Browse Source

Merge remote-tracking branch 'refs/remotes/Neilpang/master' into dev

pull/755/head
Roman 8 years ago
parent
commit
c878addbae
  1. 2
      README.md
  2. 27
      acme.sh
  3. 4
      deploy/exim4.sh
  4. 4
      deploy/kong.sh
  5. 4
      deploy/vsftpd.sh
  6. 2
      dnsapi/README.md
  7. 2
      dnsapi/dns_cyon.sh
  8. 2
      dnsapi/dns_dgon.sh
  9. 18
      dnsapi/dns_freedns.sh
  10. 2
      dnsapi/dns_gandi_livedns.sh
  11. 2
      dnsapi/dns_ovh.sh
  12. 2
      dnsapi/dns_pdns.sh

2
README.md

@ -329,7 +329,7 @@ Just set the `length` parameter with a prefix `ec-`.
For example: For example:
### Single domain ECC cerfiticate
### Single domain ECC certificate
```bash ```bash
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256 acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256

27
acme.sh

@ -340,7 +340,7 @@ _hasfield() {
_sep="," _sep=","
fi fi
for f in $(echo "$_str" | tr ',' ' '); do
for f in $(echo "$_str" | tr "$_sep" ' '); do
if [ "$f" = "$_field" ]; then if [ "$f" = "$_field" ]; then
_debug2 "'$_str' contains '$_field'" _debug2 "'$_str' contains '$_field'"
return 0 #contains ok return 0 #contains ok
@ -879,7 +879,7 @@ _sign() {
if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then
_err "Sign failed: $_sign_openssl" _err "Sign failed: $_sign_openssl"
_err "Key file: $keyfile" _err "Key file: $keyfile"
_err "Key content:$(wc -l <"$keyfile") lises"
_err "Key content:$(wc -l <"$keyfile") lines"
return 1 return 1
fi fi
_debug3 "_signedECText" "$_signedECText" _debug3 "_signedECText" "$_signedECText"
@ -2258,16 +2258,16 @@ _initpath() {
fi fi
if [ -z "$TLS_CONF" ]; then if [ -z "$TLS_CONF" ]; then
TLS_CONF="$DOMAIN_PATH/tls.valdation.conf"
TLS_CONF="$DOMAIN_PATH/tls.validation.conf"
fi fi
if [ -z "$TLS_CERT" ]; then if [ -z "$TLS_CERT" ]; then
TLS_CERT="$DOMAIN_PATH/tls.valdation.cert"
TLS_CERT="$DOMAIN_PATH/tls.validation.cert"
fi fi
if [ -z "$TLS_KEY" ]; then if [ -z "$TLS_KEY" ]; then
TLS_KEY="$DOMAIN_PATH/tls.valdation.key"
TLS_KEY="$DOMAIN_PATH/tls.validation.key"
fi fi
if [ -z "$TLS_CSR" ]; then if [ -z "$TLS_CSR" ]; then
TLS_CSR="$DOMAIN_PATH/tls.valdation.csr"
TLS_CSR="$DOMAIN_PATH/tls.validation.csr"
fi fi
} }
@ -2385,7 +2385,7 @@ _setApache() {
_debug "Backup apache config file" "$httpdconf" _debug "Backup apache config file" "$httpdconf"
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
_err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
_err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT"
_err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT"
return 1 return 1
fi fi
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
@ -2883,7 +2883,7 @@ _on_issue_err() {
uri=$(echo "$ventry" | cut -d "$sep" -f 3) uri=$(echo "$ventry" | cut -d "$sep" -f 3)
vtype=$(echo "$ventry" | cut -d "$sep" -f 4) vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
__trigger_validaton "$uri" "$keyauthorization"
__trigger_validation "$uri" "$keyauthorization"
done done
) )
fi fi
@ -3105,7 +3105,7 @@ __get_domain_new_authz() {
} }
#uri keyAuthorization #uri keyAuthorization
__trigger_validaton() {
__trigger_validation() {
_debug2 "tigger domain validation." _debug2 "tigger domain validation."
_t_url="$1" _t_url="$1"
_debug2 _t_url "$_t_url" _debug2 _t_url "$_t_url"
@ -3490,7 +3490,7 @@ issue() {
_exec_err >/dev/null 2>&1 _exec_err >/dev/null 2>&1
fi fi
else else
_debug "not chaning owner/group of webroot"
_debug "not changing owner/group of webroot"
fi fi
fi fi
@ -3531,7 +3531,7 @@ issue() {
fi fi
fi fi
if ! __trigger_validaton "$uri" "$keyauthorization"; then
if ! __trigger_validation "$uri" "$keyauthorization"; then
_err "$d:Can not get challenge: $response" _err "$d:Can not get challenge: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
