commit
2bf1d93afd
22
README.md
22
README.md
@ -1,12 +1,12 @@
|
|||||||
# le
|
# le
|
||||||
Simplest shell script for LetsEncrypt free Certificate client
|
Simplest shell script for LetsEncrypt free Certificate client
|
||||||
|
|
||||||
This is a shell version from https://github.com/diafygi/acme-tiny
|
|
||||||
|
|
||||||
Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt)
|
Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt)
|
||||||
|
|
||||||
Just one script, to issue, renew your certificates automatically.
|
Just one script, to issue, renew your certificates automatically.
|
||||||
|
|
||||||
|
This is a shell version from https://github.com/diafygi/acme-tiny, but without any dependencies.
|
||||||
|
|
||||||
Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt.
|
Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt.
|
||||||
|
|
||||||
|
|
||||||
@ -15,6 +15,11 @@ Probably it's the smallest&easiest&smartest shell script to automatically issue
|
|||||||
2. CentOS
|
2. CentOS
|
||||||
|
|
||||||
|
|
||||||
|
#Supported Mode
|
||||||
|
1. Webroot mode
|
||||||
|
2. Standalone mode
|
||||||
|
3. Apache mode
|
||||||
|
|
||||||
#How to use
|
#How to use
|
||||||
|
|
||||||
1. Clone this project: https://github.com/Neilpang/le.git
|
1. Clone this project: https://github.com/Neilpang/le.git
|
||||||
@ -37,7 +42,7 @@ root@xvm:~# le
|
|||||||
Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall
|
Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall
|
||||||
|
|
||||||
root@xvm:~# le issue
|
root@xvm:~# le issue
|
||||||
Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
|
Usage: le issue webroot|no|apache a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -77,6 +82,17 @@ The tcp `80` port must be free to listen, otherwise you will be prompted to free
|
|||||||
le issue no aa.com www.aa.com,cp.aa.com
|
le issue no aa.com www.aa.com,cp.aa.com
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Use Apache mode:
|
||||||
|
If you are running a web server, apache or nginx, it its recommended to use the Webroot mode.
|
||||||
|
Particularly, if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
|
||||||
|
|
||||||
|
Just set string "apache" to the first argument, it will use apache plugin automatically.
|
||||||
|
|
||||||
|
```
|
||||||
|
le issue apache aa.com www.aa.com
|
||||||
|
```
|
||||||
|
All the other arguments are the same with previous.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#Under the Hood
|
#Under the Hood
|
||||||
|
115
le.sh
115
le.sh
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
PROJECT="https://github.com/Neilpang/le"
|
||||||
|
|
||||||
DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
|
DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
|
||||||
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
|
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
|
||||||
@ -234,7 +234,15 @@ _stopserver() {
|
|||||||
|
|
||||||
_initpath() {
|
_initpath() {
|
||||||
if [ -z "$WORKING_DIR" ]; then
|
if [ -z "$WORKING_DIR" ]; then
|
||||||
WORKING_DIR=~/.le
|
WORKING_DIR=$HOME/.le
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$ACME_DIR" ] ; then
|
||||||
|
ACME_DIR="/home/.acme"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then
|
||||||
|
APACHE_CONF_BACKUP_DIR="$WORKING_DIR/"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
domain="$1"
|
domain="$1"
|
||||||
@ -256,9 +264,91 @@ _initpath() {
|
|||||||
CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
|
CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
|
||||||
|
|
||||||
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
|
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
_apachePath() {
|
||||||
|
httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
|
||||||
|
httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
|
||||||
|
httpdconf="$httpdroot/$httpdconfname"
|
||||||
|
if [ ! -f $httpdconf ] ; then
|
||||||
|
_err "Apache Config file not found" $httpdconf
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_restoreApache() {
|
||||||
|
_initpath
|
||||||
|
if ! _apachePath ; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then
|
||||||
|
_debug "No config file to restore."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
cp -p "$APACHE_CONF_BACKUP_DIR/$httpdconfname" "$httpdconf"
|
||||||
|
if ! apachectl -t ; then
|
||||||
|
_err "Sorry, restore apache config error, please contact me."
|
||||||
|
return 1;
|
||||||
|
fi
|
||||||
|
rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_setApache() {
|
||||||
|
_initpath
|
||||||
|
if ! _apachePath ; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#backup the conf
|
||||||
|
_debug "Backup apache config file" $httpdconf
|
||||||
|
cp -p $httpdconf $APACHE_CONF_BACKUP_DIR/
|
||||||
|
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
||||||
|
_info "In case there is an error that can not be restored automatically, you may try restore it yourself."
