Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

Merge pull request #20 from Neilpang/dev

supprt apache server plugin
Neil 9 years ago
parent
8172bdee87 2c75b3fd6b
commit
2bf1d93afd
2 changed files with 129 additions and 10 deletions
Split View Show Diff Stats
  1. 19 3
      README.md
  2. 110 7
      le.sh

+ 19 - 3
README.md
View File 

@@ -1,12 +1,12 @@
 
 # le
 
 Simplest shell script for LetsEncrypt free Certificate client
 
 
-This is a shell version from https://github.com/diafygi/acme-tiny
 
-
 
 Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt)
 
 
 Just one script, to issue, renew your certificates automatically.
 
 
+This is a shell version from https://github.com/diafygi/acme-tiny, but without any dependencies.
 
+
 
 Probably it's the smallest&easiest&smartest shell script to automatically  issue&renew the free certificates from LetsEncrypt.
 
 
 
@@ -15,6 +15,11 @@ Probably it's the smallest&easiest&smartest shell script to automatically  issue
 
 2. CentOS
 
 
 
+#Supported Mode
 
+1. Webroot mode
 
+2. Standalone mode
 
+3. Apache mode
 
+
 
 #How to use
 
 
 1. Clone this project: https://github.com/Neilpang/le.git
 
@@ -37,7 +42,7 @@ root@xvm:~# le
 
 Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall
 
 
 root@xvm:~# le issue
 
-Usage: le  issue  webroot|no   a.com  [www.a.com,b.com,c.com]|no   [key-length]|no  [cert-file-path]|no  [key-file-path]|no  [ca-cert-file-path]|no   [reloadCmd]|no
 
+Usage: le  issue  webroot|no|apache   a.com  [www.a.com,b.com,c.com]|no   [key-length]|no  [cert-file-path]|no  [key-file-path]|no  [ca-cert-file-path]|no   [reloadCmd]|no
 
 
 ```
 
 
@@ -77,6 +82,17 @@ The tcp `80` port must be free to listen, otherwise you will be prompted to free
 
 le issue    no    aa.com    www.aa.com,cp.aa.com
 
 ```
 
 
+# Use Apache mode:
 
+If you are running a web server, apache or nginx, it its recommended to use the Webroot mode.
 
+Particularly,  if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
 
+
 
+Just set string "apache" to the first argument, it will use apache plugin automatically.
 
+
 
+```
 
+le  issue  apache  aa.com  www.aa.com
 
+```
 
+All the other arguments are the same with previous.
 
+
 
 
 
 #Under the Hood

+ 110 - 7
le.sh
View File 

@@ -1,6 +1,6 @@
 
 #!/bin/bash
 
 
-
 
+PROJECT="https://github.com/Neilpang/le"
 
 
 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
 
 DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
 
@@ -234,7 +234,15 @@ _stopserver() {
 
 
 _initpath() {
 
   if [ -z "$WORKING_DIR" ]; then
 
-    WORKING_DIR=~/.le
 
+    WORKING_DIR=$HOME/.le
 
+  fi
 
+  
+  if [ -z "$ACME_DIR" ] ; then
 
+    ACME_DIR="/home/.acme"
 
+  fi
 
+  
+  if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then
 
+    APACHE_CONF_BACKUP_DIR="$WORKING_DIR/"
 
   fi
 
   
   domain="$1"
 
@@ -256,8 +264,90 @@ _initpath() {
 
   CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
 
   
   CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
 
+  
+
 
+  
+}
 
+
 
+
 
+_apachePath() {
 
+  httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
 
+  httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
 
+  httpdconf="$httpdroot/$httpdconfname"
 
+  if [ ! -f $httpdconf ] ; then
 
+    _err "Apache Config file not found" $httpdconf
 
+    return 1
 
+  fi
 
+  return 0
 
+}
 
+
 
+_restoreApache() {
 
+  _initpath
 
+  if ! _apachePath ; then
 
+    return 1
 
+  fi
 
+  
+  if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then
 
+    _debug "No config file to restore."
 
+    return 0
 
+  fi
 
+  
+  cp -p "$APACHE_CONF_BACKUP_DIR/$httpdconfname" "$httpdconf"
 
+  if ! apachectl  -t ; then
 
+    _err "Sorry, restore apache config error, please contact me."
 