@ -4134,6 +4134,7 @@ _installcert() {
export CERT_KEY_PATH export CERT_KEY_PATH
export CA_CERT_PATH export CA_CERT_PATH
export CERT_FULLCHAIN_PATH export CERT_FULLCHAIN_PATH
export Le_Domain
cd "$DOMAIN_PATH" && eval "$_reload_cmd" cd "$DOMAIN_PATH" && eval "$_reload_cmd"
); then ); then
_info "$(__green "Reload success")" _info "$(__green "Reload success")"
@ -4806,13 +4807,13 @@ Parameters:
--listraw Only used for '--list' command, list the certs in raw format. --listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
--csr Specifies the input csr. --csr Specifies the input csr.
--pre-hook Command to be run before obtaining any certificates. --pre-hook Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
--renew-hook Command to be run once for each successfully renewed certificate. --renew-hook Command to be run once for each successfully renewed certificate.
--deploy-hook The hook file to deploy cert --deploy-hook The hook file to deploy cert
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension. --ocsp-must-staple, --ocsp Generate ocsp must Staple extension.

4
deploy/exim4.sh

@ -79,7 +79,7 @@ exim4_deploy() {
_info "Restore conf success" _info "Restore conf success"
eval "$_reload" eval "$_reload"
else else
_err "Opps, error restore exim4 conf, please report bug to us."
_err "Oops, error restore exim4 conf, please report bug to us."
fi fi
return 1 return 1
fi fi
@ -105,7 +105,7 @@ exim4_deploy() {
_info "Restore conf success" _info "Restore conf success"
eval "$_reload" eval "$_reload"
else else
_err "Opps, error restore exim4 conf, please report bug to us."
_err "Oops, error restore exim4 conf, please report bug to us."
fi fi
return 1 return 1
fi fi

4
deploy/kong.sh

@ -43,7 +43,7 @@ kong_deploy() {
#Save kong url if it's succesful (First run case) #Save kong url if it's succesful (First run case)
_saveaccountconf KONG_URL "$KONG_URL" _saveaccountconf KONG_URL "$KONG_URL"
#Generate DEIM #Generate DEIM
delim="-----MultipartDelimeter$(date "+%s%N")"
delim="-----MultipartDelimiter$(date "+%s%N")"
nl="\015\012" nl="\015\012"
#Set Header #Set Header
_H1="Content-Type: multipart/form-data; boundary=$delim" _H1="Content-Type: multipart/form-data; boundary=$delim"
@ -72,7 +72,7 @@ kong_deploy() {
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH") response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
fi fi
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
_err "An error occured with cert upload. Check response:"
_err "An error occurred with cert upload. Check response:"
_err "$response" _err "$response"
return 1 return 1
fi fi

4
deploy/vsftpd.sh

@ -76,7 +76,7 @@ vsftpd_deploy() {
_info "Restore conf success" _info "Restore conf success"
eval "$_reload" eval "$_reload"
else else
_err "Opps, error restore vsftpd conf, please report bug to us."
_err "Oops, error restore vsftpd conf, please report bug to us."
fi fi
return 1 return 1
fi fi
@ -102,7 +102,7 @@ vsftpd_deploy() {
_info "Restore conf success" _info "Restore conf success"
eval "$_reload" eval "$_reload"
else else
_err "Opps, error restore vsftpd conf, please report bug to us."
_err "Oops, error restore vsftpd conf, please report bug to us."
fi fi
return 1 return 1
fi fi

2
dnsapi/README.md

@ -302,7 +302,7 @@ acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
``` ```
Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
you create under a FreeDNS public domain. You must own the top level domain in order to automaitcally
you create under a FreeDNS public domain. You must own the top level domain in order to automatically
validate with acme.sh at FreeDNS. validate with acme.sh at FreeDNS.
## 16. Use cyon.ch ## 16. Use cyon.ch

