|
|
@@ -1,6 +1,6 @@
|
|
|
#!/usr/bin/env sh
|
|
|
|
|
|
-VER=2.6.5
|
|
|
+VER=2.6.6
|
|
|
|
|
|
PROJECT_NAME="acme.sh"
|
|
|
|
|
|
@@ -1634,7 +1634,13 @@ __initHome() {
|
|
|
fi
|
|
|
export LE_WORKING_DIR
|
|
|
|
|
|
- _DEFAULT_ACCOUNT_CONF_PATH="$LE_WORKING_DIR/account.conf"
|
|
|
+ if [ -z "$LE_CONFIG_HOME" ]; then
|
|
|
+ LE_CONFIG_HOME="$LE_WORKING_DIR"
|
|
|
+ fi
|
|
|
+ _debug "Using config home:$LE_CONFIG_HOME"
|
|
|
+ export LE_CONFIG_HOME
|
|
|
+
|
|
|
+ _DEFAULT_ACCOUNT_CONF_PATH="$LE_CONFIG_HOME/account.conf"
|
|
|
|
|
|
if [ -z "$ACCOUNT_CONF_PATH" ]; then
|
|
|
if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then
|
|
|
@@ -1646,12 +1652,12 @@ __initHome() {
|
|
|
ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH"
|
|
|
fi
|
|
|
|
|
|
- DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log"
|
|
|
+ DEFAULT_LOG_FILE="$LE_CONFIG_HOME/$PROJECT_NAME.log"
|
|
|
|
|
|
- DEFAULT_CA_HOME="$LE_WORKING_DIR/ca"
|
|
|
+ DEFAULT_CA_HOME="$LE_CONFIG_HOME/ca"
|
|
|
|
|
|
if [ -z "$LE_TEMP_DIR" ]; then
|
|
|
- LE_TEMP_DIR="$LE_WORKING_DIR/tmp"
|
|
|
+ LE_TEMP_DIR="$LE_CONFIG_HOME/tmp"
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
@@ -1703,7 +1709,7 @@ _initpath() {
|
|
|
fi
|
|
|
|
|
|
if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then
|
|
|
- APACHE_CONF_BACKUP_DIR="$LE_WORKING_DIR"
|
|
|
+ APACHE_CONF_BACKUP_DIR="$LE_CONFIG_HOME"
|
|
|
fi
|
|
|
|
|
|
if [ -z "$USER_AGENT" ]; then
|
|
|
@@ -1711,7 +1717,7 @@ _initpath() {
|
|
|
fi
|
|
|
|
|
|
if [ -z "$HTTP_HEADER" ]; then
|
|
|
- HTTP_HEADER="$LE_WORKING_DIR/http.header"
|
|
|
+ HTTP_HEADER="$LE_CONFIG_HOME/http.header"
|
|
|
fi
|
|
|
|
|
|
_OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key"
|
|
|
@@ -1727,7 +1733,7 @@ _initpath() {
|
|
|
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
|
|
|
fi
|
|
|
|
|
|
- _DEFAULT_CERT_HOME="$LE_WORKING_DIR"
|
|
|
+ _DEFAULT_CERT_HOME="$LE_CONFIG_HOME"
|
|
|
if [ -z "$CERT_HOME" ]; then
|
|
|
CERT_HOME="$_DEFAULT_CERT_HOME"
|
|
|
fi
|
|
|
@@ -3354,7 +3360,9 @@ _installcert() {
|
|
|
|
|
|
}
|
|
|
|
|
|
+#confighome
|
|
|
installcronjob() {
|
|
|
+ _c_home="$1"
|
|
|
_initpath
|
|
|
if ! _exists "crontab"; then
|
|
|
_err "crontab doesn't exist, so, we can not install cron jobs."
