Merge remote-tracking branch 'upstream/master' into ssh-deploy

.github/ISSUE_TEMPLATE.md

@@ -1,4 +1,6 @@
 <!--
+请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试输出,我帮不了你.
+如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
 
 If it is a bug report:
 - make sure you are able to repro it on the latest released version. 
@@ -8,13 +10,11 @@ You can install the latest version by: `acme.sh --upgrade`
 - Refer to the [WIKI](https://wiki.acme.sh).
 - Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh).
 
-
 -->
 
 Steps to reproduce
 ------------------
 
-
 Debug log
 -----------------
 

README.md

@@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT**
 
 **Apache** example:
 ```bash
-acme.sh --installcert -d example.com \
+acme.sh --install-cert -d example.com \
 --certpath      /path/to/certfile/in/apache/cert.pem  \
 --keypath       /path/to/keyfile/in/apache/key.pem  \
 --fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
@@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \
 
 **Nginx** example:
 ```bash
-acme.sh --installcert -d example.com \
+acme.sh --install-cert -d example.com \
 --keypath       /path/to/keyfile/in/nginx/key.pem  \
 --fullchainpath /path/to/fullchain/nginx/cert.pem \
 --reloadcmd     "service nginx force-reload"

acme.sh

@@ -61,6 +61,10 @@ LOG_LEVEL_2=2
 LOG_LEVEL_3=3
 DEFAULT_LOG_LEVEL="$LOG_LEVEL_1"
 
+SYSLOG_INFO="user.info"
+SYSLOG_ERROR="user.error"
+SYSLOG_DEBUG="user.debug"
+
 _DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh"
 
 _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
@@ -128,18 +132,30 @@ _dlg_versions() {
   fi
 }
 
+#class
+_syslog() {
+  if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then
+    return
+  fi
+  _logclass="$1"
+  shift
+  logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
+}
+
 _log() {
+  _syslog "$@"
   [ -z "$LOG_FILE" ] && return
+  shift
   _printargs "$@" >>"$LOG_FILE"
 }
 
 _info() {
-  _log "$@"
+  _log "$SYSLOG_INFO" "$@"
   _printargs "$@"
 }
 
 _err() {
-  _log "$@"
+  _log "$SYSLOG_ERROR" "$@"
   if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
     printf -- "%s" "[$(date)] " >&2
   fi
@@ -159,7 +175,7 @@ _usage() {
 
 _debug() {
   if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then
-    _log "$@"
+    _log "$SYSLOG_DEBUG" "$@"
   fi
   if [ -z "$DEBUG" ]; then
     return
@@ -169,19 +185,19 @@ _debug() {
 
 _debug2() {
   if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then
-    _log "$@"
+    _log "$SYSLOG_DEBUG" "$@"
   fi
   if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
-    _debug "$@"
+    _printargs "$@" >&2
   fi
 }
 
 _debug3() {
   if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then
-    _log "$@"
+    _log "$SYSLOG_DEBUG" "$@"
   fi
   if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then
-    _debug "$@"
+    _printargs "$@" >&2
   fi
 }
 
@@ -364,8 +380,16 @@ _ascii_hex() {
 #input:"abc"
 #output: " 61 62 63"
 _hex_dump() {
-  #in wired some system, the od command is missing.
-  if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then
+  if _exists od; then
+    od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n"
+  elif _exists hexdump; then
+    _debug3 "using hexdump"
+    hexdump -v -e '/1 ""' -e '/1 " %02x" ""'
+  elif _exists xxd; then
+    _debug3 "using xxd"
+    xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " "
+  else
+    _debug3 "using _ascii_hex"
     str=$(cat)
     _ascii_hex "$str"
   fi
@@ -896,7 +920,11 @@ _createcsr() {
 
   _csr_cn="$(_idn "$domain")"
   _debug2 _csr_cn "$_csr_cn"
-  $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
+  if _contains "$(uname -a)" "MINGW"; then
+    $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
+  else
+    $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
+  fi
 }
 
 #_signcsr key  csr  conf cert
@@ -4234,7 +4262,7 @@ Commands:
   --version, -v            Show version info.
   --install                Install $PROJECT_NAME to your system.
   --uninstall              Uninstall $PROJECT_NAME, and uninstall the cron job.
-  --upgrade                Upgrade $PROJECT_NAME to the latest code from $PROJECT .
+  --upgrade                Upgrade $PROJECT_NAME to the latest code from $PROJECT.
   --issue                  Issue a cert.
   --signcsr                Issue a cert from an existing csr.
   --deploy                 Deploy the cert to your server.
@@ -4251,8 +4279,8 @@ Commands:
   --toPkcs                 Export the certificate and key to a pfx file.
   --update-account         Update account info.
   --register-account       Register account key.
-  --createAccountKey, -cak Create an account private key, professional use.
-  --createDomainKey, -cdk  Create an domain private key, professional use.
+  --create-account-key     Create an account private key, professional use.
+  --create-domain-key      Create an domain private key, professional use.
   --createCSR, -ccsr       Create CSR , professional use.
   --deactivate             Deactivate the domain authz, professional use.
   
