Merge remote-tracking branch 'upstream/master' into ssh-deploy

8 years ago · e925ab0999
6 changed files with 142 additions and 22 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -1,4 +1,6 @@
 <!--
 请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试输出,我帮不了你.
 如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
 If it is a bug report:
 - make sure you are able to repro it on the latest released version. 
@ -8,13 +10,11 @@ You can install the latest version by: `acme.sh --upgrade`
 - Refer to the [WIKI](https://wiki.acme.sh).
 - Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh).
 -->
 Steps to reproduce
 ------------------
 Debug log
 -----------------
--- a/README.md
+++ b/README.md
@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT**
 **Apache** example:
 ```bash
 acme.sh --installcert -d example.com \
 acme.sh --install-cert -d example.com \
 --certpath      /path/to/certfile/in/apache/cert.pem  \
 --keypath       /path/to/keyfile/in/apache/key.pem  \
 --fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \
 **Nginx** example:
 ```bash
 acme.sh --installcert -d example.com \
 acme.sh --install-cert -d example.com \
 --keypath       /path/to/keyfile/in/nginx/key.pem  \
 --fullchainpath /path/to/fullchain/nginx/cert.pem \
 --reloadcmd     "service nginx force-reload"
--- a/acme.sh
+++ b/acme.sh
@ -61,6 +61,10 @@ LOG_LEVEL_2=2
 LOG_LEVEL_3=3
 DEFAULT_LOG_LEVEL="$LOG_LEVEL_1"
 SYSLOG_INFO="user.info"
 SYSLOG_ERROR="user.error"
 SYSLOG_DEBUG="user.debug"
 _DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh"
 _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
@ -128,18 +132,30 @@ _dlg_versions() {
  fi
 }
 #class
 _syslog() {
  if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then
    return
  fi
  _logclass="$1"
  shift
  logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
 }
 _log() {
  _syslog "$@"
  [ -z "$LOG_FILE" ] && return
  shift
  _printargs "$@" >>"$LOG_FILE"
 }
 _info() {
  _log "$@"
  _log "$SYSLOG_INFO" "$@"
  _printargs "$@"
 }
 _err() {
  _log "$@"
  _log "$SYSLOG_ERROR" "$@"
  if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
    printf -- "%s" "[$(date)] " >&2
  fi
@ -159,7 +175,7 @@ _usage() {
 _debug() {
  if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then
    _log "$@"
    _log "$SYSLOG_DEBUG" "$@"
  fi
  if [ -z "$DEBUG" ]; then
    return
@ -169,19 +185,19 @@ _debug() {
 _debug2() {
  if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then
    _log "$@"
    _log "$SYSLOG_DEBUG" "$@"
  fi
  if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
    _debug "$@"
    _printargs "$@" >&2
  fi
 }
 _debug3() {
  if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then
    _log "$@"
    _log "$SYSLOG_DEBUG" "$@"
  fi
  if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then
    _debug "$@"
    _printargs "$@" >&2
  fi
 }
@ -364,8 +380,16 @@ _ascii_hex() {
 #input:"abc"
 #output: " 61 62 63"
 _hex_dump() {
  #in wired some system, the od command is missing.
  if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then
  if _exists od; then
    od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n"
  elif _exists hexdump; then
    _debug3 "using hexdump"
    hexdump -v -e '/1 ""' -e '/1 " %02x" ""'
  elif _exists xxd; then
    _debug3 "using xxd"
    xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " "
  else
    _debug3 "using _ascii_hex"
    str=$(cat)
    _ascii_hex "$str"
  fi
@ -896,7 +920,11 @@ _createcsr() {
  _csr_cn="$(_idn "$domain")"
  _debug2 _csr_cn "$_csr_cn"
  $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
  if _contains "$(uname -a)" "MINGW"; then
    $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
  else
    $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
  fi
 }
 #_signcsr key  csr  conf cert
@ -4234,7 +4262,7 @@ Commands:
  --version, -v            Show version info.
  --install                Install $PROJECT_NAME to your system.
  --uninstall              Uninstall $PROJECT_NAME, and uninstall the cron job.
  --upgrade                Upgrade $PROJECT_NAME to the latest code from $PROJECT .
  --upgrade                Upgrade $PROJECT_NAME to the latest code from $PROJECT.
  --issue                  Issue a cert.
  --signcsr                Issue a cert from an existing csr.
  --deploy                 Deploy the cert to your server.
@ -4251,8 +4279,8 @@ Commands:
  --toPkcs                 Export the certificate and key to a pfx file.
  --update-account         Update account info.
  --register-account       Register account key.
  --createAccountKey, -cak Create an account private key, professional use.
  --createDomainKey, -cdk  Create an domain private key, professional use.
