diff --git a/README.md b/README.md
index 15bc4089..73ff3321 100644
--- a/README.md
+++ b/README.md
@@ -51,14 +51,12 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
- [ruby-china.org](https://ruby-china.org/topics/31983)
- [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management)
- [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89)
-- [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt)
- [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty)
- [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709)
- [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html)
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
-- [archlinux](https://www.archlinux.org/packages/community/any/acme.sh)
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
-- [CentOS Web Panel](http://centos-webpanel.com/)
+- [CentOS Web Panel](https://control-webpanel.com)
- [lnmp.org](https://lnmp.org/)
- [more...](https://github.com/acmesh-official/acme.sh/wiki/Blogs-and-tutorials)
diff --git a/acme.sh b/acme.sh
index d5caee4d..633eb9fa 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2884,6 +2884,7 @@ _initpath() {
fi
fi
_debug DOMAIN_PATH "$DOMAIN_PATH"
+ export DOMAIN_PATH
fi
if [ -z "$DOMAIN_BACKUP_PATH" ]; then
@@ -2935,22 +2936,6 @@ _initpath() {
}
-_exec() {
- if [ -z "$_EXEC_TEMP_ERR" ]; then
- _EXEC_TEMP_ERR="$(_mktemp)"
- fi
-
- if [ "$_EXEC_TEMP_ERR" ]; then
- eval "$@ 2>>$_EXEC_TEMP_ERR"
- else
- eval "$@"
- fi
-}
-
-_exec_err() {
- [ "$_EXEC_TEMP_ERR" ] && _err "$(cat "$_EXEC_TEMP_ERR")" && echo "" >"$_EXEC_TEMP_ERR"
-}
-
_apachePath() {
_APACHECTL="apachectl"
if ! _exists apachectl; then
@@ -2963,8 +2948,7 @@ _apachePath() {
fi
fi
- if ! _exec $_APACHECTL -V >/dev/null; then
- _exec_err
+ if ! $_APACHECTL -V >/dev/null; then
return 1
fi
@@ -3016,8 +3000,7 @@ _restoreApache() {
cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf"
_debug "Restored: $httpdconf."
- if ! _exec $_APACHECTL -t; then
- _exec_err
+ if ! $_APACHECTL -t; then
_err "Sorry, restore apache config error, please contact me."
return 1
fi
@@ -3035,8 +3018,7 @@ _setApache() {
#test the conf first
_info "Checking if there is an error in the apache config file before starting."
- if ! _exec "$_APACHECTL" -t >/dev/null; then
- _exec_err
+ if ! $_APACHECTL -t >/dev/null; then
_err "The apache config file has error, please fix it first, then try again."
_err "Don't worry, there is nothing changed to your system."
return 1
@@ -3097,8 +3079,7 @@ Allow from all
chmod 755 "$ACME_DIR"
fi
- if ! _exec "$_APACHECTL" graceful; then
- _exec_err
+ if ! $_APACHECTL graceful; then
_err "$_APACHECTL graceful error, please contact me."
_restoreApache
return 1
@@ -3183,8 +3164,7 @@ _setNginx() {
return 1
fi
_info "Check the nginx conf before setting up."
- if ! _exec "nginx -t" >/dev/null; then
- _exec_err
+ if ! nginx -t >/dev/null; then
return 1
fi
@@ -3211,16 +3191,14 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
fi
_debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)"
_info "nginx conf is done, let's check it again."
- if ! _exec "nginx -t" >/dev/null; then
- _exec_err
+ if ! nginx -t >/dev/null; then
_err "It seems that nginx conf was broken, let's restore."
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
return 1
fi
_info "Reload nginx"
- if ! _exec "nginx -s reload" >/dev/null; then
- _exec_err
+ if ! nginx -s reload >/dev/null; then
_err "It seems that nginx reload error, let's restore."
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
return 1
@@ -3345,8 +3323,7 @@ _restoreNginx() {
done
_info "Reload nginx"
- if ! _exec "nginx -s reload" >/dev/null; then
- _exec_err
+ if ! nginx -s reload >/dev/null; then
_err "It seems that nginx reload error, please report bug."
return 1
fi
@@ -4684,28 +4661,26 @@ $_authorizations_map"
thumbprint="$(__calc_account_thumbprint)"
fi
+ keyauthorization=""
+
+ if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
+ _debug "$d is already valid."
