|
|
@@ -1,6 +1,6 @@
|
|
|
#!/usr/bin/env sh
|
|
|
|
|
|
-VER=2.6.5
|
|
|
+VER=2.6.6
|
|
|
|
|
|
PROJECT_NAME="acme.sh"
|
|
|
|
|
|
@@ -1634,7 +1634,11 @@ __initHome() {
|
|
|
fi
|
|
|
export LE_WORKING_DIR
|
|
|
|
|
|
- _DEFAULT_ACCOUNT_CONF_PATH="$LE_WORKING_DIR/account.conf"
|
|
|
+ if [ -z "$CONFIG_HOME" ]; then
|
|
|
+ CONFIG_HOME="$LE_WORKING_DIR"
|
|
|
+ fi
|
|
|
+
|
|
|
+ _DEFAULT_ACCOUNT_CONF_PATH="$CONFIG_HOME/account.conf"
|
|
|
|
|
|
if [ -z "$ACCOUNT_CONF_PATH" ]; then
|
|
|
if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then
|
|
|
@@ -1646,12 +1650,12 @@ __initHome() {
|
|
|
ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH"
|
|
|
fi
|
|
|
|
|
|
- DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log"
|
|
|
+ DEFAULT_LOG_FILE="$CONFIG_HOME/$PROJECT_NAME.log"
|
|
|
|
|
|
- DEFAULT_CA_HOME="$LE_WORKING_DIR/ca"
|
|
|
+ DEFAULT_CA_HOME="$CONFIG_HOME/ca"
|
|
|
|
|
|
if [ -z "$LE_TEMP_DIR" ]; then
|
|
|
- LE_TEMP_DIR="$LE_WORKING_DIR/tmp"
|
|
|
+ LE_TEMP_DIR="$CONFIG_HOME/tmp"
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
@@ -1703,7 +1707,7 @@ _initpath() {
|
|
|
fi
|
|
|
|
|
|
if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then
|
|
|
- APACHE_CONF_BACKUP_DIR="$LE_WORKING_DIR"
|
|
|
+ APACHE_CONF_BACKUP_DIR="$CONFIG_HOME"
|
|
|
fi
|
|
|
|
|
|
if [ -z "$USER_AGENT" ]; then
|
|
|
@@ -1711,7 +1715,7 @@ _initpath() {
|
|
|
fi
|
|
|
|
|
|
if [ -z "$HTTP_HEADER" ]; then
|
|
|
- HTTP_HEADER="$LE_WORKING_DIR/http.header"
|
|
|
+ HTTP_HEADER="$CONFIG_HOME/http.header"
|
|
|
fi
|
|
|
|
|
|
_OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key"
|
|
|
@@ -1727,7 +1731,7 @@ _initpath() {
|
|
|
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
|
|
|
fi
|
|
|
|
|
|
- _DEFAULT_CERT_HOME="$LE_WORKING_DIR"
|
|
|
+ _DEFAULT_CERT_HOME="$CONFIG_HOME"
|
|
|
if [ -z "$CERT_HOME" ]; then
|
|
|
CERT_HOME="$_DEFAULT_CERT_HOME"
|
|
|
fi
|
|
|
@@ -3350,7 +3354,9 @@ _installcert() {
|
|
|
|
|
|
}
|
|
|
|
|
|
+#confighome
|
|
|
installcronjob() {
|
|
|
+ _c_home="$1"
|
|
|
_initpath
|
|
|
if ! _exists "crontab"; then
|
|
|
_err "crontab doesn't exist, so, we can not install cron jobs."
|
|
|
@@ -3367,15 +3373,20 @@ installcronjob() {
|
|
|
_err "Can not install cronjob, $PROJECT_ENTRY not found."
