revoke() {
remove() {
Le_Domain="$1"
if [ -z "$Le_Domain" ]; then
- _usage "Usage: $PROJECT_ENTRY --remove -d domain.com [--ecc]"
+ _usage "Usage: $PROJECT_ENTRY --remove --domain [--ecc]"
return 1
fi
@@ -5900,7 +5901,7 @@ deactivate() {
_initAPI
_debug _d_domain_list "$_d_domain_list"
if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then
- _usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]"
+ _usage "Usage: $PROJECT_ENTRY --deactivate --domain [--domain ...]"
return 1
fi
for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do
@@ -6360,7 +6361,7 @@ setnotify() {
_initpath
if [ -z "$_nhook$_nlevel$_nmode" ]; then
- _usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook mailgun] [--notify-level $NOTIFY_LEVEL_DEFAULT] [--notify-mode $NOTIFY_MODE_DEFAULT]"
+ _usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook ] [--notify-level <0|1|2|3>] [--notify-mode <0|1>]"
_usage "$_NOTIFY_WIKI"
return 1
fi
@@ -6399,146 +6400,140 @@ setnotify() {
showhelp() {
_initpath
version
- echo "Usage: $PROJECT_ENTRY command ...[parameters]....
+ echo "Usage: $PROJECT_ENTRY ... [parameters ...]
Commands:
- --help, -h Show this help message.
- --version, -v Show version info.
+ -h, --help Show this help message.
+ -v, --version Show version info.
--install Install $PROJECT_NAME to your system.
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
--issue Issue a cert.
- --signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server.
- --install-cert Install the issued cert to apache/nginx or any other server.
- --renew, -r Renew a cert.
+ -i, --install-cert Install the issued cert to apache/nginx or any other server.
+ -r, --renew Renew a cert.
--renew-all Renew all the certs.
--revoke Revoke a cert.
--remove Remove the cert from list of certs known to $PROJECT_NAME.
--list List all the certs.
- --showcsr Show the content of a csr.
- --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
- --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
- --cron Run cron job to renew all the certs.
- --toPkcs Export the certificate and key to a pfx file.
- --toPkcs8 Convert to pkcs8 format.
+ --to-pkcs12 Export the certificate and key to a pfx file.
+ --to-pkcs8 Convert to pkcs8 format.
+ --sign-csr Issue a cert from an existing csr.
+ --show-csr Show the content of a csr.
+ -ccr, --create-csr Create CSR, professional use.
+ --create-domain-key Create an domain private key, professional use.
--update-account Update account info.
--register-account Register account key.
--deactivate-account Deactivate the account.
--create-account-key Create an account private key, professional use.
- --create-domain-key Create an domain private key, professional use.
- --createCSR, -ccsr Create CSR , professional use.
- --deactivate Deactivate the domain authz, professional use.
+ --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
+ --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
+ --cron Run cron job to renew all the certs.
--set-notify Set the cron notification hook, level or mode.
- --set-default-ca Used with '--server' , to set the default CA to use to use.
+ --deactivate Deactivate the domain authz, professional use.
+ --set-default-ca Used with '--server', to set the default CA to use to use.
Parameters:
- --domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
- --challenge-alias domain.tld The challenge domain alias for DNS alias mode.
+ -d, --domain Specifies a domain, used to issue, renew or revoke etc.
+ --challenge-alias The challenge domain alias for DNS alias mode.
See: $_DNS_ALIAS_WIKI
- --domain-alias domain.tld The domain alias for DNS alias mode.
+ --domain-alias The domain alias for DNS alias mode.
See: $_DNS_ALIAS_WIKI
- --preferred-chain CHAIN If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
+ --preferred-chain If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used. (default: empty)
See: $_PREFERRED_CHAIN_WIKI
- --force, -f Used to force to install or force to renew a cert immediately.
- --staging, --test Use staging server, just for test.
- --debug Output debug info.
+ -f, --force Force install, force cert renewal or override sudo restrictions.
+ --staging, --test Use staging server, for testing.
+ --debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted.
--output-insecure Output all the sensitive messages.
By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
-
- --webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
+ -w, --webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--alpn Use standalone alpn mode.
--stateless Use stateless mode.
See: $_STATELESS_WIKI
--apache Use apache mode.
- --dns [dns_hook] Use dns mode or dns api.
+ --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
See: $_DNS_API_WIKI
- --dnssleep 300 The time in seconds to wait for all the txt records to propagate in dns api mode.
+ --dnssleep The time in seconds to wait for all the txt records to propagate in dns api mode.
It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically.
-
- --keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
- --accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
- --log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
- --log-level 1|2 Specifies the log level, default is 1.
- --syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
-
- --eab-kid EAB_KID Key Identifier for External Account Binding.