+ keyauthorization="$STATE_VERIFIED"
+ _debug keyauthorization "$keyauthorization"
+ fi
+
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
_debug entry "$entry"
- keyauthorization=""
- if [ -z "$entry" ]; then
- if ! _startswith "$d" '*.'; then
- _debug "Not a wildcard domain, lets check whether the validation is already valid."
- if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
- _debug "$d is already valid."
- keyauthorization="$STATE_VERIFIED"
- _debug keyauthorization "$keyauthorization"
- fi
- fi
- if [ -z "$keyauthorization" ]; then
- _err "Error, can not get domain token entry $d for $vtype"
- _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
- if [ "$_supported_vtypes" ]; then
- _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
- fi
- _clearup
- _on_issue_err "$_post_hook"
- return 1
+
+ if [ -z "$keyauthorization" -a -z "$entry" ]; then
+ _err "Error, can not get domain token entry $d for $vtype"
+ _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
+ if [ "$_supported_vtypes" ]; then
+ _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
fi
+ _clearup
+ _on_issue_err "$_post_hook"
+ return 1
fi
if [ -z "$keyauthorization" ]; then
@@ -4731,12 +4706,6 @@ $_authorizations_map"
fi
keyauthorization="$token.$thumbprint"
_debug keyauthorization "$keyauthorization"
-
- if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
- _debug "$d is already verified."
- keyauthorization="$STATE_VERIFIED"
- _debug keyauthorization "$keyauthorization"
- fi
fi
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot"
@@ -4960,18 +4929,6 @@ $_authorizations_map"
if ! chmod a+r "$wellknown_path/$token"; then
_debug "chmod failed, but we just continue."
fi
- if [ ! "$usingApache" ]; then
- if webroot_owner=$(_stat "$_currentRoot"); then
- _debug "Changing owner/group of .well-known to $webroot_owner"
- if ! _exec "chown -R \"$webroot_owner\" \"$_currentRoot/.well-known\""; then
- _debug "$(cat "$_EXEC_TEMP_ERR")"
- _exec_err >/dev/null 2>&1
- fi
- else
- _debug "not changing owner/group of webroot"
- fi
- fi
-
fi
elif [ "$vtype" = "$VTYPE_ALPN" ]; then
acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
diff --git a/deploy/docker.sh b/deploy/docker.sh
index 3aa1b2cd..c9815d5b 100755
--- a/deploy/docker.sh
+++ b/deploy/docker.sh
@@ -273,16 +273,27 @@ _check_curl_version() {
_minor="$(_getfield "$_cversion" 2 '.')"
_debug2 "_minor" "$_minor"
- if [ "$_major$_minor" -lt "740" ]; then
+ if [ "$_major" -ge "8" ]; then
+ #ok
+ return 0
+ fi
+ if [ "$_major" = "7" ]; then
+ if [ "$_minor" -lt "40" ]; then
+ _err "curl v$_cversion doesn't support unit socket"
+ _err "Please upgrade to curl 7.40 or later."
+ return 1
+ fi
+ if [ "$_minor" -lt "50" ]; then
+ _debug "Use short host name"
+ export _CURL_NO_HOST=1
+ else
+ export _CURL_NO_HOST=
+ fi
+ return 0
+ else
_err "curl v$_cversion doesn't support unit socket"
_err "Please upgrade to curl 7.40 or later."