|
|
|
return 1
|
|
|
fi
|
|
|
+
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _c_entry="--config-home \"$_c_home\""
|
|
|
+ fi
|
|
|
+
|
|
|
if _exists uname && uname -a | grep SunOS >/dev/null; then
|
|
|
crontab -l | {
|
|
|
cat
|
|
|
- echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
|
|
|
+ echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry > /dev/null"
|
|
|
} | crontab --
|
|
|
else
|
|
|
crontab -l | {
|
|
|
cat
|
|
|
- echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
|
|
|
+ echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry > /dev/null"
|
|
|
} | crontab -
|
|
|
fi
|
|
|
fi
|
|
|
@@ -3401,6 +3412,10 @@ uninstallcronjob() {
|
|
|
fi
|
|
|
LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')"
|
|
|
_info LE_WORKING_DIR "$LE_WORKING_DIR"
|
|
|
+ if _contains "$cr" "--config-home"; then
|
|
|
+ CONFIG_HOME="$(echo "$cr" | cut -d ' ' -f 11 | tr -d '"')"
|
|
|
+ _debug CONFIG_HOME "$CONFIG_HOME"
|
|
|
+ fi
|
|
|
fi
|
|
|
_initpath
|
|
|
|
|
|
@@ -3664,7 +3679,9 @@ _setShebang() {
|
|
|
rm -f "$_file.tmp"
|
|
|
}
|
|
|
|
|
|
+#confighome
|
|
|
_installalias() {
|
|
|
+ _c_home="$1"
|
|
|
_initpath
|
|
|
|
|
|
_envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env"
|
|
|
@@ -3674,8 +3691,12 @@ _installalias() {
|
|
|
echo "$(cat "$_envfile")" | sed "s|^alias le.sh.*$||" >"$_envfile"
|
|
|
fi
|
|
|
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _c_entry="--config-home '$_c_home'"
|
|
|
+ fi
|
|
|
+
|
|
|
_setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\""
|
|
|
- _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
|
|
|
+ _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
|
|
|
|
|
|
_profile="$(_detect_profile)"
|
|
|
if [ "$_profile" ]; then
|
|
|
@@ -3693,7 +3714,7 @@ _installalias() {
|
|
|
if [ -f "$_csh_profile" ]; then
|
|
|
_info "Installing alias to '$_csh_profile'"
|
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
|
|
|
- _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
|
|
|
+ _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
|
|
|
_setopt "$_csh_profile" "source \"$_cshfile\""
|
|
|
fi
|
|
|
|
|
|
@@ -3702,13 +3723,13 @@ _installalias() {
|
|
|
if [ -f "$_tcsh_profile" ]; then
|
|
|
_info "Installing alias to '$_tcsh_profile'"
|
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
|
|
|
- _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
|
|
|
+ _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
|
|
|
_setopt "$_tcsh_profile" "source \"$_cshfile\""
|
|
|
fi
|
|
|
|
|
|
}
|
|
|
|
|
|
-# nocron
|
|
|
+# nocron confighome
|
|
|
install() {
|
|
|
|
|
|
if [ -z "$LE_WORKING_DIR" ]; then
|
|
|
@@ -3716,6 +3737,7 @@ install() {
|
|
|
fi
|
|
|
|
|
|
_nocron="$1"
|
|
|
+ _c_home="$2"
|
|
|
if ! _initpath; then
|
|
|
_err "Install failed."
|
|
|
return 1
|
|
|
@@ -3754,6 +3776,13 @@ install() {
|
|
|
|
|
|
chmod 700 "$LE_WORKING_DIR"
|
|
|
|
|
|
+ if ! mkdir -p "$CONFIG_HOME"; then
|
|
|
+ _err "Can not create config dir: $CONFIG_HOME"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ chmod 700 "$CONFIG_HOME"
|
|
|
+
|
|
|
cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
|
|
|
if [ "$?" != "0" ]; then
|
|
|
@@ -3763,7 +3792,7 @@ install() {
|
|
|
|
|
|
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
|
|
|
- _installalias
|
|
|
+ _installalias "$_c_home"
|
|
|
|
|
|
for subf in $_SUB_FOLDERS; do
|
|
|
if [ -d "$subf" ]; then
|
|
|
@@ -3789,7 +3818,7 @@ install() {
|
|
|
fi
|
|
|
|
|
|
if [ -z "$_nocron" ]; then
|
|
|
- installcronjob
|
|
|
+ installcronjob "$_c_home"
|
|
|
fi
|
|
|
|
|
|
if [ -z "$NO_DETECT_SH" ]; then
|
|
|
@@ -3822,7 +3851,7 @@ uninstall() {
|
|
|
_uninstallalias
|
|
|
|
|
|
rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
- _info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself."
|
|
|
+ _info "The keys and certs are in \"$(__green "$CONFIG_HOME")\", you can remove them by yourself."
|
|
|
|
|
|
}
|
|
|
|
|
|
@@ -3895,18 +3924,18 @@ Commands:
|
|
|
--issue Issue a cert.
|
|
|
--signcsr Issue a cert from an existing csr.
|
|
|
--deploy Deploy the cert to your server.
|
|
|
- --installcert Install the issued cert to apache/nginx or any other server.
|
|
|
+ --install-cert Install the issued cert to apache/nginx or any other server.
|
|
|
--renew, -r Renew a cert.
|
|
|
- --renewAll Renew all the certs.
|
|
|
+ --renew-all Renew all the certs.
|
|
|
--revoke Revoke a cert.
|
|
|
--list List all the certs.
|
|
|
--showcsr Show the content of a csr.
|
|
|
- --installcronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
|
|
|
- --uninstallcronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
|
|
|
+ --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
|
|
|
+ --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
|
|
|
--cron Run cron job to renew all the certs.
|
|
|
--toPkcs Export the certificate and key to a pfx file.
|
|
|
- --updateaccount Update account info.
|
|
|
- --registeraccount Register account key.
|
|
|
+ --update-account Update account info.
|
|
|
+ --register-account Register account key.
|
|
|
--createAccountKey, -cak Create an account private key, professional use.
|
|
|
--createDomainKey, -cdk Create an domain private key, professional use.
|
|
|
--createCSR, -ccsr Create CSR , professional use.