|
|
|
@@ -3372,17 +3380,20 @@ installcronjob() {
|
|
|
return 1
|
|
|
fi
|
|
|
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _c_entry="--config-home \"$_c_home\" "
|
|
|
+ fi
|
|
|
_t=$(_time)
|
|
|
random_minute=$(_math $_t % 60)
|
|
|
if _exists uname && uname -a | grep SunOS >/dev/null; then
|
|
|
crontab -l | {
|
|
|
cat
|
|
|
- echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
|
|
|
+ echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null"
|
|
|
} | crontab --
|
|
|
else
|
|
|
crontab -l | {
|
|
|
cat
|
|
|
- echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
|
|
|
+ echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null"
|
|
|
} | crontab -
|
|
|
fi
|
|
|
fi
|
|
|
@@ -3408,6 +3419,10 @@ uninstallcronjob() {
|
|
|
fi
|
|
|
LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')"
|
|
|
_info LE_WORKING_DIR "$LE_WORKING_DIR"
|
|
|
+ if _contains "$cr" "--config-home"; then
|
|
|
+ LE_CONFIG_HOME="$(echo "$cr" | cut -d ' ' -f 11 | tr -d '"')"
|
|
|
+ _debug LE_CONFIG_HOME "$LE_CONFIG_HOME"
|
|
|
+ fi
|
|
|
fi
|
|
|
_initpath
|
|
|
|
|
|
@@ -3671,7 +3686,9 @@ _setShebang() {
|
|
|
rm -f "$_file.tmp"
|
|
|
}
|
|
|
|
|
|
+#confighome
|
|
|
_installalias() {
|
|
|
+ _c_home="$1"
|
|
|
_initpath
|
|
|
|
|
|
_envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env"
|
|
|
@@ -3681,8 +3698,15 @@ _installalias() {
|
|
|
echo "$(cat "$_envfile")" | sed "s|^alias le.sh.*$||" >"$_envfile"
|
|
|
fi
|
|
|
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _c_entry="--config-home '$_c_home'"
|
|
|
+ fi
|
|
|
+
|
|
|
_setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\""
|
|
|
- _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _setopt "$_envfile" "export LE_CONFIG_HOME" "=" "\"$LE_CONFIG_HOME\""
|
|
|
+ fi
|
|
|
+ _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
|
|
|
|
|
|
_profile="$(_detect_profile)"
|
|
|
if [ "$_profile" ]; then
|
|
|
@@ -3700,7 +3724,10 @@ _installalias() {
|
|
|
if [ -f "$_csh_profile" ]; then
|
|
|
_info "Installing alias to '$_csh_profile'"
|
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
|
|
|
- _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _setopt "$_cshfile" "setenv LE_CONFIG_HOME" " " "\"$LE_CONFIG_HOME\""
|
|
|
+ fi
|
|
|
+ _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
|
|
|
_setopt "$_csh_profile" "source \"$_cshfile\""
|
|
|
fi
|
|
|
|
|
|
@@ -3709,13 +3736,16 @@ _installalias() {
|
|
|
if [ -f "$_tcsh_profile" ]; then
|
|
|
_info "Installing alias to '$_tcsh_profile'"
|
|
|
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
|
|
|
- _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
|
|
|
+ if [ "$_c_home" ]; then
|
|
|
+ _setopt "$_cshfile" "setenv LE_CONFIG_HOME" " " "\"$LE_CONFIG_HOME\""
|
|
|
+ fi
|
|
|
+ _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
|
|
|
_setopt "$_tcsh_profile" "source \"$_cshfile\""
|
|
|
fi
|
|
|
|
|
|
}
|
|
|
|
|
|
-# nocron
|
|
|
+# nocron confighome
|
|
|
install() {
|
|
|
|
|
|
if [ -z "$LE_WORKING_DIR" ]; then
|
|
|
@@ -3723,6 +3753,7 @@ install() {
|
|
|
fi
|
|
|
|
|
|
_nocron="$1"
|
|
|
+ _c_home="$2"
|
|
|
if ! _initpath; then
|
|
|
_err "Install failed."
