From ea3c37d754801b289fa6a5abcbeadea1c773b147 Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Wed, 9 Mar 2022 01:36:06 +0100
Subject: [PATCH 01/16] Corrected use of Plesk API calls to fetch all domain
for all Plesk editions
This implementation of the Plesk API will add support for Plesk web admin edition and will now discover all domains managed by the specific plesk instance.
The existing implementation of the Plesk API uses the customer API. This brings two problems:
1. The current API call only fetches the domains of resellers/customers and not the domains that are managed by administrative users.
compare:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-customer-accounts/retrieving-the-list-of-customer%E2%80%99s-domains.75309/
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-plesk-server/getting-server-information/response-packet-structure-and-samples/list-of-domains.75294/
2. The customer API is only available in the pro/admin editions. The most common license on VPS/Dedicated Servers is the web host edition. See: https://www.plesk.com/editions/
The correct way to get all domains in all Plesk editions is to use the Sites (Domains) API:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-sites-domains/getting-information-about-sites.66583/
---
dnsapi/dns_pleskxml.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index f5986827..0f7dc241 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -41,7 +41,7 @@ pleskxml_init_checks_done=0
NEWLINE='\
'
-pleskxml_tplt_get_domains=""
+pleskxml_tplt_get_domains=""
# Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh
# Also used to test credentials and URI.
# No params.
@@ -375,7 +375,7 @@ _pleskxml_get_root_domain() {
# Output will be one line per known domain, containing 2 tages and a single tag
# We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned.
- output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' 'domain' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')"
+ output="$(_api_response_split "$pleskxml_prettyprint_result" 'result' 'ok' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')"
_debug 'Domains managed by Plesk server are (ignore the hacked output):'
_debug "$output"
From a6b58bc88d390a21baf3cf457f3d3daba314222b Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Wed, 9 Mar 2022 01:36:06 +0100
Subject: [PATCH 02/16] Corrected use of Plesk API calls to fetch all domain
for all Plesk editions
This implementation of the Plesk API will add support for Plesk web admin edition and will now discover all domains ( of customers & administrative users) managed by the specific plesk instance.
The previous implementation of the Plesk API uses the customer API. This brings two problems:
1. The current API call only fetches the domains of resellers/customers and not the domains that are managed by administrative users.
compare:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-customer-accounts/retrieving-the-list-of-customer%E2%80%99s-domains.75309/
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-plesk-server/getting-server-information/response-packet-structure-and-samples/list-of-domains.75294/
2. The customer API is only available in the web pro/host editions. The most common license on VPS/Dedicated Servers is nowadays the web admin edition. See: https://www.plesk.com/editions/
The correct way to get all domains in all Plesk editions is to use the Sites (Domains) API:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-sites-domains/getting-information-about-sites.66583/
This way is working for all plesk editions the same way.
---
dnsapi/dns_pleskxml.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index f5986827..0f7dc241 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -41,7 +41,7 @@ pleskxml_init_checks_done=0
NEWLINE='\
'
-pleskxml_tplt_get_domains=""
+pleskxml_tplt_get_domains=""
# Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh
# Also used to test credentials and URI.
# No params.
@@ -375,7 +375,7 @@ _pleskxml_get_root_domain() {
# Output will be one line per known domain, containing 2 tages and a single tag
# We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned.
- output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' 'domain' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')"
+ output="$(_api_response_split "$pleskxml_prettyprint_result" 'result' 'ok' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')"
_debug 'Domains managed by Plesk server are (ignore the hacked output):'
_debug "$output"
From 095697900b94e05f3ba8176c53632d6d3a7769e0 Mon Sep 17 00:00:00 2001
From: Marcel Hellkamp
Date: Wed, 22 Jun 2022 17:54:49 +0200
Subject: [PATCH 03/16] fix: Challenge not skipped for pre-validated wildcard
domain orders
Some CAs auto-validate orders based on account-level rules and do not
require a challenge at all. Sectigo introduced a non-standard challenges
named 'sectigo-dns-01', presumably to work around this issue in certbot.
This also works for non-wildcard domains in acme.sh, but wildcard domains
are rejected because acme.sh hard-codes 'dns-01' as the only allowed
challenge for wildcard domains, which is not offered by Sectigo.
This change simply moves the '"status":"valid"' check up a bit and ignores
challenge type mismatches or missing tokens if no challenge is needed anyway.