|
|
|
@@ -3941,7 +3970,8 @@ Parameters:
|
|
|
|
|
|
--accountconf Specifies a customized account config file.
|
|
|
--home Specifies the home dir for $PROJECT_NAME .
|
|
|
- --certhome Specifies the home dir to save all the certs, only valid for '--install' command.
|
|
|
+ --cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
|
|
+ --config-home Specifies the home dir to save all the configurations.
|
|
|
--useragent Specifies the user agent string. it will be saved for future use too.
|
|
|
--accountemail Specifies the account email for registering, Only valid for the '--install' command.
|
|
|
--accountkey Specifies the account key path, Only valid for the '--install' command.
|
|
|
@@ -3950,11 +3980,11 @@ Parameters:
|
|
|
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
|
|
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
|
|
|
--listraw Only used for '--list' command, list the certs in raw format.
|
|
|
- --stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
|
|
|
+ --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
|
|
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
|
|
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
|
|
|
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
|
|
- --ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
|
|
+ --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
|
|
--csr Specifies the input csr.
|
|
|
--pre-hook Command to be run before obtaining any certificates.
|
|
|
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
|
|
|
@@ -4063,6 +4093,7 @@ _process() {
|
|
|
_accountemail=""
|
|
|
_accountkey=""
|
|
|
_certhome=""
|
|
|
+ _confighome=""
|
|
|
_httpport=""
|
|
|
_tlsport=""
|
|
|
_dnssleep=""
|
|
|
@@ -4117,13 +4148,13 @@ _process() {
|
|
|
--showcsr)
|
|
|
_CMD="showcsr"
|
|
|
;;
|
|
|
- --installcert | -i)
|
|
|
+ --installcert | -i|--install-cert)
|
|
|
_CMD="installcert"
|
|
|
;;
|
|
|
--renew | -r)
|
|
|
_CMD="renew"
|
|
|
;;
|
|
|
- --renewAll | --renewall)
|
|
|
+ --renewAll | --renewall|--renew-all)
|
|
|
_CMD="renewAll"
|
|
|
;;
|
|
|
--revoke)
|
|
|
@@ -4132,10 +4163,10 @@ _process() {
|
|
|
--list)
|
|
|
_CMD="list"
|
|
|
;;
|
|
|
- --installcronjob)
|
|
|
+ --installcronjob|--install-cronjob)
|
|
|
_CMD="installcronjob"
|
|
|
;;
|
|
|
- --uninstallcronjob)
|
|
|
+ --uninstallcronjob|--install-cronjob)
|
|
|
_CMD="uninstallcronjob"
|
|
|
;;
|
|
|
--cron)
|
|
|
@@ -4156,10 +4187,10 @@ _process() {
|
|
|
--deactivate)
|
|
|
_CMD="deactivate"
|
|
|
;;
|
|
|
- --updateaccount)
|
|
|
+ --updateaccount|--update-account)
|
|
|
_CMD="updateaccount"
|
|
|
;;
|
|
|
- --registeraccount)
|
|
|
+ --registeraccount|--register-account)
|
|
|
_CMD="registeraccount"
|
|
|
;;
|
|
|
--domain | -d)
|
|
|
@@ -4301,11 +4332,16 @@ _process() {
|
|
|
LE_WORKING_DIR="$2"
|
|
|
shift
|
|
|
;;
|
|
|
- --certhome)
|
|
|
+ --certhome|--cert-home)
|
|
|
_certhome="$2"
|
|
|
CERT_HOME="$_certhome"
|
|
|
shift
|
|
|
;;
|
|
|
+ --config-home)
|
|
|
+ _confighome="$2"
|
|
|
+ CONFIG_HOME="$_confighome"
|
|
|
+ shift
|
|
|
+ ;;
|
|
|
--useragent)
|
|
|
_useragent="$2"
|
|
|
USER_AGENT="$_useragent"
|
|
|
@@ -4456,7 +4492,7 @@ _process() {
|
|
|
fi
|
|
|
|
|
|
case "${_CMD}" in
|
|
|
- install) install "$_nocron" ;;
|
|
|
+ install) install "$_nocron" "$_confighome" ;;
|
|
|
uninstall) uninstall "$_nocron" ;;
|
|
|
upgrade) upgrade ;;
|
|
|
issue)
|
|
|
@@ -4495,7 +4531,7 @@ _process() {
|
|
|
list)
|
|
|
list "$_listraw"
|
|
|
;;
|
|
|
- installcronjob) installcronjob ;;
|
|
|
+ installcronjob) installcronjob "$_confighome" ;;
|
|
|
uninstallcronjob) uninstallcronjob ;;
|
|
|
cron) cron ;;
|
|
|
toPkcs)
|
|
|
@@ -4512,7 +4548,9 @@ _process() {
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
- _err "Invalid command: $_CMD"
|
|
|
+ if [ "$_CMD" ]; then
|
|
|
+ _err "Invalid command: $_CMD"
|
|
|
+ fi
|
|
|
showhelp
|
|
|
return 1
|
|
|
;;
|
neilpang