Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

Merge remote-tracking branch 'upstream/master' into ssh-deploy

David Kerr 8 years ago
parent
fd1598017a 8bcc19d91e
commit
9964e6eba3
5 changed files with 63 additions and 25 deletions
Unified View Show Diff Stats
  1. 8 1
      Dockerfile
  2. 36 18
      acme.sh
  3. 15 2
      dnsapi/dns_cf.sh
  4. 3 3
      dnsapi/dns_freedns.sh
  5. 1 1
      dnsapi/dns_ovh.sh

+ 8 - 1
Dockerfile
View File 

@@ -48,5 +48,12 @@ RUN for verb in help \
 
     printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
 
     printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
 
   ; done
 
   ; done
 
 
 
-ENTRYPOINT ["/root/.acme.sh/acme.sh", "--config-home", "/acme.sh"]
 
+RUN printf "%b" '#!'"/usr/bin/env sh\n \
 
+if [ \"\$1\" = \"daemon\" ];  then \n \
 
+ crond; tail -f /dev/null;\n \
 
+else \n \
 
+ /root/.acme.sh/acme.sh --config-home /acme.sh \"\$@\"\n \
 
+fi" >/entry.sh && chmod +x /entry.sh
 
+
 
+ENTRYPOINT ["/entry.sh"]
 
 CMD ["--help"]
 
 CMD ["--help"]

+ 36 - 18
acme.sh
View File 

@@ -1,6 +1,6 @@
 
 #!/usr/bin/env sh
 
 #!/usr/bin/env sh
 
 
 
-VER=2.6.8
 
+VER=2.6.9
 
 
 
 PROJECT_NAME="acme.sh"
 
 PROJECT_NAME="acme.sh"
 
 
 
@@ -347,7 +347,7 @@ _hasfield() {
 
     fi
 
     fi
 
   done
 
   done
 
   _debug2 "'$_str' does not contain '$_field'"
 
   _debug2 "'$_str' does not contain '$_field'"
 
-  return 1 #not contains 
+  return 1 #not contains
 
 }
 
 }
 
 
 
 _getfield() {
 
 _getfield() {
 
@@ -722,7 +722,7 @@ _url_encode() {
 
       "7e")
 
       "7e")
 
         printf "%s" "~"
 
         printf "%s" "~"
 
         ;;
 
         ;;
 
-      #other hex  
+      #other hex
 
       *)
 
       *)
 
         printf '%%%s' "$_hex_code"
 
         printf '%%%s' "$_hex_code"
 
         ;;
 
         ;;
 
@@ -1025,7 +1025,7 @@ _createcsr() {
 
     else
 
     else
 
       alt="DNS:$domainlist"
 
       alt="DNS:$domainlist"
 
     fi
 
     fi
 
-    #multi 
+    #multi
 
     _info "Multi domain" "$alt"
 
     _info "Multi domain" "$alt"
 
     printf -- "\nsubjectAltName=$alt" >>"$csrconf"
 
     printf -- "\nsubjectAltName=$alt" >>"$csrconf"
 
   fi
 
   fi
 
@@ -1093,7 +1093,7 @@ _readSubjectAltNamesFromCSR() {
 
   printf "%s" "$_dnsAltnames" | sed "s/DNS://g"
 
   printf "%s" "$_dnsAltnames" | sed "s/DNS://g"
 
 }
 
 }
 
 
 
-#_csrfile 
+#_csrfile
 
 _readKeyLengthFromCSR() {
 
 _readKeyLengthFromCSR() {
 
   _csrfile="$1"
 
   _csrfile="$1"
 
   if [ -z "$_csrfile" ]; then
 
   if [ -z "$_csrfile" ]; then
 
@@ -1105,10 +1105,10 @@ _readKeyLengthFromCSR() {
 
   _debug2 _outcsr "$_outcsr"
 
   _debug2 _outcsr "$_outcsr"
 
   if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then
 
   if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then
 
     _debug "ECC CSR"
 
     _debug "ECC CSR"
 
-    echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' '
 
+    echo "$_outcsr" | tr "\t" " " | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' '
 
   else
 
   else
 
     _debug "RSA CSR"
 
