nihilist/acme.sh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #20 from Neilpang/dev

Browse Source 
supprt apache server plugin
This commit is contained in:
Neil 2016-01-10 11:01:28 +08:00
commit 2bf1d93afd
2 changed files with 129 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -1,12 +1,12 @@
# le # le
Simplest shell script for LetsEncrypt free Certificate client Simplest shell script for LetsEncrypt free Certificate client
This is a shell version from https://github.com/diafygi/acme-tiny
Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt) Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt)
Just one script, to issue, renew your certificates automatically. Just one script, to issue, renew your certificates automatically.
This is a shell version from https://github.com/diafygi/acme-tiny, but without any dependencies.
Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt. Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt.
@ -15,6 +15,11 @@ Probably it's the smallest&easiest&smartest shell script to automatically issue
2. CentOS 2. CentOS
#Supported Mode
1. Webroot mode
2. Standalone mode
3. Apache mode
#How to use #How to use
1. Clone this project: https://github.com/Neilpang/le.git 1. Clone this project: https://github.com/Neilpang/le.git
@ -37,7 +42,7 @@ root@xvm:~# le
Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall
root@xvm:~# le issue root@xvm:~# le issue
Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no Usage: le issue webroot|no|apache a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
``` ```
@ -77,6 +82,17 @@ The tcp `80` port must be free to listen, otherwise you will be prompted to free
le issue no aa.com www.aa.com,cp.aa.com le issue no aa.com www.aa.com,cp.aa.com
``` ```
# Use Apache mode:
If you are running a web server, apache or nginx, it its recommended to use the Webroot mode.
Particularly, if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
Just set string "apache" to the first argument, it will use apache plugin automatically.
```
le issue apache aa.com www.aa.com
```
All the other arguments are the same with previous.
#Under the Hood #Under the Hood

117
le.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
PROJECT="https://github.com/Neilpang/le"
DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
@ -234,7 +234,15 @@ _stopserver() {
_initpath() { _initpath() {
if [ -z "$WORKING_DIR" ]; then if [ -z "$WORKING_DIR" ]; then
WORKING_DIR=~/.le WORKING_DIR=$HOME/.le
fi
if [ -z "$ACME_DIR" ] ; then
ACME_DIR="/home/.acme"
fi
if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then
APACHE_CONF_BACKUP_DIR="$WORKING_DIR/"
fi fi
domain="$1" domain="$1"
@ -256,9 +264,91 @@ _initpath() {
CERT_PATH="$WORKING_DIR/$domain/$domain.cer" CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer" CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
} }
_apachePath() {
httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
httpdconf="$httpdroot/$httpdconfname"
if [ ! -f $httpdconf ] ; then
_err "Apache Config file not found" $httpdconf
return 1
fi
return 0
}
_restoreApache() {
_initpath
if ! _apachePath ; then
return 1
fi
if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then
_debug "No config file to restore."
return 0
fi
cp -p "$APACHE_CONF_BACKUP_DIR/$httpdconfname" "$httpdconf"
if ! apachectl -t ; then
_err "Sorry, restore apache config error, please contact me."
return 1;
fi
rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname"
return 0
}
_setApache() {
_initpath
if ! _apachePath ; then
return 1
fi
#backup the conf
_debug "Backup apache config file" $httpdconf
cp -p $httpdconf $APACHE_CONF_BACKUP_DIR/
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
_info "In case there is an error that can not be restored automatically, you may try restore it yourself."
_info "The backup file will be deleted on sucess, just forget it."
#add alias
echo "
Alias /.well-known/acme-challenge $ACME_DIR
<Directory $ACME_DIR >
Order allow,deny
Allow from all
</Directory>
" >> $httpdconf
if ! apachectl -t ; then
_err "Sorry, apache config error, please contact me."
_restoreApache
return 1;
fi
if [ ! -d "$ACME_DIR" ] ; then
mkdir -p "$ACME_DIR"
chmod 755 "$ACME_DIR"
fi
if ! apachectl graceful ; then
_err "Sorry, apachectl graceful error, please contact me."
_restoreApache
return 1;
fi
return 0
}
_clearup () {
_stopserver $serverproc
_restoreApache
}
issue() { issue() {
if [ -z "$1" ] ; then if [ -z "$1" ] ; then
echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no" echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
@ -331,6 +421,14 @@ issue() {
fi fi
fi fi
if [ "$Le_Webroot" == "apache" ] ; then
if ! _setApache ; then
_err "set up apache error. Report error to me."
return 1
fi
wellknown_path="$ACME_DIR"
fi
createAccountKey $Le_Domain $Le_Keylength createAccountKey $Le_Domain $Le_Keylength
createDomainKey $Le_Domain $Le_Keylength createDomainKey $Le_Domain $Le_Keylength
@ -373,6 +471,7 @@ issue() {
_info "Already registered" _info "Already registered"
else else
_err "Register account Error." _err "Register account Error."
_clearup
return 1 return 1
fi fi
@ -388,6 +487,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
_err "new-authz error: $response" _err "new-authz error: $response"
_clearup
return 1 return 1
fi fi
@ -410,7 +510,9 @@ issue() {
sleep 2 sleep 2
_debug serverproc $serverproc _debug serverproc $serverproc
else else
wellknown_path="$Le_Webroot/.well-known/acme-challenge" if [ -z "$wellknown_path" ] ; then
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
fi
_debug wellknown_path "$wellknown_path" _debug wellknown_path "$wellknown_path"
mkdir -p "$wellknown_path" mkdir -p "$wellknown_path"
@ -425,7 +527,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
_err "$d:Challenge error: $resource" _err "$d:Challenge error: $resource"
_stopserver $serverproc _clearup
return 1 return 1
fi fi
@ -436,7 +538,7 @@ issue() {
if ! _get $uri ; then if ! _get $uri ; then
_err "$d:Verify error:$resource" _err "$d:Verify error:$resource"
_stopserver $serverproc _clearup
return 1 return 1
fi fi
@ -449,7 +551,7 @@ issue() {
if [ "$status" == "invalid" ] ; then if [ "$status" == "invalid" ] ; then
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
_err "$d:Verify error:$error" _err "$d:Verify error:$error"
_stopserver $serverproc _clearup
return 1; return 1;
fi fi
@ -457,7 +559,7 @@ issue() {
_info "Pending" _info "Pending"
else else
_err "$d:Verify error:$response" _err "$d:Verify error:$response"
_stopserver $serverproc _clearup
return 1 return 1
fi fi
@ -488,6 +590,7 @@ issue() {
if [ -z "$Le_LinkCert" ] ; then if [ -z "$Le_LinkCert" ] ; then
response="$(echo $response | base64 -d)" response="$(echo $response | base64 -d)"
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')" _err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
_clearup
return 1 return 1
fi fi