|
||||||
|
_info "The backup file will be deleted on sucess, just forget it."
|
||||||
|
|
||||||
|
#add alias
|
||||||
|
echo "
|
||||||
|
Alias /.well-known/acme-challenge $ACME_DIR
|
||||||
|
|
||||||
|
<Directory $ACME_DIR >
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
</Directory>
|
||||||
|
" >> $httpdconf
|
||||||
|
|
||||||
|
if ! apachectl -t ; then
|
||||||
|
_err "Sorry, apache config error, please contact me."
|
||||||
|
_restoreApache
|
||||||
|
return 1;
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -d "$ACME_DIR" ] ; then
|
||||||
|
mkdir -p "$ACME_DIR"
|
||||||
|
chmod 755 "$ACME_DIR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! apachectl graceful ; then
|
||||||
|
_err "Sorry, apachectl graceful error, please contact me."
|
||||||
|
_restoreApache
|
||||||
|
return 1;
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_clearup () {
|
||||||
|
_stopserver $serverproc
|
||||||
|
_restoreApache
|
||||||
|
}
|
||||||
|
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$1" ] ; then
|
if [ -z "$1" ] ; then
|
||||||
echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
|
echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
|
||||||
@ -331,6 +421,14 @@ issue() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$Le_Webroot" == "apache" ] ; then
|
||||||
|
if ! _setApache ; then
|
||||||
|
_err "set up apache error. Report error to me."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
wellknown_path="$ACME_DIR"
|
||||||
|
fi
|
||||||
|
|
||||||
createAccountKey $Le_Domain $Le_Keylength
|
createAccountKey $Le_Domain $Le_Keylength
|
||||||
|
|
||||||
createDomainKey $Le_Domain $Le_Keylength
|
createDomainKey $Le_Domain $Le_Keylength
|
||||||
@ -373,6 +471,7 @@ issue() {
|
|||||||
_info "Already registered"
|
_info "Already registered"
|
||||||
else
|
else
|
||||||
_err "Register account Error."
|
_err "Register account Error."
|
||||||
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -388,6 +487,7 @@ issue() {
|
|||||||
|
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
|
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
|
||||||
_err "new-authz error: $response"
|
_err "new-authz error: $response"
|
||||||
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -410,7 +510,9 @@ issue() {
|
|||||||
sleep 2
|
sleep 2
|
||||||
_debug serverproc $serverproc
|
_debug serverproc $serverproc
|
||||||
else
|
else
|
||||||
|
if [ -z "$wellknown_path" ] ; then
|
||||||
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
|
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
|
||||||
|
fi
|
||||||
_debug wellknown_path "$wellknown_path"
|
_debug wellknown_path "$wellknown_path"
|
||||||
|
|
||||||
mkdir -p "$wellknown_path"
|
mkdir -p "$wellknown_path"
|
||||||
@ -425,7 +527,7 @@ issue() {
|
|||||||
|
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
||||||
_err "$d:Challenge error: $resource"
|
_err "$d:Challenge error: $resource"
|
||||||
_stopserver $serverproc
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -436,7 +538,7 @@ issue() {
|
|||||||
|
|
||||||
if ! _get $uri ; then
|
if ! _get $uri ; then
|
||||||
_err "$d:Verify error:$resource"
|
_err "$d:Verify error:$resource"
|
||||||
_stopserver $serverproc
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -449,7 +551,7 @@ issue() {
|
|||||||
if [ "$status" == "invalid" ] ; then
|
if [ "$status" == "invalid" ] ; then
|
||||||
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
||||||
_err "$d:Verify error:$error"
|
_err "$d:Verify error:$error"
|
||||||
_stopserver $serverproc
|
_clearup
|
||||||
return 1;
|
return 1;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -457,7 +559,7 @@ issue() {
|
|||||||
_info "Pending"
|
_info "Pending"
|
||||||
else
|
else
|
||||||
_err "$d:Verify error:$response"
|
_err "$d:Verify error:$response"
|
||||||
_stopserver $serverproc
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -488,6 +590,7 @@ issue() {
|
|||||||
if [ -z "$Le_LinkCert" ] ; then
|
if [ -z "$Le_LinkCert" ] ; then
|
||||||
response="$(echo $response | base64 -d)"
|
response="$(echo $response | base64 -d)"
|
||||||
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
|
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
|
||||||
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user