     _debug "RSA CSR"
 
-    echo "$_outcsr" | _egrep_o "(^ *|^RSA )Public.Key:.*" | cut -d '(' -f 2 | cut -d ' ' -f 1
 
+    echo "$_outcsr" | tr "\t" " " | _egrep_o "(^ *|RSA )Public.Key:.*" | cut -d '(' -f 2 | cut -d ' ' -f 1
 
   fi
 
   fi
 
 }
 
 }
 
 
 
@@ -1192,7 +1192,7 @@ toPkcs8() {
 
 
 
 }
 
 }
 
 
 
-#[2048]  
+#[2048]
 
 createAccountKey() {
 
 createAccountKey() {
 
   _info "Creating account key"
 
   _info "Creating account key"
 
   if [ -z "$1" ]; then
 
   if [ -z "$1" ]; then
 
@@ -1847,6 +1847,24 @@ _saveaccountconf() {
 
   _save_conf "$ACCOUNT_CONF_PATH" "$1" "$2"
 
   _save_conf "$ACCOUNT_CONF_PATH" "$1" "$2"
 
 }
 
 }
 
 
 
+#key  value
 
+_saveaccountconf_mutable() {
 
+  _save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2"
 
+  #remove later
 
+  _clearaccountconf "$1"
 
+}
 
+
 
+#key
 
+_readaccountconf() {
 
+  _read_conf "$ACCOUNT_CONF_PATH" "$1"
 
+}
 
+
 
+#key
 
+_readaccountconf_mutable() {
 
+  _rac_key="$1"
 
+  _readaccountconf "SAVED_$_rac_key"
 
+}
 
+
 
 #_clearaccountconf   key
 
 #_clearaccountconf   key
 
 _clearaccountconf() {
 
 _clearaccountconf() {
 
   _clear_conf "$ACCOUNT_CONF_PATH" "$1"
 
   _clear_conf "$ACCOUNT_CONF_PATH" "$1"
 
@@ -2528,7 +2546,7 @@ _setNginx() {
 
 location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
 
 location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
 
   default_type text/plain;
 
   default_type text/plain;
 
   return 200 \"\$1.$_thumbpt\";
 
   return 200 \"\$1.$_thumbpt\";
 
-}  
+}
 
 #NGINX_START
 
 #NGINX_START
 
 " >>"$FOUND_REAL_NGINX_CONF"
 
 " >>"$FOUND_REAL_NGINX_CONF"
 
 
 
@@ -2565,7 +2583,7 @@ _checkConf() {
 
   if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then
 
   if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then
 
     _debug "wildcard"
 
     _debug "wildcard"
 
     for _w_f in $2; do
 
     for _w_f in $2; do
 
-      if [ -f "$_w_f"] && _checkConf "$1" "$_w_f"; then
 
+      if [ -f "$_w_f" ] && _checkConf "$1" "$_w_f"; then
 
         return 0
 
         return 0
 
       fi
 
       fi
 
     done
 
     done
 
@@ -3115,7 +3133,7 @@ __trigger_validation() {
 
   _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
 
   _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
 
 }
 
 }
 
 
 
-#webroot, domain domainlist  keylength 
+#webroot, domain domainlist  keylength
 
 issue() {
 
 issue() {
 
   if [ -z "$2" ]; then
 
   if [ -z "$2" ]; then
 
     _usage "Usage: $PROJECT_ENTRY --issue  -d  a.com  -w /path/to/webroot/a.com/ "
 
     _usage "Usage: $PROJECT_ENTRY --issue  -d  a.com  -w /path/to/webroot/a.com/ "
 
@@ -3648,7 +3666,7 @@ issue() {
 
 
 
     #if ! _get "$Le_LinkCert" | _base64 "multiline"  >> "$CERT_PATH" ; then
 
     #if ! _get "$Le_LinkCert" | _base64 "multiline"  >> "$CERT_PATH" ; then
 
     #  _debug "Get cert failed. Let's try last response."
 
     #  _debug "Get cert failed. Let's try last response."
 
-    #  printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" 
+    #  printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH"
 
     #fi
 
     #fi
 
 
 
     if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then
 
     if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then
 
@@ -3865,7 +3883,7 @@ renewAll() {
 
         return "$rc"
 
         return "$rc"
 
       else
 
       else
 
         _ret="$rc"
 
         _ret="$rc"
 
-        _err "Error renew $d, Go ahead to next one."
 