---
acme.sh | 42 +++++++++++++++++-------------------------
1 file changed, 17 insertions(+), 25 deletions(-)
diff --git a/acme.sh b/acme.sh
index 260733a2..3210efd6 100755
--- a/acme.sh
+++ b/acme.sh
@@ -4600,28 +4600,26 @@ $_authorizations_map"
thumbprint="$(__calc_account_thumbprint)"
fi
+ keyauthorization=""
+
+ if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
+ _debug "$d is already valid."
+ keyauthorization="$STATE_VERIFIED"
+ _debug keyauthorization "$keyauthorization"
+ fi
+
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
_debug entry "$entry"
- keyauthorization=""
- if [ -z "$entry" ]; then
- if ! _startswith "$d" '*.'; then
- _debug "Not a wildcard domain, lets check whether the validation is already valid."
- if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
- _debug "$d is already valid."
- keyauthorization="$STATE_VERIFIED"
- _debug keyauthorization "$keyauthorization"
- fi
- fi
- if [ -z "$keyauthorization" ]; then
- _err "Error, can not get domain token entry $d for $vtype"
- _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
- if [ "$_supported_vtypes" ]; then
- _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
- fi
- _clearup
- _on_issue_err "$_post_hook"
- return 1
+
+ if [ -z "$keyauthorization" -a -z "$entry" ]; then
+ _err "Error, can not get domain token entry $d for $vtype"
+ _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
+ if [ "$_supported_vtypes" ]; then
+ _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
fi
+ _clearup
+ _on_issue_err "$_post_hook"
+ return 1
fi
if [ -z "$keyauthorization" ]; then
@@ -4647,12 +4645,6 @@ $_authorizations_map"
fi
keyauthorization="$token.$thumbprint"
_debug keyauthorization "$keyauthorization"
-
- if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
- _debug "$d is already verified."
- keyauthorization="$STATE_VERIFIED"
- _debug keyauthorization "$keyauthorization"
- fi
fi
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot"
From ba3e088b238382c76922fcf4a312819292bc75cb Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Thu, 7 Jul 2022 17:32:22 +0200
Subject: [PATCH 04/16] Improved error handling
Improved error handling when result contains data-structure which might contain another status-flag that is related to the status of the related object and not the api call
Revert "Improved error handling"
This reverts commit fa6df1cfab134d38baad19fc1caa0842f00416d5.
Revert "Revert "Improved error handling""
This reverts commit 5a4b78392f063863ee9f56686f5c429e9376af1b.
---
dnsapi/dns_pleskxml.sh | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index 0f7dc241..e0b1724b 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -251,9 +251,12 @@ _call_api() {
# Detect any that isn't "ok". None of the used calls should fail if the API is working correctly.
# Also detect if there simply aren't any status lines (null result?) and report that, as well.
+ # Remove structure from result string, since it might contain values that are related to the status of the domain and not to the API request
- statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *[^<]* *$')"
- statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *ok *$')"
+ statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | sed '//,/<\/data>/d' | grep -c '^ *[^<]* *$')"
+ statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | sed '//,/<\/data>/d' | grep -c '^ *ok *$')"
+ _debug "statuslines_count_total=$statuslines_count_total."
+ _debug "statuslines_count_okay=$statuslines_count_okay."
if [ -z "$statuslines_count_total" ]; then
From b41d40da4010bc99bae3966dcc84df4b7b9abbd9 Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Sat, 9 Jul 2022 21:23:50 +0200
Subject: [PATCH 05/16] Extended debug logging in dns_pleskxml_rm()
---
dnsapi/dns_pleskxml.sh | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index e0b1724b..bcd72d9a 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -152,13 +152,23 @@ dns_pleskxml_rm() {
_debug "Got list of DNS TXT records for root domain '$root_domain_name':"
_debug "$reclist"
- recid="$(
+ recline="$(
_value "$reclist" |
grep "${fulldomain}." |
- grep "${txtvalue}" |
+ grep "${txtvalue}"
+ )"
+
+ _debug "Got line for ${fulldomain}. and ${txtvalue}:"
+ _debug "$recline"
+
+ recid="$(
+ _value "$recline" |
sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/'
)"
+ _debug "Got id from line:"
+ _debug $recid
+
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
_err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
_err "Cannot delete TXT record. Exiting."
From 55a55e9f74a7c0842ed12d9e76d89b2c3232cdce Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Sat, 9 Jul 2022 21:28:19 +0200
Subject: [PATCH 06/16] Fixed debug log to prevent globbing and word splitting.
