|
@@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
|
|
|
NO_VALUE="no"
|
|
NO_VALUE="no"
|
|
|
|
|
|
|
|
W_TLS="tls"
|
|
W_TLS="tls"
|
|
|
|
|
+DNS_ALIAS_PREFIX="="
|
|
|
|
|
|
|
|
MODE_STATELESS="stateless"
|
|
MODE_STATELESS="stateless"
|
|
|
|
|
|
|
@@ -105,6 +106,8 @@ _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
|
|
|
|
|
|
|
|
_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
|
|
_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
|
|
|
|
|
|
|
|
|
|
+_DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode"
|
|
|
|
|
+
|
|
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
|
|
|
|
|
|
|
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
|
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
|
@@ -2859,8 +2862,9 @@ _clearupdns() {
|
|
|
_debug "skip dns."
|
|
_debug "skip dns."
|
|
|
return
|
|
return
|
|
|
fi
|
|
fi
|
|
|
-
|
|
|
|
|
|
|
+ _info "Removing DNS records."
|
|
|
ventries=$(echo "$vlist" | tr ',' ' ')
|
|
ventries=$(echo "$vlist" | tr ',' ' ')
|
|
|
|
|
+ _alias_index=1
|
|
|
for ventry in $ventries; do
|
|
for ventry in $ventries; do
|
|
|
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
|
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
|
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
|
@@ -2874,7 +2878,7 @@ _clearupdns() {
|
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
if [ "$vtype" != "$VTYPE_DNS" ]; then
|
|
if [ "$vtype" != "$VTYPE_DNS" ]; then
|
|
|
- _info "Skip $d for $vtype"
|
|
|
|
|
|
|
+ _debug "Skip $d for $vtype"
|
|
|
continue
|
|
continue
|
|
|
fi
|
|
fi
|
|
|
|
|
|
|
@@ -2902,7 +2906,19 @@ _clearupdns() {
|
|
|
if _startswith "$_dns_root_d" "*."; then
|
|
if _startswith "$_dns_root_d" "*."; then
|
|
|
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
|
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
|
|
fi
|
|
fi
|
|
|
- txtdomain="_acme-challenge.$_dns_root_d"
|
|
|
|
|
|
|
+
|
|
|
|
|
+ _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
|
|
|
|
|
+ _alias_index="$(_math "$_alias_index" + 1)"
|
|
|
|
|
+ _debug "_d_alias" "$_d_alias"
|
|
|
|
|
+ if [ "$_d_alias" ]; then
|
|
|
|
|
+ if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
|
|
|
|
|
+ txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
|
|
|
|
|
+ else
|
|
|
|
|
+ txtdomain="_acme-challenge.$_d_alias"
|
|
|
|
|
+ fi
|
|
|
|
|
+ else
|
|
|
|
|
+ txtdomain="_acme-challenge.$_dns_root_d"
|
|
|
|
|
+ fi
|
|
|
|
|
|
|
|
if ! $rmcommand "$txtdomain" "$txt"; then
|
|
if ! $rmcommand "$txtdomain" "$txt"; then
|
|
|
_err "Error removing txt for domain:$txtdomain"
|
|
_err "Error removing txt for domain:$txtdomain"
|
|
@@ -3384,7 +3400,7 @@ issue() {
|
|
|
_post_hook="${11}"
|
|
_post_hook="${11}"
|
|
|
_renew_hook="${12}"
|
|
_renew_hook="${12}"
|
|
|
_local_addr="${13}"
|
|
_local_addr="${13}"
|
|
|
-
|
|
|
|
|
|
|
+ _challenge_alias="${14}"
|
|
|
#remove these later.
|
|
#remove these later.
