|
@ -1,6 +1,6 @@ |
|
|
#!/usr/bin/env sh |
|
|
#!/usr/bin/env sh |
|
|
|
|
|
|
|
|
VER=2.6.0 |
|
|
|
|
|
|
|
|
VER=2.6.1 |
|
|
|
|
|
|
|
|
PROJECT_NAME="acme.sh" |
|
|
PROJECT_NAME="acme.sh" |
|
|
|
|
|
|
|
@ -482,6 +482,45 @@ _createkey() { |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#domain |
|
|
|
|
|
_is_idn() { |
|
|
|
|
|
_is_idn_d="$1" |
|
|
|
|
|
_debug2 _is_idn_d "$_is_idn_d" |
|
|
|
|
|
_idn_temp=$(printf "%s" "$_is_idn_d" | tr -d "[0-9a-zA-Z.,-]") |
|
|
|
|
|
_debug2 _idn_temp "$_idn_temp" |
|
|
|
|
|
[ "$_idn_temp" ] |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
#aa.com |
|
|
|
|
|
#aa.com,bb.com,cc.com |
|
|
|
|
|
_idn() { |
|
|
|
|
|
__idn_d="$1" |
|
|
|
|
|
if ! _is_idn "$__idn_d" ; then |
|
|
|
|
|
printf "%s" "$__idn_d" |
|
|
|
|
|
return 0 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if _exists idn ; then |
|
|
|
|
|
if _contains "$__idn_d" ',' ; then |
|
|
|
|
|
_i_first="1" |
|
|
|
|
|
for f in $(echo "$__idn_d" | tr ',' ' ') ; do |
|
|
|
|
|
[ -z "$f" ] && continue |
|
|
|
|
|
if [ -z "$_i_first" ] ; then |
|
|
|
|
|
printf "%s" "," |
|
|
|
|
|
else |
|
|
|
|
|
_i_first="" |
|
|
|
|
|
fi |
|
|
|
|
|
idn "$f" | tr -d "\r\n" |
|
|
|
|
|
done |
|
|
|
|
|
else |
|
|
|
|
|
idn "$__idn_d" | tr -d "\r\n" |
|
|
|
|
|
fi |
|
|
|
|
|
else |
|
|
|
|
|
_err "Please install idn to process IDN names." |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
#_createcsr cn san_list keyfile csrfile conf |
|
|
#_createcsr cn san_list keyfile csrfile conf |
|
|
_createcsr() { |
|
|
_createcsr() { |
|
|
_debug _createcsr |
|
|
_debug _createcsr |
|
@ -502,6 +541,8 @@ _createcsr() { |
|
|
#single domain |
|
|
#single domain |
|
|
_info "Single domain" "$domain" |
|
|
_info "Single domain" "$domain" |
|
|
else |
|
|
else |
|
|
|
|
|
domainlist="$(_idn $domainlist)" |
|
|
|
|
|
_debug2 domainlist "$domainlist" |
|
|
if _contains "$domainlist" "," ; then |
|
|
if _contains "$domainlist" "," ; then |
|
|
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" |
|
|
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" |
|
|
else |
|
|
else |
|
@ -515,7 +556,10 @@ _createcsr() { |
|
|
_savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable" |
|
|
_savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable" |
|
|
printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf" |
|
|
printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf" |
|
|
fi |
|
|
fi |
|
|
openssl req -new -sha256 -key "$csrkey" -subj "/CN=$domain" -config "$csrconf" -out "$csr" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_csr_cn="$(_idn "$domain")" |
|
|
|
|
|
_debug2 _csr_cn "$_csr_cn" |
|
|
|
|
|
openssl req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#_signcsr key csr conf cert |
|
|
#_signcsr key csr conf cert |
|
@ -939,13 +983,13 @@ _post() { |
|
|
elif _exists "wget" ; then |
|
|
elif _exists "wget" ; then |
|
|
_debug "WGET" "$WGET" |
|
|
_debug "WGET" "$WGET" |
|
|
if [ "$needbase64" ] ; then |
|
|
if [ "$needbase64" ] ; then |
|
|
if [ "$httpmethod"="POST" ] ; then |
|
|
|
|
|
|
|
|
if [ "$httpmethod" = "POST" ] ; then |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
else |
|
|
else |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
|
if [ "$httpmethod"="POST" ] ; then |
|
|
|
|
|
|
|
|
if [ "$httpmethod" = "POST" ] ; then |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
