Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge remote-tracking branch 'upstream/master' into ssh-deploy

pull/586/head
David Kerr 8 years ago
parent
e3feac3fd8 a6feb0a887
commit
e925ab0999
6 changed files with 142 additions and 22 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      .github/ISSUE_TEMPLATE.md
  2. 4
      README.md
  3. 99
      acme.sh
  4. 26
      deploy/README.md
  5. 29
      deploy/cpanel.sh
  6. 2
      dnsapi/dns_aws.sh

4
.github/ISSUE_TEMPLATE.md
View File

@ -1,4 +1,6 @@
<!--
请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试输出,我帮不了你.
如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
If it is a bug report:
- make sure you are able to repro it on the latest released version.
@ -8,13 +10,11 @@ You can install the latest version by: `acme.sh --upgrade`
- Refer to the [WIKI](https://wiki.acme.sh).
- Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh).
-->
Steps to reproduce
------------------
Debug log
-----------------

4
README.md
View File

@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT**
**Apache** example:
```bash
acme.sh --installcert -d example.com \
acme.sh --install-cert -d example.com \
--certpath /path/to/certfile/in/apache/cert.pem \
--keypath /path/to/keyfile/in/apache/key.pem \
--fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \
**Nginx** example:
```bash
acme.sh --installcert -d example.com \
acme.sh --install-cert -d example.com \
--keypath /path/to/keyfile/in/nginx/key.pem \
--fullchainpath /path/to/fullchain/nginx/cert.pem \
--reloadcmd "service nginx force-reload"

99
acme.sh
View File

@ -61,6 +61,10 @@ LOG_LEVEL_2=2
LOG_LEVEL_3=3
DEFAULT_LOG_LEVEL="$LOG_LEVEL_1"
SYSLOG_INFO="user.info"
SYSLOG_ERROR="user.error"
SYSLOG_DEBUG="user.debug"
_DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh"
_PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
@ -128,18 +132,30 @@ _dlg_versions() {
fi
}
#class
_syslog() {
if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then
return
fi
_logclass="$1"
shift
logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
}
_log() {
_syslog "$@"
[ -z "$LOG_FILE" ] && return
shift
_printargs "$@" >>"$LOG_FILE"
}
_info() {
_log "$@"
_log "$SYSLOG_INFO" "$@"
_printargs "$@"
}
_err() {
_log "$@"
_log "$SYSLOG_ERROR" "$@"
if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
printf -- "%s" "[$(date)] " >&2
fi
@ -159,7 +175,7 @@ _usage() {
_debug() {
if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then
_log "$@"
_log "$SYSLOG_DEBUG" "$@"
fi
if [ -z "$DEBUG" ]; then
return
@ -169,19 +185,19 @@ _debug() {
_debug2() {
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then
_log "$@"
_log "$SYSLOG_DEBUG" "$@"
fi
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
_debug "$@"
_printargs "$@" >&2
fi
}
_debug3() {
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then
_log "$@"
_log "$SYSLOG_DEBUG" "$@"
fi
if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then
_debug "$@"
_printargs "$@" >&2
fi
}
@ -364,8 +380,16 @@ _ascii_hex() {
#input:"abc"
#output: " 61 62 63"
_hex_dump() {
#in wired some system, the od command is missing.
if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then
if _exists od; then
od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n"
elif _exists hexdump; then
_debug3 "using hexdump"
hexdump -v -e '/1 ""' -e '/1 " %02x" ""'
elif _exists xxd; then
_debug3 "using xxd"
xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " "
else
_debug3 "using _ascii_hex"
str=$(cat)
_ascii_hex "$str"
fi
@ -896,7 +920,11 @@ _createcsr() {
_csr_cn="$(_idn "$domain")"
_debug2 _csr_cn "$_csr_cn"
$OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
if _contains "$(uname -a)" "MINGW"; then
$OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
else
$OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
fi
}
#_signcsr key csr conf cert
@ -4234,7 +4262,7 @@ Commands:
--version, -v Show version info.
--install Install $PROJECT_NAME to your system.
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT .
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
--issue Issue a cert.
--signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server.
@ -4251,8 +4279,8 @@ Commands:
--toPkcs Export the certificate and key to a pfx file.
--update-account Update account info.
--register-account Register account key.
--createAccountKey, -cak Create an account private key, professional use.
--createDomainKey, -cdk Create an domain private key, professional use.
--create-account-key Create an account private key, professional use.
--create-domain-key Create an domain private key, professional use.
--createCSR, -ccsr Create CSR , professional use.
--deactivate Deactivate the domain authz, professional use.
@ -4274,6 +4302,7 @@ Parameters:
--accountkeylength, -ak [2048] Specifies the account key length.
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
--log-level 1|2 Specifies the log level, default is 1.
--syslog [1|0] Enable/Disable syslog.
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
@ -4432,6 +4461,7 @@ _process() {
_listen_v4=""
_listen_v6=""
_openssl_bin=""
_syslog=""
while [ ${#} -gt 0 ]; do
case "${1}" in
@ -4494,10 +4524,10 @@ _process() {
--toPkcs)
_CMD="toPkcs"
;;
--createAccountKey | --createaccountkey | -cak)
--createAccountKey | --createaccountkey | -cak | --create-account-key)
_CMD="createAccountKey"
;;
--createDomainKey | --createdomainkey | -cdk)
--createDomainKey | --createdomainkey | -cdk | --create-domain-key)
_CMD="createDomainKey"
;;
--createCSR | --createcsr | -ccr)
@ -4762,6 +4792,15 @@ _process() {
LOG_LEVEL="$_log_level"
shift
;;
--syslog)
if ! _startswith "$2" '-'; then
_syslog="$2"
shift
fi
if [ -z "$_syslog" ]; then
_syslog="1"
fi
;;
--auto-upgrade)
_auto_upgrade="$2"
if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then
@ -4809,6 +4848,21 @@ _process() {
LOG_LEVEL="$_log_level"
fi
if [ "$_syslog" ]; then
if _exists logger; then
if [ "$_syslog" = "0" ]; then
_clearaccountconf "SYS_LOG"
else
_saveaccountconf "SYS_LOG" "$_syslog"
fi
SYS_LOG="$_syslog"
else
_err "The 'logger' command is not found, can not enable syslog."
_clearaccountconf "SYS_LOG"
SYS_LOG=""
fi
fi
_processAccountConf
fi
@ -4901,6 +4955,21 @@ _process() {
if [ "$_log_level" ]; then
_saveaccountconf "LOG_LEVEL" "$_log_level"
fi
if [ "$_syslog" ]; then
if _exists logger; then
if [ "$_syslog" = "0" ]; then
_clearaccountconf "SYS_LOG"
else
_saveaccountconf "SYS_LOG" "$_syslog"
fi
else
_err "The 'logger' command is not found, can not enable syslog."
_clearaccountconf "SYS_LOG"
SYS_LOG=""
fi
fi
_processAccountConf
fi