|
|
|
return 1
|
|
|
@@ -3761,6 +3792,13 @@ install() {
|
|
|
|
|
|
chmod 700 "$LE_WORKING_DIR"
|
|
|
|
|
|
+ if ! mkdir -p "$LE_CONFIG_HOME"; then
|
|
|
+ _err "Can not create config dir: $LE_CONFIG_HOME"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ chmod 700 "$LE_CONFIG_HOME"
|
|
|
+
|
|
|
cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
|
|
|
if [ "$?" != "0" ]; then
|
|
|
@@ -3770,7 +3808,7 @@ install() {
|
|
|
|
|
|
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
|
|
|
- _installalias
|
|
|
+ _installalias "$_c_home"
|
|
|
|
|
|
for subf in $_SUB_FOLDERS; do
|
|
|
if [ -d "$subf" ]; then
|
|
|
@@ -3796,7 +3834,7 @@ install() {
|
|
|
fi
|
|
|
|
|
|
if [ -z "$_nocron" ]; then
|
|
|
- installcronjob
|
|
|
+ installcronjob "$_c_home"
|
|
|
fi
|
|
|
|
|
|
if [ -z "$NO_DETECT_SH" ]; then
|
|
|
@@ -3829,7 +3867,7 @@ uninstall() {
|
|
|
_uninstallalias
|
|
|
|
|
|
rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
- _info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself."
|
|
|
+ _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\", you can remove them by yourself."
|
|
|
|
|
|
}
|
|
|
|
|
|
@@ -3902,18 +3940,18 @@ Commands:
|
|
|
--issue Issue a cert.
|
|
|
--signcsr Issue a cert from an existing csr.
|
|
|
--deploy Deploy the cert to your server.
|
|
|
- --installcert Install the issued cert to apache/nginx or any other server.
|
|
|
+ --install-cert Install the issued cert to apache/nginx or any other server.
|
|
|
--renew, -r Renew a cert.
|
|
|
- --renewAll Renew all the certs.
|
|
|
+ --renew-all Renew all the certs.
|
|
|
--revoke Revoke a cert.
|
|
|
--list List all the certs.
|
|
|
--showcsr Show the content of a csr.
|
|
|
- --installcronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
|
|
|
- --uninstallcronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
|
|
|
+ --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
|
|
|
+ --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
|
|
|
--cron Run cron job to renew all the certs.
|
|
|
--toPkcs Export the certificate and key to a pfx file.
|
|
|
- --updateaccount Update account info.
|
|
|
- --registeraccount Register account key.
|
|
|
+ --update-account Update account info.
|
|
|
+ --register-account Register account key.
|
|
|
--createAccountKey, -cak Create an account private key, professional use.
|
|
|
--createDomainKey, -cdk Create an domain private key, professional use.
|
|
|
--createCSR, -ccsr Create CSR , professional use.
|
|
|
@@ -3948,7 +3986,8 @@ Parameters:
|
|
|
|
|
|
--accountconf Specifies a customized account config file.
|
|
|
--home Specifies the home dir for $PROJECT_NAME .
|
|
|
- --certhome Specifies the home dir to save all the certs, only valid for '--install' command.
|
|
|
+ --cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
|
|
+ --config-home Specifies the home dir to save all the configurations.
|
|
|
--useragent Specifies the user agent string. it will be saved for future use too.
|
|
|
--accountemail Specifies the account email for registering, Only valid for the '--install' command.
|
|
|
--accountkey Specifies the account key path, Only valid for the '--install' command.
|
|
|
@@ -3957,11 +3996,11 @@ Parameters:
|
|
|
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
|
|
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
|
|
|
--listraw Only used for '--list' command, list the certs in raw format.
|
|
|
- --stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
|
|
|
+ --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
|
|
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
|
|
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
|
|
|
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
|
|
- --ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
|
|
+ --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
|
|
--csr Specifies the input csr.
|
|
|
--pre-hook Command to be run before obtaining any certificates.
