Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

Merge pull request #1992 from Neilpang/dev

sync
neil 6 years ago
parent
a13b2b4018 c4094c68ee
commit
86366ae157
3 changed files with 21 additions and 43 deletions
Unified View Show Diff Stats
  1. 4 0
      README.md
  2. 11 18
      acme.sh
  3. 6 25
      dnsapi/dns_cf.sh

+ 4 - 0
README.md
View File 

@@ -70,6 +70,10 @@ For all build statuses, check our [weekly build project](https://github.com/Neil
 
 
 
 https://github.com/Neilpang/acmetest
 
 https://github.com/Neilpang/acmetest
 
 
 
+# Supported CA
 
+
 
+- Letsencrypt.org CA(default)
 
+- [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA)
 
 
 
 # Supported modes
 
 # Supported modes

+ 11 - 18
acme.sh
View File 

@@ -36,12 +36,11 @@ _OLD_STAGE_CA_HOST="https://acme-staging.api.letsencrypt.org"
 
 VTYPE_HTTP="http-01"
 
 VTYPE_HTTP="http-01"
 
 VTYPE_DNS="dns-01"
 
 VTYPE_DNS="dns-01"
 
 VTYPE_TLS="tls-sni-01"
 
 VTYPE_TLS="tls-sni-01"
 
-VTYPE_TLS2="tls-sni-02"
 
 VTYPE_ALPN="tls-alpn-01"
 
 VTYPE_ALPN="tls-alpn-01"
 
 
 
 LOCAL_ANY_ADDRESS="0.0.0.0"
 
 LOCAL_ANY_ADDRESS="0.0.0.0"
 
 
 
-MAX_RENEW=60
 
+DEFAULT_RENEW=60
 
 
 
 DEFAULT_DNS_SLEEP=120
 
 DEFAULT_DNS_SLEEP=120
 
 
 
@@ -1875,11 +1874,7 @@ _send_signed_request() {
 
     sig="$(printf "%s" "$_sig_t" | _url_replace)"
 
     sig="$(printf "%s" "$_sig_t" | _url_replace)"
 
     _debug3 sig "$sig"
 
     _debug3 sig "$sig"
 
 
 
-    if [ "$ACME_VERSION" = "2" ]; then
 
-      body="{\"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
 
-    else
 
-      body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
 
-    fi
 
+    body="{\"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
 
     _debug3 body "$body"
 
     _debug3 body "$body"
 
 
 
     response="$(_post "$body" "$url" "$needbase64" "POST" "$__request_conent_type")"
 
     response="$(_post "$body" "$url" "$needbase64" "POST" "$__request_conent_type")"
 
@@ -3448,10 +3443,12 @@ __trigger_validation() {
 
   _debug2 _t_url "$_t_url"
 
   _debug2 _t_url "$_t_url"
 
   _t_key_authz="$2"
 
   _t_key_authz="$2"
 
   _debug2 _t_key_authz "$_t_key_authz"
 
   _debug2 _t_key_authz "$_t_key_authz"
 
+  _t_vtype="$3"
 
+  _debug2 _t_vtype "$_t_vtype"
 
   if [ "$ACME_VERSION" = "2" ]; then
 
   if [ "$ACME_VERSION" = "2" ]; then
 
     _send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}"
 
     _send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}"
 
   else
 
   else
 
-    _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
 
+    _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}"
 
   fi
 
   fi
 
 }
 
 }
 
 
 
@@ -3702,11 +3699,7 @@ $_authorizations_map"
 
       fi
 
       fi
 
 
 
       if [ "$_currentRoot" = "$W_TLS" ]; then
 
       if [ "$_currentRoot" = "$W_TLS" ]; then
 
-        if [ "$ACME_VERSION" = "2" ]; then
 
-          vtype="$VTYPE_TLS2"
 
-        else
 
-          vtype="$VTYPE_TLS"
 
-        fi
 
+        vtype="$VTYPE_TLS"
 
       fi
 
       fi
 
 
 
       if [ "$_currentRoot" = "$W_ALPN" ]; then
 
       if [ "$_currentRoot" = "$W_ALPN" ]; then
 
@@ -4038,7 +4031,7 @@ $_authorizations_map"
 
       fi
 
       fi
 
     fi
 
     fi
 
 
 
-    if ! __trigger_validation "$uri" "$keyauthorization"; then
 
+    if ! __trigger_validation "$uri" "$keyauthorization" "$vtype"; then
 
       _err "$d:Can not get challenge: $response"
 
       _err "$d:Can not get challenge: $response"
 
       _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
 
       _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
 
       _clearup
 
       _clearup
 
@@ -4047,7 +4040,7 @@ $_authorizations_map"
 
     fi
 
     fi
 
 
 
     if [ "$code" ] && [ "$code" != '202' ]; then
 
     if [ "$code" ] && [ "$code" != '202' ]; then
 
-      if [ "$ACME_VERSION" = "2" ] && [ "$code" = '200' ]; then
 
+      if [ "$code" = '200' ]; then
 
         _debug "trigger validation code: $code"
 
         _debug "trigger validation code: $code"
 
       else
 
       else
 
         _err "$d:Challenge error: $response"
 
         _err "$d:Challenge error: $response"
 
@@ -4274,8 +4267,8 @@ $_authorizations_map"
 
   Le_CertCreateTimeStr=$(date -u)
 
   Le_CertCreateTimeStr=$(date -u)
 
   _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr"
 
   _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr"
 
 
 
-  if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ]; then
 
-    Le_RenewalDays="$MAX_RENEW"
 
+  if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ]; then
 
+    Le_RenewalDays="$DEFAULT_RENEW"
 
   else
 
   else
 
     _savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
 
     _savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
 
   fi
 
   fi
 
@@ -5527,7 +5520,7 @@ Parameters:
 
   --useragent                       Specifies the user agent string. it will be saved for future use too.
 
