From c9d7daab70476e7c5f60a4e0aea06c671d91cb3d Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 10 Feb 2017 13:34:34 +0800 Subject: [PATCH 1/9] fix https://github.com/Neilpang/acme.sh/issues/593 --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 555bd70b..29d7a2cd 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -93,7 +93,7 @@ _get_root() { fi if _contains "$response" "$h."; then - hostedzone="$(echo "$response" | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")" + hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")" _debug hostedzone "$hostedzone" if [ -z "$hostedzone" ]; then _err "Error, can not get hostedzone." From 34f25fa590ba9917ecfd8f70887635ed5d2c467d Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 10 Feb 2017 18:20:15 +0800 Subject: [PATCH 2/9] support mingw/git-bash --- acme.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index cb99b5ab..4279ddfc 100755 --- a/acme.sh +++ b/acme.sh @@ -896,7 +896,11 @@ _createcsr() { _csr_cn="$(_idn "$domain")" _debug2 _csr_cn "$_csr_cn" - $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" + if _contains "$(uname -a)" "MINGW"; then + $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr" + else + $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" + fi } #_signcsr key csr conf cert From d8beaf727f84ac8149e290b5695dc35634e195e2 Mon Sep 17 00:00:00 2001 From: hebbet Date: Fri, 10 Feb 2017 13:26:17 +0100 Subject: [PATCH 3/9] remove extra space remove extra space from help --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 4279ddfc..8eb52d3e 100755 --- a/acme.sh +++ b/acme.sh @@ -4238,7 +4238,7 @@ Commands: --version, -v Show version info. --install Install $PROJECT_NAME to your system. --uninstall Uninstall $PROJECT_NAME, and uninstall the cron job. - --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT . + --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --issue Issue a cert. --signcsr Issue a cert from an existing csr. --deploy Deploy the cert to your server. From 4e4a6d83973fa0580ef8b2f1d7d0312fdd671543 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 10 Feb 2017 20:55:25 +0800 Subject: [PATCH 4/9] better hexdump fix https://github.com/Neilpang/acme.sh/issues/595 --- acme.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 4279ddfc..b544f531 100755 --- a/acme.sh +++ b/acme.sh @@ -364,8 +364,16 @@ _ascii_hex() { #input:"abc" #output: " 61 62 63" _hex_dump() { - #in wired some system, the od command is missing. - if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then + if _exists od; then + od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n" + elif _exists hexdump; then + _debug3 "using hexdump" + hexdump -v -e '/1 ""' -e '/1 " %02x" ""' + elif _exists xxd; then + _debug3 "using xxd" + xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " " + else + _debug3 "using _ascii_hex" str=$(cat) _ascii_hex "$str" fi From 04e0f87c0387e81b100f94de9a511e47f0b49f75 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 11 Feb 2017 13:24:00 +0800 Subject: [PATCH 5/9] add doc --- deploy/README.md | 31 ++++++++++++++++++++++++++++++- deploy/cpanel.sh | 29 +++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 deploy/cpanel.sh diff --git a/deploy/README.md b/deploy/README.md index 580eaac8..fcdf8019 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -1 +1,30 @@ -#Using deploy api +# Using deploy api + +Here are the scripts to deploy the certs/key to the server/services. + +## 1. Deploy the certs to your cpanel host. + +(cpanel deploy hook is not finished yet, this is just an example.) + +Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). + +Then you can deploy now: + +```sh +export DEPLOY_CPANEL_USER=myusername +export DEPLOY_CPANEL_PASSWORD=PASSWORD +acme.sh --deploy -d example.com --deploy --deploy-hook cpanel +``` + +## 2. Deploy ssl cert on kong proxy engine based on api. + +Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). + +(TODO) + +## 3. Deploy the cert to remote server through SSH access. + +(TODO) + + + diff --git a/deploy/cpanel.sh b/deploy/cpanel.sh new file mode 100644 index 00000000..bf1332ff --- /dev/null +++ b/deploy/cpanel.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + +#Here is the script to deploy the cert to your cpanel account by the cpanel APIs. + +#returns 0 means success, otherwise error. + +#export DEPLOY_CPANEL_USER=myusername +#export DEPLOY_CPANEL_PASSWORD=PASSWORD + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +cpanel_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _err "Not implemented yet" + return 1 + +} From 0984585d58cc87a8b49ee93ad8d5c6924c88a79d Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 11 Feb 2017 13:36:52 +0800 Subject: [PATCH 6/9] minor, rename command --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 04bf55ad..67c72068 100755 --- a/acme.sh +++ b/acme.sh @@ -4263,8 +4263,8 @@ Commands: --toPkcs Export the certificate and key to a pfx file. --update-account Update account info. --register-account Register account key. - --createAccountKey, -cak Create an account private key, professional use. - --createDomainKey, -cdk Create an domain private key, professional use. + --create-account-key Create an account private key, professional