|
|
|
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
|
|
|
@@ -4070,6 +4109,7 @@ _process() {
|
|
|
_accountemail=""
|
|
|
_accountkey=""
|
|
|
_certhome=""
|
|
|
+ _confighome=""
|
|
|
_httpport=""
|
|
|
_tlsport=""
|
|
|
_dnssleep=""
|
|
|
@@ -4124,13 +4164,13 @@ _process() {
|
|
|
--showcsr)
|
|
|
_CMD="showcsr"
|
|
|
;;
|
|
|
- --installcert | -i)
|
|
|
+ --installcert | -i | --install-cert)
|
|
|
_CMD="installcert"
|
|
|
;;
|
|
|
--renew | -r)
|
|
|
_CMD="renew"
|
|
|
;;
|
|
|
- --renewAll | --renewall)
|
|
|
+ --renewAll | --renewall | --renew-all)
|
|
|
_CMD="renewAll"
|
|
|
;;
|
|
|
--revoke)
|
|
|
@@ -4139,10 +4179,10 @@ _process() {
|
|
|
--list)
|
|
|
_CMD="list"
|
|
|
;;
|
|
|
- --installcronjob)
|
|
|
+ --installcronjob | --install-cronjob)
|
|
|
_CMD="installcronjob"
|
|
|
;;
|
|
|
- --uninstallcronjob)
|
|
|
+ --uninstallcronjob | --uninstall-cronjob)
|
|
|
_CMD="uninstallcronjob"
|
|
|
;;
|
|
|
--cron)
|
|
|
@@ -4163,10 +4203,10 @@ _process() {
|
|
|
--deactivate)
|
|
|
_CMD="deactivate"
|
|
|
;;
|
|
|
- --updateaccount)
|
|
|
+ --updateaccount | --update-account)
|
|
|
_CMD="updateaccount"
|
|
|
;;
|
|
|
- --registeraccount)
|
|
|
+ --registeraccount | --register-account)
|
|
|
_CMD="registeraccount"
|
|
|
;;
|
|
|
--domain | -d)
|
|
|
@@ -4308,11 +4348,16 @@ _process() {
|
|
|
LE_WORKING_DIR="$2"
|
|
|
shift
|
|
|
;;
|
|
|
- --certhome)
|
|
|
+ --certhome | --cert-home)
|
|
|
_certhome="$2"
|
|
|
CERT_HOME="$_certhome"
|
|
|
shift
|
|
|
;;
|
|
|
+ --config-home)
|
|
|
+ _confighome="$2"
|
|
|
+ LE_CONFIG_HOME="$_confighome"
|
|
|
+ shift
|
|
|
+ ;;
|
|
|
--useragent)
|
|
|
_useragent="$2"
|
|
|
USER_AGENT="$_useragent"
|
|
|
@@ -4463,7 +4508,7 @@ _process() {
|
|
|
fi
|
|
|
|
|
|
case "${_CMD}" in
|
|
|
- install) install "$_nocron" ;;
|
|
|
+ install) install "$_nocron" "$_confighome" ;;
|
|
|
uninstall) uninstall "$_nocron" ;;
|
|
|
upgrade) upgrade ;;
|
|
|
issue)
|
|
|
@@ -4502,7 +4547,7 @@ _process() {
|
|
|
list)
|
|
|
list "$_listraw"
|
|
|
;;
|
|
|
- installcronjob) installcronjob ;;
|
|
|
+ installcronjob) installcronjob "$_confighome" ;;
|
|
|
uninstallcronjob) uninstallcronjob ;;
|
|
|
cron) cron ;;
|
|
|
toPkcs)
|
|
|
@@ -4519,7 +4564,9 @@ _process() {
|
|
|
;;
|
|
|
|
|
|
*)
|
|
|
- _err "Invalid command: $_CMD"
|
|
|
+ if [ "$_CMD" ]; then
|
|
|
+ _err "Invalid command: $_CMD"
|
|
|
+ fi
|
|
|
showhelp
|
|
|
return 1
|
|
|
;;
|
neil