   --useragent                       Specifies the user agent string. it will be saved for future use too.
 
   --accountemail                    Specifies the account email, only valid for the '--install' and '--update-account' command.
 
   --accountemail                    Specifies the account email, only valid for the '--install' and '--update-account' command.
 
   --accountkey                      Specifies the account key path, only valid for the '--install' command.
 
   --accountkey                      Specifies the account key path, only valid for the '--install' command.
 
-  --days                            Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
 
+  --days                            Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
 
   --httpport                        Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
 
   --httpport                        Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
 
   --tlsport                         Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
 
   --tlsport                         Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
 
   --local-address                   Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
 
   --local-address                   Specifies the standalone/tls server listening address, in case you have multiple ip addresses.

+ 6 - 25
dnsapi/dns_cf.sh
View File 

@@ -34,9 +34,6 @@ dns_cf_add() {
 
   _saveaccountconf_mutable CF_Key "$CF_Key"
 
   _saveaccountconf_mutable CF_Key "$CF_Key"
 
   _saveaccountconf_mutable CF_Email "$CF_Email"
 
   _saveaccountconf_mutable CF_Email "$CF_Email"
 
 
 
-  _DOMAIN_CF_ZONES_CACHE_NAME_="$(echo "${CF_Email}_CF_ZONES_" | tr '+@.' '___')"
 
-  _cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
 
-
 
   _debug "First detect the root zone"
 
   _debug "First detect the root zone"
 
   if ! _get_root "$fulldomain"; then
 
   if ! _get_root "$fulldomain"; then
 
     _err "invalid domain"
 
     _err "invalid domain"
 
@@ -105,16 +102,11 @@ dns_cf_rm() {
 
     return 1
 
     return 1
 
   fi
 
   fi
 
 
 
-  _DOMAIN_CF_ZONES_CACHE_NAME_="$(echo "${CF_Email}_CF_ZONES_" | tr '+@.' '___')"
 
-
 
   _debug "First detect the root zone"
 
   _debug "First detect the root zone"
 
   if ! _get_root "$fulldomain"; then
 
   if ! _get_root "$fulldomain"; then
 
-    _cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
 
     _err "invalid domain"
 
     _err "invalid domain"
 
     return 1
 
     return 1
 
   fi
 
   fi
 
-  _cleardomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_"
 
-
 
   _debug _domain_id "$_domain_id"
 
   _debug _domain_id "$_domain_id"
 
   _debug _sub_domain "$_sub_domain"
 
   _debug _sub_domain "$_sub_domain"
 
   _debug _domain "$_domain"
 
   _debug _domain "$_domain"
 
@@ -154,21 +146,6 @@ dns_cf_rm() {
 
 # _domain=domain.com
 
 # _domain=domain.com
 
 # _domain_id=sdjkglgdfewsdfg
 
 # _domain_id=sdjkglgdfewsdfg
 
 _get_root() {
 
 _get_root() {
 
-
 
-  _cf_zones="$(_readdomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_")"
 
-  _debug2 "_cf_zones" "$_cf_zones"
 
-  if [ -z "$_cf_zones" ]; then
 
-    _debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ is none, so get it."
 
-    if ! _cf_rest GET "zones"; then
 
-      return 1
 
-    fi
 
-    _cf_zones="$response"
 
-    _savedomainconf "$_DOMAIN_CF_ZONES_CACHE_NAME_" "$(echo "$_cf_zones" | _base64)"
 
-  else
 
-    _debug "$_DOMAIN_CF_ZONES_CACHE_NAME_ found"
 
-    _cf_zones="$(echo "$_cf_zones" | _dbase64)"
 
-  fi
 
-
 
   domain=$1
 
   domain=$1
 
   i=2
 
   i=2
 
   p=1
 
   p=1
 
@@ -180,8 +157,12 @@ _get_root() {
 
       return 1
 
       return 1
 
     fi
 
     fi
 
 
 
-    if _contains "$_cf_zones" "\"name\":\"$h\"" >/dev/null; then
 
-      _domain_id=$(echo "$_cf_zones" | tr '{' "\n" | grep "\"name\":\"$h\"" | _egrep_o "^\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
 
+    if ! _cf_rest GET "zones?name=$h"; then
 
+      return 1
 
+    fi
 
+
 
+    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
 
+      _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
 
       if [ "$_domain_id" ]; then
 
       if [ "$_domain_id" ]; then
 
         _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
 
         _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
 
         _domain=$h
 
         _domain=$h