|
|
|
if [ "$_web_roots" = "dns-cf" ]; then
|
|
if [ "$_web_roots" = "dns-cf" ]; then
|
|
|
_web_roots="dns_cf"
|
|
_web_roots="dns_cf"
|
|
@@ -3437,6 +3453,11 @@ issue() {
|
|
|
else
|
|
else
|
|
|
_cleardomainconf "Le_LocalAddress"
|
|
_cleardomainconf "Le_LocalAddress"
|
|
|
fi
|
|
fi
|
|
|
|
|
+ if [ "$_challenge_alias" ]; then
|
|
|
|
|
+ _savedomainconf "Le_ChallengeAlias" "$_challenge_alias"
|
|
|
|
|
+ else
|
|
|
|
|
+ _cleardomainconf "Le_ChallengeAlias"
|
|
|
|
|
+ fi
|
|
|
|
|
|
|
|
Le_API="$ACME_DIRECTORY"
|
|
Le_API="$ACME_DIRECTORY"
|
|
|
_savedomainconf "Le_API" "$Le_API"
|
|
_savedomainconf "Le_API" "$Le_API"
|
|
@@ -3658,6 +3679,7 @@ $_authorizations_map"
|
|
|
#add entry
|
|
#add entry
|
|
|
dnsadded=""
|
|
dnsadded=""
|
|
|
ventries=$(echo "$vlist" | tr "$dvsep" ' ')
|
|
ventries=$(echo "$vlist" | tr "$dvsep" ' ')
|
|
|
|
|
+ _alias_index=1
|
|
|
for ventry in $ventries; do
|
|
for ventry in $ventries; do
|
|
|
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
|
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
|
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
|
@@ -3675,7 +3697,18 @@ $_authorizations_map"
|
|
|
if _startswith "$_dns_root_d" "*."; then
|
|
if _startswith "$_dns_root_d" "*."; then
|
|
|
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
|
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
|
|
fi
|
|
fi
|
|
|
- txtdomain="_acme-challenge.$_dns_root_d"
|
|
|
|
|
|
|
+ _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
|
|
|
|
|
+ _alias_index="$(_math "$_alias_index" + 1)"
|
|
|
|
|
+ _debug "_d_alias" "$_d_alias"
|
|
|
|
|
+ if [ "$_d_alias" ]; then
|
|
|
|
|
+ if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
|
|
|
|
|
+ txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
|
|
|
|
|
+ else
|
|
|
|
|
+ txtdomain="_acme-challenge.$_d_alias"
|
|
|
|
|
+ fi
|
|
|
|
|
+ else
|
|
|
|
|
+ txtdomain="_acme-challenge.$_dns_root_d"
|
|
|
|
|
+ fi
|
|
|
_debug txtdomain "$txtdomain"
|
|
_debug txtdomain "$txtdomain"
|
|
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
|
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
|
|
|
_debug txt "$txt"
|
|
_debug txt "$txt"
|
|
@@ -4228,7 +4261,7 @@ renew() {
|
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
IS_RENEW="1"
|
|
IS_RENEW="1"
|
|
|
- issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress"
|
|
|
|
|
|
|
+ issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
|
|
|
res="$?"
|
|
res="$?"