use. + --create-domain-key Create an domain private key, professional use. --createCSR, -ccsr Create CSR , professional use. --deactivate Deactivate the domain authz, professional use. @@ -4506,10 +4506,10 @@ _process() { --toPkcs) _CMD="toPkcs" ;; - --createAccountKey | --createaccountkey | -cak) + --createAccountKey | --createaccountkey | -cak | --create-account-key) _CMD="createAccountKey" ;; - --createDomainKey | --createdomainkey | -cdk) + --createDomainKey | --createdomainkey | -cdk | --create-domain-key) _CMD="createDomainKey" ;; --createCSR | --createcsr | -ccr) From d47c5eaf604743867ae0ca2fdeda0d2108747c4e Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 11 Feb 2017 20:13:21 +0800 Subject: [PATCH 7/9] update issue template --- .github/ISSUE_TEMPLATE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 4abbb7ab..f7d4d1d7 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,4 +1,6 @@ Steps to reproduce ------------------ - Debug log ----------------- From e2edf2083384f6ceae71d89e569052b1ba3b827d Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 11 Feb 2017 21:15:36 +0800 Subject: [PATCH 8/9] support syslog --- acme.sh | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 64 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index 67c72068..9929dfad 100755 --- a/acme.sh +++ b/acme.sh @@ -61,6 +61,10 @@ LOG_LEVEL_2=2 LOG_LEVEL_3=3 DEFAULT_LOG_LEVEL="$LOG_LEVEL_1" +SYSLOG_INFO="user.info" +SYSLOG_ERROR="user.error" +SYSLOG_DEBUG="user.debug" + _DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh" _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations" @@ -128,18 +132,30 @@ _dlg_versions() { fi } +#class +_syslog() { + if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then + return + fi + _logclass="$1" + shift + logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1 +} + _log() { + _syslog "$@" [ -z "$LOG_FILE" ] && return + shift _printargs "$@" >>"$LOG_FILE" } _info() { - _log "$@" + _log "$SYSLOG_INFO" "$@" _printargs "$@" } _err() { - _log "$@" + _log "$SYSLOG_ERROR" "$@" if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then printf -- "%s" "[$(date)] " >&2 fi @@ -159,7 +175,7 @@ _usage() { _debug() { if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then - _log "$@" + _log "$SYSLOG_DEBUG" "$@" fi if [ -z "$DEBUG" ]; then return @@ -169,19 +185,19 @@ _debug() { _debug2() { if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then - _log "$@" + _log "$SYSLOG_DEBUG" "$@" fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then - _debug "$@" + _printargs "$@" >&2 fi } _debug3() { if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then - _log "$@" + _log "$SYSLOG_DEBUG" "$@" fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then - _debug "$@" + _printargs "$@" >&2 fi } @@ -4286,6 +4302,7 @@ Parameters: --accountkeylength, -ak [2048] Specifies the account key length. --log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here. --log-level 1|2 Specifies the log level, default is 1. + --syslog [1|0] Enable/Disable syslog. These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert: @@ -4444,6 +4461,7 @@ _process() { _listen_v4="" _listen_v6="" _openssl_bin="" + _syslog="" while [ ${#} -gt 0 ]; do case "${1}" in @@ -4774,6 +4792,15 @@ _process() { LOG_LEVEL="$_log_level" shift ;; + --syslog) + if ! _startswith "$2" '-'; then + _syslog="$2" + shift + fi + if [ -z "$_syslog" ]; then + _syslog="1" + fi + ;; --auto-upgrade) _auto_upgrade="$2" if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then @@ -4821,6 +4848,21 @@ _process() { LOG_LEVEL="$_log_level" fi + if [ "$_syslog" ]; then + if _exists logger; then + if [ "$_syslog" = "0" ]; then + _clearaccountconf "SYS_LOG" + else + _saveaccountconf "SYS_LOG" "$_syslog" + fi + SYS_LOG="$_syslog" + else + _err "The 'logger' command is not found, can not enable syslog." + _clearaccountconf "SYS_LOG" + SYS_LOG="" + fi + fi + _processAccountConf fi @@ -4913,6 +4955,21 @@ _process() { if [ "$_log_level" ]; then _saveaccountconf "LOG_LEVEL" "$_log_level" fi + + if [ "$_syslog" ]; then + if _exists logger; then + if [ "$_syslog" = "0" ]; then + _clearaccountconf "SYS_LOG" + else + _saveaccountconf "SYS_LOG" "$_syslog" + fi + else + _err "The 'logger' command is not found, can not enable syslog." + _clearaccountconf "SYS_LOG" + SYS_LOG="" + fi + fi + _processAccountConf fi From cd9c3a79e556c6221d3fe15aaa4dc3f50689bc98 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 11 Feb 2017 21:29:36 +0800 Subject: [PATCH 9/9] update doc --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2dd178d8..f1c74806 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT** **Apache** example: ```bash -acme.sh --installcert -d example.com \ +acme.sh --install-cert -d example.com \ --certpath /path/to/certfile/in/apache/cert.pem \ --keypath /path/to/keyfile/in/apache/key.pem \ --fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \ @@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \ **Nginx** example: ```bash -acme.sh --installcert -d example.com \ +acme.sh --install-cert -d example.com \ --keypath /path/to/keyfile/in/nginx/key.pem \ --fullchainpath /path/to/fullchain/nginx/cert.pem \ --reloadcmd "service nginx force-reload"