26
deploy/README.md
View File

@ -1,6 +1,28 @@
#Using deploy api
# Using deploy api
#Using the ssh deploy plugin
Here are the scripts to deploy the certs/key to the server/services.
## 1. Deploy the certs to your cpanel host.
(cpanel deploy hook is not finished yet, this is just an example.)
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
Then you can deploy now:
```sh
export DEPLOY_CPANEL_USER=myusername
export DEPLOY_CPANEL_PASSWORD=PASSWORD
acme.sh --deploy -d example.com --deploy --deploy-hook cpanel
```
## 2. Deploy ssl cert on kong proxy engine based on api.
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
(TODO)
## 3. Deploy the cert to remote server through SSH access.
The ssh deploy plugin allows you to deploy certificates to a remote host
using SSH command to connect to the remote server. The ssh plugin is invoked

29
deploy/cpanel.sh
View File

@ -0,0 +1,29 @@
#!/usr/bin/env sh
#Here is the script to deploy the cert to your cpanel account by the cpanel APIs.
#returns 0 means success, otherwise error.
#export DEPLOY_CPANEL_USER=myusername
#export DEPLOY_CPANEL_PASSWORD=PASSWORD
######## Public functions #####################
#domain keyfile certfile cafile fullchain
cpanel_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_err "Not implemented yet"
return 1
}

2
dnsapi/dns_aws.sh
View File

@ -93,7 +93,7 @@ _get_root() {
fi
if _contains "$response" "<Name>$h.</Name>"; then
hostedzone="$(echo "$response" | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
_debug hostedzone "$hostedzone"
if [ -z "$hostedzone" ]; then
_err "Error, can not get hostedzone."

Write Preview
Loading…
Cancel
Save