@@ -4274,6 +4302,7 @@ Parameters:
   --accountkeylength, -ak [2048]    Specifies the account key length.
   --log    [/path/to/logfile]       Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
   --log-level 1|2                   Specifies the log level, default is 1.
+  --syslog [1|0]                    Enable/Disable syslog.
   
   These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
   
@@ -4432,6 +4461,7 @@ _process() {
   _listen_v4=""
   _listen_v6=""
   _openssl_bin=""
+  _syslog=""
   while [ ${#} -gt 0 ]; do
     case "${1}" in
 
@@ -4494,10 +4524,10 @@ _process() {
       --toPkcs)
         _CMD="toPkcs"
         ;;
-      --createAccountKey | --createaccountkey | -cak)
+      --createAccountKey | --createaccountkey | -cak | --create-account-key)
         _CMD="createAccountKey"
         ;;
-      --createDomainKey | --createdomainkey | -cdk)
+      --createDomainKey | --createdomainkey | -cdk | --create-domain-key)
         _CMD="createDomainKey"
         ;;
       --createCSR | --createcsr | -ccr)
@@ -4762,6 +4792,15 @@ _process() {
         LOG_LEVEL="$_log_level"
         shift
         ;;
+      --syslog)
+        if ! _startswith "$2" '-'; then
+          _syslog="$2"
+          shift
+        fi
+        if [ -z "$_syslog" ]; then
+          _syslog="1"
+        fi
+        ;;
       --auto-upgrade)
         _auto_upgrade="$2"
         if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then
@@ -4809,6 +4848,21 @@ _process() {
       LOG_LEVEL="$_log_level"
     fi
 
+    if [ "$_syslog" ]; then
+      if _exists logger; then
+        if [ "$_syslog" = "0" ]; then
+          _clearaccountconf "SYS_LOG"
+        else
+          _saveaccountconf "SYS_LOG" "$_syslog"
+        fi
+        SYS_LOG="$_syslog"
+      else
+        _err "The 'logger' command is not found, can not enable syslog."
+        _clearaccountconf "SYS_LOG"
+        SYS_LOG=""
+      fi
+    fi
+
     _processAccountConf
   fi
 
@@ -4901,6 +4955,21 @@ _process() {
     if [ "$_log_level" ]; then
       _saveaccountconf "LOG_LEVEL" "$_log_level"
     fi
+
+    if [ "$_syslog" ]; then
+      if _exists logger; then
+        if [ "$_syslog" = "0" ]; then
+          _clearaccountconf "SYS_LOG"
+        else
+          _saveaccountconf "SYS_LOG" "$_syslog"
+        fi
+      else
+        _err "The 'logger' command is not found, can not enable syslog."
+        _clearaccountconf "SYS_LOG"
+        SYS_LOG=""
+      fi
+    fi
+
     _processAccountConf
   fi
 

deploy/README.md

@@ -1,6 +1,28 @@
-#Using deploy api
+# Using deploy api
 
-#Using the ssh deploy plugin
+Here are the scripts to deploy the certs/key to the server/services.
+
+## 1. Deploy the certs to your cpanel host.
+
+(cpanel deploy hook is not finished yet, this is just an example.)
+
+Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
+
+Then you can deploy now:
+
+```sh
+export DEPLOY_CPANEL_USER=myusername
+export DEPLOY_CPANEL_PASSWORD=PASSWORD
+acme.sh --deploy -d example.com --deploy --deploy-hook cpanel
+```
+
+## 2. Deploy ssl cert on kong proxy engine based on api.
+
+Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
+
+(TODO)
+
+## 3. Deploy the cert to remote server through SSH access.
 
 The ssh deploy plugin allows you to deploy certificates to a remote host
 using SSH command to connect to the remote server.  The ssh plugin is invoked

deploy/cpanel.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+
+#Here is the script to deploy the cert to your cpanel account by the cpanel APIs.
+
+#returns 0 means success, otherwise error.
+
+#export DEPLOY_CPANEL_USER=myusername
+#export DEPLOY_CPANEL_PASSWORD=PASSWORD
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+cpanel_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  _err "Not implemented yet"
+  return 1
+
+}

dnsapi/dns_aws.sh

@@ -93,7 +93,7 @@ _get_root() {
       fi
 
       if _contains "$response" "<Name>$h.</Name>"; then
-        hostedzone="$(echo "$response" | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
+        hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")"
         _debug hostedzone "$hostedzone"
         if [ -z "$hostedzone" ]; then
           _err "Error, can not get hostedzone."