else |
|
|
else |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
|
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" |
|
@ -1231,14 +1275,29 @@ _startserver() { |
|
|
|
|
|
|
|
|
_debug "_NC" "$_NC" |
|
|
_debug "_NC" "$_NC" |
|
|
|
|
|
|
|
|
|
|
|
#for centos ncat |
|
|
|
|
|
if _contains "$nchelp" "nmap.org" ; then |
|
|
|
|
|
_debug "Using ncat: nmap.org" |
|
|
|
|
|
if [ "$DEBUG" ] ; then |
|
|
|
|
|
if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; then |
|
|
|
|
|
return |
|
|
|
|
|
fi |
|
|
|
|
|
else |
|
|
|
|
|
if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1; then |
|
|
|
|
|
return |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
_err "ncat listen error." |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
# while true ; do |
|
|
# while true ; do |
|
|
if [ "$DEBUG" ] ; then |
|
|
if [ "$DEBUG" ] ; then |
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; then |
|
|
|
|
|
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ; |
|
|
|
|
|
|
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ; then |
|
|
|
|
|
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1; then |
|
|
|
|
|
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort > /dev/null 2>&1 |
|
|
|
|
|
|
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort > /dev/null 2>&1; then |
|
|
|
|
|
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1 |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
if [ "$?" != "0" ] ; then |
|
|
if [ "$?" != "0" ] ; then |
|
@ -2180,7 +2239,7 @@ issue() { |
|
|
|
|
|
|
|
|
_info "Getting new-authz for domain" $d |
|
|
_info "Getting new-authz for domain" $d |
|
|
|
|
|
|
|
|
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}" ; then |
|
|
|
|
|
|
|
|
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$d")\"}}" ; then |
|
|
_err "Can not get domain token." |
|
|
_err "Can not get domain token." |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
_on_issue_err |
|
@ -3070,7 +3129,7 @@ _deactivate() { |
|
|
do |
|
|
do |
|
|
_info "Deactivate: $_d_domain" |
|
|
_info "Deactivate: $_d_domain" |
|
|
_d_i="$(_math $_d_i + 1)" |
|
|
_d_i="$(_math $_d_i + 1)" |
|
|
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$_d_domain\"}}" ; then |
|
|
|
|
|
|
|
|
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_d_domain")\"}}" ; then |
|
|
_err "Can not get domain token." |
|
|
_err "Can not get domain token." |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
@ -3315,6 +3374,7 @@ _installalias() { |
|
|
_profile="$(_detect_profile)" |
|
|
_profile="$(_detect_profile)" |
|
|
if [ "$_profile" ] ; then |
|
|
if [ "$_profile" ] ; then |
|
|
_debug "Found profile: $_profile" |
|
|
_debug "Found profile: $_profile" |
|
|
|
|
|
_info "Installing alias to '$_profile'" |
|
|
_setopt "$_profile" ". \"$_envfile\"" |
|
|
_setopt "$_profile" ". \"$_envfile\"" |
|
|
_info "OK, Close and reopen your terminal to start using $PROJECT_NAME" |
|
|
_info "OK, Close and reopen your terminal to start using $PROJECT_NAME" |
|
|
else |
|
|
else |
|
@ -3326,6 +3386,7 @@ _installalias() { |
|
|
_cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" |
|
|
_cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" |
|
|
_csh_profile="$HOME/.cshrc" |
|
|
_csh_profile="$HOME/.cshrc" |
|
|
if [ -f "$_csh_profile" ] ; then |
|
|
if [ -f "$_csh_profile" ] ; then |