  --create-account-key     Create an account private key, professional use.
  --create-domain-key      Create an domain private key, professional use.
  --createCSR, -ccsr       Create CSR , professional use.
  --deactivate             Deactivate the domain authz, professional use.
@ -4274,6 +4302,7 @@ Parameters:
  --accountkeylength, -ak [2048]    Specifies the account key length.
  --log    [/path/to/logfile]       Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
  --log-level 1|2                   Specifies the log level, default is 1.
  --syslog [1|0]                    Enable/Disable syslog.
  These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
@ -4432,6 +4461,7 @@ _process() {
  _listen_v4=""
  _listen_v6=""
  _openssl_bin=""
  _syslog=""
  while [ ${#} -gt 0 ]; do
    case "${1}" in
@ -4494,10 +4524,10 @@ _process() {
      --toPkcs)
        _CMD="toPkcs"
        ;;
      --createAccountKey | --createaccountkey | -cak)
      --createAccountKey | --createaccountkey | -cak | --create-account-key)
        _CMD="createAccountKey"
        ;;
      --createDomainKey | --createdomainkey | -cdk)
      --createDomainKey | --createdomainkey | -cdk | --create-domain-key)
        _CMD="createDomainKey"
        ;;
      --createCSR | --createcsr | -ccr)
@ -4762,6 +4792,15 @@ _process() {
        LOG_LEVEL="$_log_level"
        shift
        ;;
      --syslog)
        if ! _startswith "$2" '-'; then
          _syslog="$2"
          shift
        fi
        if [ -z "$_syslog" ]; then
          _syslog="1"
        fi
        ;;
      --auto-upgrade)
        _auto_upgrade="$2"
        if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then
@ -4809,6 +4848,21 @@ _process() {
      LOG_LEVEL="$_log_level"
    fi
    if [ "$_syslog" ]; then
      if _exists logger; then
        if [ "$_syslog" = "0" ]; then
          _clearaccountconf "SYS_LOG"
        else
          _saveaccountconf "SYS_LOG" "$_syslog"
        fi
        SYS_LOG="$_syslog"
      else
        _err "The 'logger' command is not found, can not enable syslog."
        _clearaccountconf "SYS_LOG"
        SYS_LOG=""
      fi
    fi
    _processAccountConf
  fi
@ -4901,6 +4955,21 @@ _process() {
    if [ "$_log_level" ]; then
      _saveaccountconf "LOG_LEVEL" "$_log_level"
    fi
    if [ "$_syslog" ]; then
      if _exists logger; then
        if [ "$_syslog" = "0" ]; then
          _clearaccountconf "SYS_LOG"
        else
          _saveaccountconf "SYS_LOG" "$_syslog"
        fi
      else
        _err "The 'logger' command is not found, can not enable syslog."
        _clearaccountconf "SYS_LOG"
        SYS_LOG=""
      fi
    fi
    _processAccountConf
  fi
--- a/deploy/README.md
+++ b/deploy/README.md
@ -1,6 +1,28 @@
 #Using deploy api
 # Using deploy api
 #Using the ssh deploy plugin
 Here are the scripts to deploy the certs/key to the server/services.
 ## 1. Deploy the certs to your cpanel host.
 (cpanel deploy hook is not finished yet, this is just an example.)
 Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
 Then you can deploy now:
 ```sh
 export DEPLOY_CPANEL_USER=myusername
 export DEPLOY_CPANEL_PASSWORD=PASSWORD
 acme.sh --deploy -d example.com --deploy --deploy-hook cpanel
 ```
 ## 2. Deploy ssl cert on kong proxy engine based on api.
 Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
 (TODO)
 ## 3. Deploy the cert to remote server through SSH access.
 The ssh deploy plugin allows you to deploy certificates to a remote host
 using SSH command to connect to the remote server.  The ssh plugin is invoked
--- a/deploy/cpanel.sh
+++ b/deploy/cpanel.sh
@ -0,0 +1,29 @@
 #!/usr/bin/env sh
 #Here is the script to deploy the cert to your cpanel account by the cpanel APIs.
 #returns 0 means success, otherwise error.
 #export DEPLOY_CPANEL_USER=myusername
 #export DEPLOY_CPANEL_PASSWORD=PASSWORD
 ########  Public functions #####################
 #domain keyfile certfile cafile fullchain
 cpanel_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"
  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"
  _err "Not implemented yet"
  return 1
 }
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@ -93,7 +93,7 @@ _get_root() {
      fi
      if _contains "$response" "<Name>$h.</Name>"; then
        hostedzone="$(echo "$response" | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
        hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
        _debug hostedzone "$hostedzone"
        if [ -z "$hostedzone" ]; then
          _err "Error, can not get hostedzone."