2
dnsapi/dns_cyon.sh

@ -50,7 +50,7 @@ _cyon_load_credentials() {
fi fi
if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then
# Dummy entries to satify script checker.
# Dummy entries to satisfy script checker.
CY_Username="" CY_Username=""
CY_Password="" CY_Password=""
CY_OTP_Secret="" CY_OTP_Secret=""

2
dnsapi/dns_dgon.sh

@ -158,7 +158,7 @@ _get_base_domain() {
export _H2="Authorization: Bearer $DO_API_KEY" export _H2="Authorization: Bearer $DO_API_KEY"
_debug DO_API_KEY "$DO_API_KEY" _debug DO_API_KEY "$DO_API_KEY"
## get URL for the list of domains ## get URL for the list of domains
## havent seen this request paginated, tested with 18 domains (more requres manual requests with DO)
## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO)
DOMURL="https://api.digitalocean.com/v2/domains" DOMURL="https://api.digitalocean.com/v2/domains"
## get the domain list (DO gives basically a full XFER!) ## get the domain list (DO gives basically a full XFER!)

18
dnsapi/dns_freedns.sh

@ -10,7 +10,7 @@
# #
######## Public functions ##################### ######## Public functions #####################
# Export FreeDNS userid and password in folowing variables...
# Export FreeDNS userid and password in following variables...
# FREEDNS_User=username # FREEDNS_User=username
# FREEDNS_Password=password # FREEDNS_Password=password
# login cookie is saved in acme account config file so userid / pw # login cookie is saved in acme account config file so userid / pw
@ -53,7 +53,7 @@ dns_freedns_add() {
i="$(_math "$i" - 1)" i="$(_math "$i" - 1)"
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")" sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
# Sometimes FreeDNS does not reurn the subdomain page but rather
# Sometimes FreeDNS does not return the subdomain page but rather
# returns a page regarding becoming a premium member. This usually # returns a page regarding becoming a premium member. This usually
# happens after a period of inactivity. Immediately trying again # happens after a period of inactivity. Immediately trying again
# returns the correct subdomain page. So, we will try twice to # returns the correct subdomain page. So, we will try twice to
@ -65,7 +65,7 @@ dns_freedns_add() {
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")" htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
if [ "$using_cached_cookies" = "true" ]; then if [ "$using_cached_cookies" = "true" ]; then
_err "Has your FreeDNS username and password channged? If so..."
_err "Has your FreeDNS username and password changed? If so..."
_err "Please export as FREEDNS_User / FREEDNS_Password and try again." _err "Please export as FREEDNS_User / FREEDNS_Password and try again."
fi fi
return 1 return 1
@ -112,7 +112,7 @@ dns_freedns_add() {
# not produce accurate results as the value field is truncated # not produce accurate results as the value field is truncated
# on this webpage. To get full value we would need to load # on this webpage. To get full value we would need to load
# another page. However we don't really need this so long as # another page. However we don't really need this so long as
# there is only one TXT record for the acme chalenge subdomain.
# there is only one TXT record for the acme challenge subdomain.
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^&quot;]*&quot;//;s/&quot;.*//;s/<\/td>.*//')" DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^&quot;]*&quot;//;s/&quot;.*//;s/<\/td>.*//')"
if [ $found != 0 ]; then if [ $found != 0 ]; then
break break
@ -192,11 +192,11 @@ dns_freedns_rm() {
# Need to read cookie from conf file again in case new value set # Need to read cookie from conf file again in case new value set
# during login to FreeDNS when TXT record was created. # during login to FreeDNS when TXT record was created.
# acme.sh does not have a _readaccountconf() fuction
# acme.sh does not have a _readaccountconf() function
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")" FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
_debug "FreeDNS login cookies: $FREEDNS_COOKIE" _debug "FreeDNS login cookies: $FREEDNS_COOKIE"
# Sometimes FreeDNS does not reurn the subdomain page but rather
# Sometimes FreeDNS does not return the subdomain page but rather
# returns a page regarding becoming a premium member. This usually # returns a page regarding becoming a premium member. This usually
# happens after a period of inactivity. Immediately trying again # happens after a period of inactivity. Immediately trying again
# returns the correct subdomain page. So, we will try twice to # returns the correct subdomain page. So, we will try twice to
@ -302,12 +302,12 @@ _freedns_retrieve_subdomain_page() {
export _H2="Accept-Language:en-US" export _H2="Accept-Language:en-US"
url="https://freedns.afraid.org/subdomain/" url="https://freedns.afraid.org/subdomain/"
_debug "Retrieve subdmoain page from FreeDNS"
_debug "Retrieve subdomain page from FreeDNS"
htmlpage="$(_get "$url")" htmlpage="$(_get "$url")"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_err "FreeDNS retrieve subdomins failed bad RC from _get"
_err "FreeDNS retrieve subdomains failed bad RC from _get"
return 1 return 1
elif [ -z "$htmlpage" ]; then elif [ -z "$htmlpage" ]; then
_err "FreeDNS returned empty subdomain page" _err "FreeDNS returned empty subdomain page"
@ -341,7 +341,7 @@ _freedns_add_txt_record() {
return 1 return 1
elif _contains "$htmlpage" "security code was incorrect"; then elif _contains "$htmlpage" "security code was incorrect"; then
_debug "$htmlpage" _debug "$htmlpage"
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested seurity code"
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains" _err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
return 1 return 1
fi fi

2
dnsapi/dns_gandi_livedns.sh

@ -19,7 +19,7 @@ dns_gandi_livedns_add() {
txtvalue=$2 txtvalue=$2
if [ -z "$GANDI_LIVEDNS_KEY" ]; then if [ -z "$GANDI_LIVEDNS_KEY" ]; then
_err "No API key specifed for Gandi LiveDNS."
_err "No API key specified for Gandi LiveDNS."
_err "Create your key and export it as GANDI_LIVEDNS_KEY" _err "Create your key and export it as GANDI_LIVEDNS_KEY"
return 1 return 1
fi fi

2
dnsapi/dns_ovh.sh

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
#Applcation Key
#Application Key
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
# #
#Application Secret #Application Secret

2
dnsapi/dns_pdns.sh

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
#PowerDNS Emdedded API
#PowerDNS Embedded API
#https://doc.powerdns.com/md/httpapi/api_spec/ #https://doc.powerdns.com/md/httpapi/api_spec/
# #
#PDNS_Url="http://ns.example.com:8081" #PDNS_Url="http://ns.example.com:8081"

Loading…
Cancel
Save