---
dnsapi/dns_pleskxml.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index bcd72d9a..56902e20 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -157,7 +157,7 @@ dns_pleskxml_rm() {
grep "${fulldomain}." |
grep "${txtvalue}"
)"
-
+
_debug "Got line for ${fulldomain}. and ${txtvalue}:"
_debug "$recline"
@@ -167,7 +167,7 @@ dns_pleskxml_rm() {
)"
_debug "Got id from line:"
- _debug $recid
+ _debug "$recid"
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
_err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
From bc7e02b47a7b04c367e08962a84a63170701f890 Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Sun, 10 Jul 2022 17:11:27 +0200
Subject: [PATCH 07/16] Fixed removal of TXT record when subdomain is
case-sensitive and improved debug logging
Plesk SPI return domain names always lower-case. Therefore the search for domain names in the API response must be case-insensitve. Set debug logging to the values that are reallys used for the spi calls.
added comment
---
dnsapi/dns_pleskxml.sh | 23 ++++++++---------------
1 file changed, 8 insertions(+), 15 deletions(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index 56902e20..a8f7f7be 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -145,32 +145,25 @@ dns_pleskxml_rm() {
)"
if [ -z "$reclist" ]; then
- _err "No TXT records found for root domain ${root_domain_name} (Plesk domain ID ${root_domain_id}). Exiting."
+ _err "No TXT records found for root domain $fulldomain (Plesk domain ID ${root_domain_id}). Exiting."
return 1
fi
- _debug "Got list of DNS TXT records for root domain '$root_domain_name':"
+ _debug "Got list of DNS TXT records for root Plesk domain ID ${root_domain_id} of root domain $fulldomain:"
_debug "$reclist"
- recline="$(
- _value "$reclist" |
- grep "${fulldomain}." |
- grep "${txtvalue}"
- )"
-
- _debug "Got line for ${fulldomain}. and ${txtvalue}:"
- _debug "$recline"
-
+ # Extracting the id of the TXT record for the full domain (NOT case-sensitive) and corresponding value
recid="$(
- _value "$recline" |
+ _value "$reclist" |
+ grep -i "${fulldomain}." |
+ grep "${txtvalue}" |
sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/'
)"
- _debug "Got id from line:"
- _debug "$recid"
+ _debug "Got id from line: $recid"
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
- _err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
+ _err "DNS records for root domain '${fulldomain}.' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
_err "Cannot delete TXT record. Exiting."
return 1
fi
From ca0981645fd0d855679e19565f59a40096c61fcf Mon Sep 17 00:00:00 2001
From: lufi42 <101186892+lufi42@users.noreply.github.com>
Date: Sun, 10 Jul 2022 17:34:30 +0200
Subject: [PATCH 08/16] Fixed shfmt error
---
dnsapi/dns_pleskxml.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh
index a8f7f7be..799c374c 100644
--- a/dnsapi/dns_pleskxml.sh
+++ b/dnsapi/dns_pleskxml.sh
@@ -160,7 +160,7 @@ dns_pleskxml_rm() {
sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/'
)"
- _debug "Got id from line: $recid"
+ _debug "Got id from line: $recid"
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then
_err "DNS records for root domain '${fulldomain}.' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'"
From a7bc2293c0874129b3daf297905fa6c11eeb9d5b Mon Sep 17 00:00:00 2001
From: neilpang
Date: Sun, 23 Apr 2023 13:16:12 +0800
Subject: [PATCH 09/16] fix
https://github.com/acmesh-official/acme.sh/issues/4612#issuecomment-1518929996
---
deploy/docker.sh | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/deploy/docker.sh b/deploy/docker.sh
index 3aa1b2cd..457e29ab 100755
--- a/deploy/docker.sh
+++ b/deploy/docker.sh
@@ -273,16 +273,27 @@ _check_curl_version() {
_minor="$(_getfield "$_cversion" 2 '.')"
_debug2 "_minor" "$_minor"
- if [ "$_major$_minor" -lt "740" ]; then
+ if [ "$_major" -ge "8" ]; then
+ #ok
+ return 0;
+ fi
+ if [ "$_major" = "7" ]; then
+ if [ "$_minor" -lt "40" ]; then
+ _err "curl v$_cversion doesn't support unit socket"
+ _err "Please upgrade to curl 7.40 or later."