+    return 1;
 
+  fi
 
+  rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname"
 
+  return 0  
+}
 
+
 
+_setApache() {
 
+  _initpath
 
+  if ! _apachePath ; then
 
+    return 1
 
+  fi
 
+
 
+  #backup the conf
 
+  _debug "Backup apache config file" $httpdconf
 
+  cp -p $httpdconf $APACHE_CONF_BACKUP_DIR/
 
+  _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
 
+  _info "In case there is an error that can not be restored automatically, you may try restore it yourself."
 
+  _info "The backup file will be deleted on sucess, just forget it."
 
+  
+  #add alias
 
+  echo "
 
+Alias /.well-known/acme-challenge  $ACME_DIR
 
+
 
+<Directory $ACME_DIR >
 
+Order allow,deny
 
+Allow from all
 
+</Directory>
 
+  " >> $httpdconf
 
+  
+  if ! apachectl  -t ; then
 
+    _err "Sorry, apache config error, please contact me."
 
+    _restoreApache
 
+    return 1;
 
+  fi
 
+  
+  if [ ! -d "$ACME_DIR" ] ; then
 
+    mkdir -p "$ACME_DIR"
 
+    chmod 755 "$ACME_DIR"
 
+  fi
 
+  
+  if ! apachectl  graceful ; then
 
+    _err "Sorry, apachectl  graceful error, please contact me."
 
+    _restoreApache
 
+    return 1;
 
+  fi
 
+  
+  return 0
 
 }
 
 
+_clearup () {
 
+  _stopserver $serverproc
 
+  _restoreApache
 
+}
 
 
 issue() {
 
   if [ -z "$1" ] ; then
 
@@ -330,6 +420,14 @@ issue() {
 
       return 1
 
     fi
 
   fi
 
+  
+  if [ "$Le_Webroot" == "apache" ] ; then
 
+    if ! _setApache ; then
 
+      _err "set up apache error. Report error to me."
 
+      return 1
 
+    fi
 
+    wellknown_path="$ACME_DIR"
 
+  fi
 
 
   createAccountKey $Le_Domain $Le_Keylength
 
   
@@ -373,6 +471,7 @@ issue() {
 
     _info "Already registered"
 
   else
 
     _err "Register account Error."
 
+    _clearup
 
     return 1
 
   fi
 
   
@@ -388,6 +487,7 @@ issue() {
 
  
     if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
 
       _err "new-authz error: $response"
 
+      _clearup
 
       return 1
 
     fi
 
     
@@ -410,7 +510,9 @@ issue() {
 
       sleep 2
 
       _debug serverproc $serverproc
 
     else
 
-      wellknown_path="$Le_Webroot/.well-known/acme-challenge"
 
+      if [ -z "$wellknown_path" ] ; then
 
+        wellknown_path="$Le_Webroot/.well-known/acme-challenge"
 
+      fi
 
       _debug wellknown_path "$wellknown_path"
 
       
       mkdir -p "$wellknown_path"
 
@@ -425,7 +527,7 @@ issue() {
 
     
     if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
 
       _err "$d:Challenge error: $resource"
 
-      _stopserver $serverproc
 
+      _clearup
 
       return 1
 
     fi
 
     
@@ -436,7 +538,7 @@ issue() {
 
       
       if ! _get $uri ; then
 
         _err "$d:Verify error:$resource"
 
-        _stopserver $serverproc
 
+        _clearup
 
         return 1
 
       fi
 
       
@@ -449,7 +551,7 @@ issue() {
 
       if [ "$status" == "invalid" ] ; then
 
          error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
 
         _err "$d:Verify error:$error"
 
-        _stopserver $serverproc
 
+        _clearup
 
         return 1;
 
       fi
 
       
@@ -457,7 +559,7 @@ issue() {
 
         _info "Pending"
 
       else
 
         _err "$d:Verify error:$response" 
-        _stopserver $serverproc
 
+        _clearup
 
         return 1
 
       fi
 
       
@@ -488,6 +590,7 @@ issue() {
 
   if [ -z "$Le_LinkCert" ] ; then
 
     response="$(echo $response | base64 -d)"
 
     _err "Sign failed: $(echo "$response" | grep -o  '"detail":"[^"]*"')"
 
+    _clearup
 
     return 1
 
   fi