- --eab-hmac-key EAB_HMAC_KEY HMAC key for External Account Binding.
+ -k, --keylength Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
+ -ak, --accountkeylength Specifies the account key length: 2048, 3072, 4096
+ --log [file] Specifies the log file. Defaults to \"$DEFAULT_LOG_FILE\" if argument is omitted.
+ --log-level <1|2> Specifies the log level, default is 1.
+ --syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
+ --eab-kid Key Identifier for External Account Binding.
+ --eab-hmac-key HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
- --cert-file After issue/renew, the cert will be copied to this path.
- --key-file After issue/renew, the key will be copied to this path.
- --ca-file After issue/renew, the intermediate cert will be copied to this path.
- --fullchain-file After issue/renew, the fullchain cert will be copied to this path.
+ --cert-file Path to copy the cert file to after issue/renew..
+ --key-file Path to copy the key file to after issue/renew.
+ --ca-file Path to copy the intermediate cert file to after issue/renew.
+ --fullchain-file Path to copy the fullchain cert file to after issue/renew.
+ --reloadcmd Command to execute after issue/renew to reload the server.
- --reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
-
- --server SERVER ACME Directory Resource URI. (default: $DEFAULT_CA)
+ --server ACME Directory Resource URI. (default: $DEFAULT_CA)
See: $_SERVER_WIKI
- --accountconf Specifies a customized account config file.
- --home Specifies the home dir for $PROJECT_NAME.
- --cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
- --config-home Specifies the home dir to save all the configurations.
- --useragent Specifies the user agent string. it will be saved for future use too.
- --accountemail, -m Specifies the account email, only valid for the '--install' and '--update-account' command.
- --accountkey Specifies the account key path, only valid for the '--install' command.
- --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
- --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
- --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
- --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
+ --accountconf Specifies a customized account config file.
+ --home Specifies the home dir for $PROJECT_NAME.
+ --cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
+ --config-home Specifies the home dir to save all the configurations.
+ --useragent Specifies the user agent string. it will be saved for future use too.
+ -m, --accountemail Specifies the account email, only valid for the '--install' and '--update-account' command.
+ --accountkey Specifies the account key path, only valid for the '--install' command.
+ --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
+ --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
+ --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
+ --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format.
- --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
+ -se, --stop-renew-on-error Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
- --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
- --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
+ --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
+ --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
--nocron Only valid for '--install' command, which means: do not install the default cron job.
In this case, the certs will not be renewed automatically.
-
--noprofile Only valid for '--install' command, which means: do not install aliases to user profile.
--no-color Do not output color text.
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
- --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
- --csr Specifies the input csr.
- --pre-hook Command to be run before obtaining any certificates.
- --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
- --renew-hook Command to be run once for each successfully renewed certificate.
- --deploy-hook The hook file to deploy cert
- --ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
- --always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default.
- --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
+ --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr'
+ --csr Specifies the input csr.
+ --pre-hook Command to be run before obtaining any certificates.
+ --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
+ --renew-hook Command to be run after each successfully renewed certificate.
+ --deploy-hook The hook file to deploy cert
+ --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
+ --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
+ --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6.
- --openssl-bin Specifies a custom openssl bin location.
+ --openssl-bin Specifies a custom openssl bin location.
--use-wget Force to use wget, if you have both curl and wget installed.
- --yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode.
+ --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode.
See: $_DNS_MANUAL_WIKI
- --branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to.
-
- --notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
- 0: disabled, no notification will be sent.
- 1: send notifications only when there is an error.
- 2: send notifications when a cert is successfully renewed, or there is an error.
- 3: send notifications when a cert is skipped, renewed, or error.
-
- --notify-mode 0|1 Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
- 0: Bulk mode. Send all the domain's notifications in one message(mail).
- 1: Cert mode. Send a message for every single cert.
-
- --notify-hook [hookname] Set the notify hook
- --revoke-reason [0-10] The reason for '--revoke' command.
+ -b, --branch Only valid for '--upgrade' command, specifies the branch name to upgrade to.
+ --notify-level <0|1|2|3> Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
+ 0: disabled, no notification will be sent.
+ 1: send notifications only when there is an error.
+ 2: send notifications when a cert is successfully renewed, or there is an error.
+ 3: send notifications when a cert is skipped, renewed, or error.
+ --notify-mode <0|1> Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
+ 0: Bulk mode. Send all the domain's notifications in one message(mail).
+ 1: Cert mode. Send a message for every single cert.
+ --notify-hook Set the notify hook
+ --revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command.
See: $_REVOKE_WIKI
+ --password Add a password to exported pfx file. Use with --to-pkcs12.