|
|
|
|
|
_info "Installing alias to '$_csh_profile'" |
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" |
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" |
|
|
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" |
|
|
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" |
|
|
_setopt "$_csh_profile" "source \"$_cshfile\"" |
|
|
_setopt "$_csh_profile" "source \"$_cshfile\"" |
|
@ -3334,6 +3395,7 @@ _installalias() { |
|
|
#for tcsh |
|
|
#for tcsh |
|
|
_tcsh_profile="$HOME/.tcshrc" |
|
|
_tcsh_profile="$HOME/.tcshrc" |
|
|
if [ -f "$_tcsh_profile" ] ; then |
|
|
if [ -f "$_tcsh_profile" ] ; then |
|
|
|
|
|
_info "Installing alias to '$_tcsh_profile'" |
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" |
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" |
|
|
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" |
|
|
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" |
|
|
_setopt "$_tcsh_profile" "source \"$_cshfile\"" |
|
|
_setopt "$_tcsh_profile" "source \"$_cshfile\"" |
|
@ -3449,24 +3511,34 @@ _uninstall() { |
|
|
fi |
|
|
fi |
|
|
_initpath |
|
|
_initpath |
|
|
|
|
|
|
|
|
|
|
|
_uninstallalias |
|
|
|
|
|
|
|
|
|
|
|
rm -f $LE_WORKING_DIR/$PROJECT_ENTRY |
|
|
|
|
|
_info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself." |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_uninstallalias() { |
|
|
|
|
|
_initpath |
|
|
|
|
|
|
|
|
_profile="$(_detect_profile)" |
|
|
_profile="$(_detect_profile)" |
|
|
if [ "$_profile" ] ; then |
|
|
if [ "$_profile" ] ; then |
|
|
sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.env/d" "$_profile" |
|
|
|
|
|
|
|
|
_info "Uninstalling alias from: '$_profile'" |
|
|
|
|
|
sed -i "\|/$LE_WORKING_DIR/$PROJECT_NAME\.env|d" "$_profile" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_csh_profile="$HOME/.cshrc" |
|
|
_csh_profile="$HOME/.cshrc" |
|
|
if [ -f "$_csh_profile" ] ; then |
|
|
if [ -f "$_csh_profile" ] ; then |
|
|
sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_csh_profile" |
|
|
|
|
|
|
|
|
_info "Uninstalling alias from: '$_csh_profile'" |
|
|
|
|
|
sed -i "\|/$LE_WORKING_DIR/$PROJECT_NAME\.csh|d" "$_csh_profile" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_tcsh_profile="$HOME/.tcshrc" |
|
|
_tcsh_profile="$HOME/.tcshrc" |
|
|
if [ -f "$_tcsh_profile" ] ; then |
|
|
if [ -f "$_tcsh_profile" ] ; then |
|
|
sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_tcsh_profile" |
|
|
|
|
|
|
|
|
_info "Uninstalling alias from: '$_csh_profile'" |
|
|
|
|
|
sed -i "\|/$LE_WORKING_DIR/$PROJECT_NAME\.csh|d" "$_tcsh_profile" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
rm -f $LE_WORKING_DIR/$PROJECT_ENTRY |
|
|
|
|
|
_info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself." |
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
cron() { |
|
|
cron() { |
|
@ -3770,6 +3842,10 @@ _process() { |
|
|
_err "'$_dvalue' is not a valid domain for parameter '$1'" |
|
|
_err "'$_dvalue' is not a valid domain for parameter '$1'" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
if _is_idn "$_dvalue" && ! _exists idn ; then |
|
|
|
|
|
_err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first." |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
if [ -z "$_domain" ] ; then |
|
|
if [ -z "$_domain" ] ; then |
|
|
_domain="$_dvalue" |
|
|
_domain="$_dvalue" |
|
|