+        _err "Error renew $d."
 
       fi
 
       fi
 
     fi
 
     fi
 
   done
 
   done
 
@@ -4789,7 +4807,7 @@ Commands:
 
   --create-domain-key      Create an domain private key, professional use.
 
   --create-domain-key      Create an domain private key, professional use.
 
   --createCSR, -ccsr       Create CSR , professional use.
 
   --createCSR, -ccsr       Create CSR , professional use.
 
   --deactivate             Deactivate the domain authz, professional use.
 
   --deactivate             Deactivate the domain authz, professional use.
 
-  
+
 
 Parameters:
 
 Parameters:
 
   --domain, -d   domain.tld         Specifies a domain, used to issue, renew or revoke etc.
 
   --domain, -d   domain.tld         Specifies a domain, used to issue, renew or revoke etc.
 
   --force, -f                       Used to force to install or force to renew a cert immediately.
 
   --force, -f                       Used to force to install or force to renew a cert immediately.
 
@@ -4803,20 +4821,20 @@ Parameters:
 
   --apache                          Use apache mode.
 
   --apache                          Use apache mode.
 
   --dns [dns_cf|dns_dp|dns_cx|/path/to/api/file]   Use dns mode or dns api.
 
   --dns [dns_cf|dns_dp|dns_cx|/path/to/api/file]   Use dns mode or dns api.
 
   --dnssleep  [$DEFAULT_DNS_SLEEP]                  The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
 
   --dnssleep  [$DEFAULT_DNS_SLEEP]                  The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
 
-  
+
 
   --keylength, -k [2048]            Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
 
   --keylength, -k [2048]            Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
 
   --accountkeylength, -ak [2048]    Specifies the account key length.
 
   --accountkeylength, -ak [2048]    Specifies the account key length.
 
   --log    [/path/to/logfile]       Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
 
   --log    [/path/to/logfile]       Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
 
   --log-level 1|2                   Specifies the log level, default is 1.
 
   --log-level 1|2                   Specifies the log level, default is 1.
 
   --syslog [0|3|6|7]                Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
 
   --syslog [0|3|6|7]                Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
 
-  
+
 
   These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
 
   These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
 
-  
+
 
   --cert-file                       After issue/renew, the cert will be copied to this path.
 
   --cert-file                       After issue/renew, the cert will be copied to this path.
 
   --key-file                        After issue/renew, the key will be copied to this path.
 
   --key-file                        After issue/renew, the key will be copied to this path.
 
   --ca-file                         After issue/renew, the intermediate cert will be copied to this path.
 
   --ca-file                         After issue/renew, the intermediate cert will be copied to this path.
 
   --fullchain-file                  After issue/renew, the fullchain cert will be copied to this path.
 
   --fullchain-file                  After issue/renew, the fullchain cert will be copied to this path.
 
-  
+
 
   --reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
 
   --reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
 
 
 
   --accountconf                     Specifies a customized account config file.
 
   --accountconf                     Specifies a customized account config file.

+ 15 - 2
dnsapi/dns_cf.sh
View File 

@@ -14,6 +14,8 @@ dns_cf_add() {
 
   fulldomain=$1
 
   fulldomain=$1
 
   txtvalue=$2
 
   txtvalue=$2
 
 
 
+  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
 
+  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
 
   if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
 
   if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
 
     CF_Key=""
 
     CF_Key=""
 
     CF_Email=""
 
     CF_Email=""
 
@@ -29,8 +31,8 @@ dns_cf_add() {
 
   fi
 
   fi
 
 
 
   #save the api key and email to the account conf file.
 
   #save the api key and email to the account conf file.
 