+
"
}
@@ -6796,19 +6791,19 @@ _process() {
--deploy)
_CMD="deploy"
;;
- --signcsr)
+ --sign-csr | --signcsr)
_CMD="signcsr"
;;
- --showcsr)
+ --show-csr | --showcsr)
_CMD="showcsr"
;;
- --installcert | -i | --install-cert)
+ -i | --install-cert | --installcert)
_CMD="installcert"
;;
--renew | -r)
_CMD="renew"
;;
- --renewAll | --renewall | --renew-all)
+ --renew-all | --renewAll | --renewall)
_CMD="renewAll"
;;
--revoke)
@@ -6820,37 +6815,37 @@ _process() {
--list)
_CMD="list"
;;
- --installcronjob | --install-cronjob)
+ --install-cronjob | --installcronjob)
_CMD="installcronjob"
;;
- --uninstallcronjob | --uninstall-cronjob)
+ --uninstall-cronjob | --uninstallcronjob)
_CMD="uninstallcronjob"
;;
--cron)
_CMD="cron"
;;
- --toPkcs)
+ --to-pkcs12 | --to-pkcs | --toPkcs)
_CMD="toPkcs"
;;
- --toPkcs8)
+ --to-pkcs8 | --toPkcs8)
_CMD="toPkcs8"
;;
- --createAccountKey | --createaccountkey | -cak | --create-account-key)
+ --create-account-key | --createAccountKey | --createaccountkey | -cak)
_CMD="createAccountKey"
;;
- --createDomainKey | --createdomainkey | -cdk | --create-domain-key)
+ --create-domain-key | --createDomainKey | --createdomainkey | -cdk)
_CMD="createDomainKey"
;;
- --createCSR | --createcsr | -ccr)
+ -ccr | --create-csr | --createCSR | --createcsr)
_CMD="createCSR"
;;
--deactivate)
_CMD="deactivate"
;;
- --updateaccount | --update-account)
+ --update-account | --updateaccount)
_CMD="updateaccount"
;;
- --registeraccount | --register-account)
+ --register-account | --registeraccount)
_CMD="registeraccount"
;;
--deactivate-account)
@@ -6862,7 +6857,7 @@ _process() {
--set-default-ca)
_CMD="setdefaultca"
;;
- --domain | -d)
+ -d | --domain)
_dvalue="$2"
if [ "$_dvalue" ]; then
@@ -6893,7 +6888,7 @@ _process() {
shift
;;
- --force | -f)
+ -f | --force)
FORCE="1"
;;
--staging | --test)
@@ -6915,7 +6910,7 @@ _process() {
--output-insecure)
export OUTPUT_INSECURE=1
;;
- --webroot | -w)
+ -w | --webroot)
wvalue="$2"
if [ -z "$_webroot" ]; then
_webroot="$wvalue"
@@ -7005,7 +7000,7 @@ _process() {
_keylength="$2"
shift
;;
- --accountkeylength | -ak)
+ -ak | --accountkeylength)
_accountkeylength="$2"
shift
;;
@@ -7043,7 +7038,7 @@ _process() {
LE_WORKING_DIR="$2"
shift
;;
- --certhome | --cert-home)
+ --cert-home | --certhome)
_certhome="$2"
CERT_HOME="$_certhome"
shift
@@ -7058,7 +7053,7 @@ _process() {
USER_AGENT="$_useragent"
shift
;;
- --accountemail | -m)
+ -m | --accountemail)
_accountemail="$2"
ACCOUNT_EMAIL="$_accountemail"
shift
@@ -7086,7 +7081,7 @@ _process() {
--listraw)
_listraw="raw"
;;
- --stopRenewOnError | --stoprenewonerror | -se)
+ -se | --stop-renew-on-error | --stopRenewOnError | --stoprenewonerror)
_stopRenewOnError="1"
;;
--insecure)
diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh
index 5052ee10..56170f87 100644
--- a/dnsapi/dns_nic.sh
+++ b/dnsapi/dns_nic.sh
@@ -166,7 +166,7 @@ _get_root() {
if _contains "$_all_domains" "^$h$"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h
- _service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
+ _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
return 0
fi
p="$i"
diff --git a/dnsapi/dns_regru.sh b/dnsapi/dns_regru.sh
index a50821eb..29f758ea 100644
--- a/dnsapi/dns_regru.sh
+++ b/dnsapi/dns_regru.sh
@@ -33,8 +33,11 @@ dns_regru_add() {
fi
_debug _domain "$_domain"
+ _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
+ _debug _subdomain "$_subdomain"
+
_info "Adding TXT record to ${fulldomain}"
- _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
+ _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
if ! _contains "${response}" 'error'; then
return 0
@@ -64,8 +67,11 @@ dns_regru_rm() {
fi
_debug _domain "$_domain"
+ _subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
+ _debug _subdomain "$_subdomain"
+
_info "Deleting resource record $fulldomain"
- _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
+ _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
if ! _contains "${response}" 'error'; then
return 0