Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

Merge pull request #15 from Neilpang/dev

support Standalone server
Neil 9 years ago
parent
7d076cfcea 67afa94047
commit
da4fdeec1e
1 changed files with 70 additions and 22 deletions
Split View Show Diff Stats
  1. 70 22
      le.sh

+ 70 - 22
le.sh
View File 

@@ -1,17 +1,12 @@
 
 #!/bin/bash
 
 
 
-WORKING_DIR=~/.le
 
-
 
-CURL_HEADER=""
 
-HEADER=""
 
-HEADERPLACE=""
 
-ACCOUNT_EMAIL=""
 
 
 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
 
+DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
 
 
-API=$DEFAULT_CA
 
-
 
+API="$DEFAULT_CA"
 
+AGREEMENT="$DEFAULT_AGREEMENT"
 
 
 _debug() {
 
 
@@ -213,8 +208,35 @@ _setopt() {
 
   _debug "$(grep -H -n "^$__opt$__sep" $__conf)"
 
 }
 
 
+_startserver() {
 
+  content="$1"
 
+  while true ; do
 
+    if [ -z "$DEBUG" ] ; then
 
+      echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 > /dev/null
 
+    else
 
+      echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80
 
+    fi
 
+  done
 
+}
 
+
 
+_stopserver() {
 
+  pid="$1"
 
+  if [ "$pid" ] ; then
 
+    if [ -z "$DEBUG" ] ; then
 
+      kill -s 9 $pid 2>&1
 
+      killall -s 9  nc 2>&1
 
+    else
 
+      kill -s 9 $pid 2>&1 > /dev/null
 
+      killall -s 9  nc 2>&1 > /dev/null
 
+    fi
 
+  fi
 
+}
 
+
 
 _initpath() {
 
-  WORKING_DIR=~/.le
 
+  if [ -z "$WORKING_DIR" ]; then
 
+    WORKING_DIR=~/.le
 
+  fi
 
+  
   domain=$1
 
   mkdir -p $WORKING_DIR
 
   ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
 
@@ -260,9 +282,23 @@ issue() {
 
     fi
 
   fi
 
   
-  if [ -z "$Le_Webroot" ] ; then
 
-    echo Usage: $0 webroot a.com [b.com,c.com]  [key-length]
 
-    return 1
 
+  if [ "$Le_Webroot" == "no" ] ; then
 
+    _info "Standalone mode."
 
+    if ! command -v "nc" > /dev/null ; then
 
+      _err "Please install netcat(nc) tools first."
 
+      return 1
 
+    fi
 
+    if ! command -v "netstat" > /dev/null ; then
 
+      _err "Please install netstat first."
 
+      return 1
 
+    fi
 
+    netprc="$(netstat -antpl | grep ':80 ')"
 
+    if [ "$netprc" ] ; then
 
+      _err "$netprc"
 
+      _err "tcp port 80 is already used by $(echo "$netprc" | cut -d '/' -f 2)"
 
+      _err "Please stop it first"
 
+      return 1
 
+    fi
 
   fi
 
 
   createAccountKey $Le_Domain $Le_Keylength
 
@@ -294,9 +330,9 @@ issue() {
 
   
   
   _info "Registering account"
 
-  regjson='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
 
+  regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}'
 
   if [ "$ACCOUNT_EMAIL" ] ; then
 
-    regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
 
+    regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
 
   fi  
   _send_signed_request   "$API/acme/new-reg"  "$regjson"
 
   
@@ -337,13 +373,20 @@ issue() {
 
     keyauthorization="$token.$thumbprint"
 
     _debug keyauthorization "$keyauthorization"
 
     
-    wellknown_path="$Le_Webroot/.well-known/acme-challenge"
 
-    _debug wellknown_path "$wellknown_path"
 
-    
-    mkdir -p "$wellknown_path"
 
-    wellknown_path="$wellknown_path/$token"
 
-    echo -n "$keyauthorization" > $wellknown_path
 
-    
+    if [ "$Le_Webroot" == "no" ] ; then
 
+      _info "Standalone mode server"
 
+      _startserver "$keyauthorization" & 2>&1 >/dev/null
 
+      serverproc="$!"
 
+      sleep 2
 
+      _debug serverproc $serverproc
 
+    else
 
+      wellknown_path="$Le_Webroot/.well-known/acme-challenge"
 
+      _debug wellknown_path "$wellknown_path"
 
+      
+      mkdir -p "$wellknown_path"
 
+      wellknown_path="$wellknown_path/$token"
 
+      echo -n "$keyauthorization" > $wellknown_path
 
+    fi
 
     wellknown_url="http://$d/.well-known/acme-challenge/$token"
 
     _debug wellknown_url "$wellknown_url"
 
     
@@ -352,6 +395,7 @@ issue() {
 
     
     if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
 
       _err "challenge error: $d"
 
+      _stopserver $serverproc
 
       return 1
 
     fi
 
     
@@ -362,6 +406,7 @@ issue() {
 
       
       if ! _get $uri ; then
 
         _err "Verify error:$resource"
 
+        _stopserver $serverproc
 
         return 1
 
       fi
 
       
@@ -374,6 +419,7 @@ issue() {
 
       if [ "$status" == "invalid" ] ; then
 
          error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
 
         _err "Verify error:$error"
 
+        _stopserver $serverproc
 
         return 1;
 
       fi
 
       
@@ -381,10 +427,12 @@ issue() {
 
         _info "Verify pending:$d"
 
       else
 
         _err "Verify error:$response" 
+        _stopserver $serverproc
 
         return 1
 
       fi
 
       
-    done    
+    done
 
+    _stopserver $serverproc
 
   done 
   
   _info "Verify finished, start to sign."