|
|
|
if [ "$res" != "0" ]; then
|
|
if [ "$res" != "0" ]; then
|
|
|
return "$res"
|
|
return "$res"
|
|
@@ -4292,6 +4325,17 @@ signcsr() {
|
|
|
return 1
|
|
return 1
|
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
|
|
+ _real_cert="$3"
|
|
|
|
|
+ _real_key="$4"
|
|
|
|
|
+ _real_ca="$5"
|
|
|
|
|
+ _reload_cmd="$6"
|
|
|
|
|
+ _real_fullchain="$7"
|
|
|
|
|
+ _pre_hook="${8}"
|
|
|
|
|
+ _post_hook="${9}"
|
|
|
|
|
+ _renew_hook="${10}"
|
|
|
|
|
+ _local_addr="${11}"
|
|
|
|
|
+ _challenge_alias="${12}"
|
|
|
|
|
+
|
|
|
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
|
|
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
|
|
|
if [ "$?" != "0" ]; then
|
|
if [ "$?" != "0" ]; then
|
|
|
_err "Can not read subject from csr: $_csrfile"
|
|
_err "Can not read subject from csr: $_csrfile"
|
|
@@ -4337,7 +4381,7 @@ signcsr() {
|
|
|
_info "Copy csr to: $CSR_PATH"
|
|
_info "Copy csr to: $CSR_PATH"
|
|
|
cp "$_csrfile" "$CSR_PATH"
|
|
cp "$_csrfile" "$CSR_PATH"
|
|
|
|
|
|
|
|
- issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength"
|
|
|
|
|
|
|
+ issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias"
|
|
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
|
@@ -5312,6 +5356,8 @@ Commands:
|
|
|
|
|
|
|
|
Parameters:
|
|
Parameters:
|
|
|
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
|
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
|
|
|
|
+ --challenge-alias domain.tld The challenge domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
|
|
|
|
|
+ --domain-alias domain.tld The domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
|
|
|
--force, -f Used to force to install or force to renew a cert immediately.
|
|
--force, -f Used to force to install or force to renew a cert immediately.
|
|
|
--staging, --test Use staging server, just for test.
|
|
--staging, --test Use staging server, just for test.
|
|
|
--debug Output debug info.
|
|
--debug Output debug info.
|
|
@@ -5463,6 +5509,7 @@ _process() {
|
|
|
_domain=""
|
|
_domain=""
|
|
|
_altdomains="$NO_VALUE"
|
|
_altdomains="$NO_VALUE"
|
|
|
_webroot=""
|
|
_webroot=""
|
|
|
|
|
+ _challenge_alias=""
|
|
|
_keylength=""
|
|
_keylength=""
|
|
|
_accountkeylength=""
|
|
_accountkeylength=""
|
|
|
_cert_file=""
|
|
_cert_file=""
|
|
@@ -5652,6 +5699,16 @@ _process() {
|
|
|
fi
|
|
fi
|
|
|
shift
|
|
shift
|
|
|
;;
|
|
;;
|
|
|
|
|
+ --challenge-alias)
|
|
|
|
|
+ cvalue="$2"
|
|
|
|
|
+ _challenge_alias="$_challenge_alias$cvalue,"
|
|
|
|
|
+ shift
|
|
|
|
|
+ ;;
|
|
|
|
|
+ --domain-alias)
|
|
|
|
|
+ cvalue="$DNS_ALIAS_PREFIX$2"
|
|
|
|
|
+ _challenge_alias="$_challenge_alias$cvalue,"
|
|
|
|
|
+ shift
|
|
|
|
|
+ ;;
|
|
|
--standalone)
|
|
--standalone)
|
|
|
wvalue="$NO_VALUE"
|
|
wvalue="$NO_VALUE"
|
|
|
if [ -z "$_webroot" ]; then
|
|
if [ -z "$_webroot" ]; then
|
|
@@ -5973,13 +6030,13 @@ _process() {
|
|
|
uninstall) uninstall "$_nocron" ;;
|
|
uninstall) uninstall "$_nocron" ;;
|
|
|
upgrade) upgrade ;;
|
|
upgrade) upgrade ;;
|
|
|
issue)
|
|
issue)
|
|
|
- issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address"
|
|
|
|
|
|
|
+ issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
|
|
|
;;
|
|
;;
|
|
|
deploy)
|
|
deploy)
|
|
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
|
|
;;
|
|
;;
|
|
|
signcsr)
|
|
signcsr)
|
|
|
- signcsr "$_csr" "$_webroot"
|
|
|
|
|
|
|
+ signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
|
|
|
;;
|
|
;;
|
|
|
showcsr)
|
|
showcsr)
|
|
|
showcsr "$_csr" "$_domain"
|
|
showcsr "$_csr" "$_domain"
|
neil