return 1
fi
- if [ "$_major$_minor" -lt "750" ]; then
- _debug "Use short host name"
- export _CURL_NO_HOST=1
- else
- export _CURL_NO_HOST=
- fi
- return 0
+
}
diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh
index c2806a1b..d40cbe28 100755
--- a/dnsapi/dns_opnsense.sh
+++ b/dnsapi/dns_opnsense.sh
@@ -137,7 +137,7 @@ _get_root() {
domain=$1
i=2
p=1
- if _opns_rest "GET" "/domain/searchMasterDomain"; then
+ if _opns_rest "GET" "/domain/searchPrimaryDomain"; then
_domain_response="$response"
else
return 1
@@ -150,7 +150,7 @@ _get_root() {
return 1
fi
_debug h "$h"
- id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"master\",\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
+ id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"primary\",\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
if [ -n "$id" ]; then
_debug id "$id"
_host=$(printf "%s" "$domain" | cut -d . -f 1-$p)
diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh
index 5e35011b..e1a958f6 100755
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@@ -14,6 +14,9 @@
#'ovh-eu'
OVH_EU='https://eu.api.ovh.com/1.0'
+#'ovh-us'
+OVH_US='https://api.us.ovhcloud.com/1.0'
+
#'ovh-ca':
OVH_CA='https://ca.api.ovh.com/1.0'
@@ -29,9 +32,6 @@ SYS_EU='https://eu.api.soyoustart.com/1.0'
#'soyoustart-ca'
SYS_CA='https://ca.api.soyoustart.com/1.0'
-#'runabove-ca'
-RAV_CA='https://api.runabove.com/1.0'
-
wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api"
ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success"
@@ -45,6 +45,10 @@ _ovh_get_api() {
printf "%s" $OVH_EU
return
;;
+ ovh-us | ovhus)
+ printf "%s" $OVH_US
+ return
+ ;;
ovh-ca | ovhca)
printf "%s" $OVH_CA
return
@@ -65,14 +69,15 @@ _ovh_get_api() {
printf "%s" $SYS_CA
return
;;
- runabove-ca | runaboveca)
- printf "%s" $RAV_CA
+ # raw API url starts with https://
+ https*)
+ printf "%s" "$1"
return
;;
*)
- _err "Unknown parameter : $1"
+ _err "Unknown endpoint : $1"
return 1
;;
esac
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index f5986827..799c374c 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -41,7 +41,7 @@ pleskxml_init_checks_done=0
NEWLINE='\
'
-pleskxml_tplt_get_domains=""
+pleskxml_tplt_get_domains=""
# Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh
# Also used to test credentials and URI.
# No params.
@@ -145,22 +145,25 @@ dns_pleskxml_rm() {
)"
if [ -z "$reclist" ]; then
- _err "No TXT records found for root domain ${root_domain_name} (Plesk domain ID ${root_domain_id}). Exiting."
+ _err "No TXT records found for root domain $fulldomain (Plesk domain ID ${root_domain_id}). Exiting."
return 1
fi
- _debug "Got list of DNS TXT records for root domain '$root_domain_name':"
+ _debug "Got list of DNS TXT records for root Plesk domain ID ${root_domain_id} of root domain $fulldomain:"
_debug "$reclist"
+ # Extracting the id of the TXT record for the full domain (NOT case-sensitive) and corresponding value
recid="$(
_value "$reclist" |
- grep "${fulldomain}." |
+ grep -i "${fulldomain}." |
grep "${txtvalue}" |
sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/'
)"
+ _debug "Got id from line: $recid"
+
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
- _err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
+ _err "DNS records for root domain '${fulldomain}.' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
_err "Cannot delete TXT record. Exiting."
return 1
fi
@@ -251,9 +254,12 @@ _call_api() {
# Detect any that isn't "ok". None of the used calls should fail if the API is working correctly.
# Also detect if there simply aren't any status lines (null result?) and report that, as well.
+ # Remove structure from result string, since it might contain values that are related to the status of the domain and not to the API request
- statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *[^<]* *$')"
- statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *ok *$')"
+ statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | sed '//,/<\/data>/d' | grep -c '^ *[^<]* *$')"
+ statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | sed '//,/<\/data>/d' | grep -c '^ *ok *$')"
+ _debug "statuslines_count_total=$statuslines_count_total."
+ _debug "statuslines_count_okay=$statuslines_count_okay."
if [ -z "$statuslines_count_total" ]; then
@@ -375,7 +381,7 @@ _pleskxml_get_root_domain() {
# Output will be one line per known domain, containing 2 tages and a single tag
# We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned.
- output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' 'domain' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')"
+ output="$(_api_response_split "$pleskxml_prettyprint_result" 'result' 'ok' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')"
_debug 'Domains managed by Plesk server are (ignore the hacked output):'
_debug "$output"