-  _saveaccountconf CF_Key "$CF_Key"
 
-  _saveaccountconf CF_Email "$CF_Email"
 
+  _saveaccountconf_mutable CF_Key "$CF_Key"
 
+  _saveaccountconf_mutable CF_Email "$CF_Email"
 
 
 
   _debug "First detect the root zone"
 
   _debug "First detect the root zone"
 
   if ! _get_root "$fulldomain"; then
 
   if ! _get_root "$fulldomain"; then
 
@@ -83,6 +85,17 @@ dns_cf_add() {
 
 dns_cf_rm() {
 
 dns_cf_rm() {
 
   fulldomain=$1
 
   fulldomain=$1
 
   txtvalue=$2
 
   txtvalue=$2
 
+
 
+  CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
 
+  CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
 
+  if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
 
+    CF_Key=""
 
+    CF_Email=""
 
+    _err "You don't specify cloudflare api key and email yet."
 
+    _err "Please create you key and try again."
 
+    return 1
 
+  fi
 
+
 
   _debug "First detect the root zone"
 
   _debug "First detect the root zone"
 
   if ! _get_root "$fulldomain"; then
 
   if ! _get_root "$fulldomain"; then
 
     _err "invalid domain"
 
     _err "invalid domain"

+ 3 - 3
dnsapi/dns_freedns.sh
View File 

@@ -53,7 +53,7 @@ dns_freedns_add() {
 
   i="$(_math "$i" - 1)"
 
   i="$(_math "$i" - 1)"
 
   sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
 
   sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
 
 
 
-  # Sometimes FreeDNS does not return the subdomain page but rather 
+  # Sometimes FreeDNS does not return the subdomain page but rather
 
   # returns a page regarding becoming a premium member.  This usually
 
   # returns a page regarding becoming a premium member.  This usually
 
   # happens after a period of inactivity.  Immediately trying again
 
   # happens after a period of inactivity.  Immediately trying again
 
   # returns the correct subdomain page.  So, we will try twice to
 
   # returns the correct subdomain page.  So, we will try twice to
 
@@ -72,7 +72,7 @@ dns_freedns_add() {
 
     fi
 
     fi
 
 
 
     # Now convert the tables in the HTML to CSV.  This litte gem from
 
     # Now convert the tables in the HTML to CSV.  This litte gem from
 
-    # http://stackoverflow.com/questions/1403087/how-can-i-convert-an-html-table-to-csv    
+    # http://stackoverflow.com/questions/1403087/how-can-i-convert-an-html-table-to-csv
 
     subdomain_csv="$(echo "$htmlpage" \
 
     subdomain_csv="$(echo "$htmlpage" \
 
       | grep -i -e '</\?TABLE\|</\?TD\|</\?TR\|</\?TH' \
 
       | grep -i -e '</\?TABLE\|</\?TD\|</\?TR\|</\?TH' \
 
       | sed 's/^[\ \t]*//g' \
 
       | sed 's/^[\ \t]*//g' \
 
@@ -196,7 +196,7 @@ dns_freedns_rm() {
 
   FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
 
   FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
 
   _debug "FreeDNS login cookies: $FREEDNS_COOKIE"
 
   _debug "FreeDNS login cookies: $FREEDNS_COOKIE"
 
 
 
-  # Sometimes FreeDNS does not return the subdomain page but rather 
+  # Sometimes FreeDNS does not return the subdomain page but rather
 
   # returns a page regarding becoming a premium member.  This usually
 
   # returns a page regarding becoming a premium member.  This usually
 
   # happens after a period of inactivity.  Immediately trying again
 
   # happens after a period of inactivity.  Immediately trying again
 
   # returns the correct subdomain page.  So, we will try twice to
 
   # returns the correct subdomain page.  So, we will try twice to

+ 1 - 1
dnsapi/dns_ovh.sh
View File 

@@ -14,7 +14,7 @@
 
 #'ovh-eu'
 
 #'ovh-eu'
 
 OVH_EU='https://eu.api.ovh.com/1.0'
 
 OVH_EU='https://eu.api.ovh.com/1.0'
 
 
 
-#'ovh-ca': 
+#'ovh-ca':
 
 OVH_CA='https://ca.api.ovh.com/1.0'
 
 OVH_CA='https://ca.api.ovh.com/1.0'
 
 
 
 #'kimsufi-eu'
 
 #'kimsufi-eu'