+ return 1
+ fi
+ if [ "$_minor" -lt "50" ]; then
+ _debug "Use short host name"
+ export _CURL_NO_HOST=1
+ else
+ export _CURL_NO_HOST=
+ fi
+ return 0
+ else
_err "curl v$_cversion doesn't support unit socket"
_err "Please upgrade to curl 7.40 or later."
return 1
fi
- if [ "$_major$_minor" -lt "750" ]; then
- _debug "Use short host name"
- export _CURL_NO_HOST=1
- else
- export _CURL_NO_HOST=
- fi
- return 0
+
}
From b937665b90d742ea5432c135b3cfc18eecf33014 Mon Sep 17 00:00:00 2001
From: neilpang
Date: Sun, 23 Apr 2023 13:18:17 +0800
Subject: [PATCH 10/16] minor
---
deploy/docker.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/deploy/docker.sh b/deploy/docker.sh
index 457e29ab..c9815d5b 100755
--- a/deploy/docker.sh
+++ b/deploy/docker.sh
@@ -275,7 +275,7 @@ _check_curl_version() {
if [ "$_major" -ge "8" ]; then
#ok
- return 0;
+ return 0
fi
if [ "$_major" = "7" ]; then
if [ "$_minor" -lt "40" ]; then
From e6e22a1ca15cd7fc20242e3e8074858d9081d04f Mon Sep 17 00:00:00 2001
From: Franco Fichtner
Date: Tue, 9 May 2023 08:44:18 +0200
Subject: [PATCH 11/16] dnsapi: fix OPNsense script to be compatible with
upcoming 23.1.8
The current script is already broken due to Bind 9.16 -> 9.18 changes
due to their renaming scheme for primary/secondary so do not rely on the
compat layer (which was also broken for other reasons).
---
dnsapi/dns_opnsense.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh
index c2806a1b..d40cbe28 100755
--- a/dnsapi/dns_opnsense.sh
+++ b/dnsapi/dns_opnsense.sh
@@ -137,7 +137,7 @@ _get_root() {
domain=$1
i=2
p=1
- if _opns_rest "GET" "/domain/searchMasterDomain"; then
+ if _opns_rest "GET" "/domain/searchPrimaryDomain"; then
_domain_response="$response"
else
return 1
@@ -150,7 +150,7 @@ _get_root() {
return 1
fi
_debug h "$h"
- id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"master\",\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
+ id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"primary\",\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
if [ -n "$id" ]; then
_debug id "$id"
_host=$(printf "%s" "$domain" | cut -d . -f 1-$p)
From 6c8920f63eb59e554767e40dcefacec55ecf1396 Mon Sep 17 00:00:00 2001
From: Sergey Ponomarev
Date: Mon, 5 Jun 2023 12:54:54 +0300
Subject: [PATCH 12/16] dns_ovh.sh Add ovh-us endpoint
Remove discontinued runabove.com
If any new env will be added then a user may spe
Signed-off-by: Sergey Ponomarev
---
dnsapi/dns_ovh.sh | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh
index 5e35011b..e1a958f6 100755
--- a/dnsapi/dns_ovh.sh
+++ b/dnsapi/dns_ovh.sh
@@ -14,6 +14,9 @@
#'ovh-eu'
OVH_EU='https://eu.api.ovh.com/1.0'
+#'ovh-us'
+OVH_US='https://api.us.ovhcloud.com/1.0'
+
#'ovh-ca':
OVH_CA='https://ca.api.ovh.com/1.0'
@@ -29,9 +32,6 @@ SYS_EU='https://eu.api.soyoustart.com/1.0'
#'soyoustart-ca'
SYS_CA='https://ca.api.soyoustart.com/1.0'
-#'runabove-ca'
-RAV_CA='https://api.runabove.com/1.0'
-
wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api"
ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success"
@@ -45,6 +45,10 @@ _ovh_get_api() {
printf "%s" $OVH_EU
return
;;
+ ovh-us | ovhus)
+ printf "%s" $OVH_US
+ return
+ ;;
ovh-ca | ovhca)
printf "%s" $OVH_CA
return
@@ -65,14 +69,15 @@ _ovh_get_api() {
printf "%s" $SYS_CA
return
;;
- runabove-ca | runaboveca)
- printf "%s" $RAV_CA
+ # raw API url starts with https://
+ https*)
+ printf "%s" "$1"
return
;;
*)
- _err "Unknown parameter : $1"
+ _err "Unknown endpoint : $1"
return 1
;;
esac
From beab808b76fa49ab0eb2306b4b800acdb39e7f0e Mon Sep 17 00:00:00 2001
From: Justin Nogossek
Date: Wed, 7 Jun 2023 23:35:47 +0200
Subject: [PATCH 13/16] Update URL
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 15bc4089..d04d4d48 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
- [archlinux](https://www.archlinux.org/packages/community/any/acme.sh)
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
-- [CentOS Web Panel](http://centos-webpanel.com/)
+- [CentOS Web Panel](https://control-webpanel.com)
- [lnmp.org](https://lnmp.org/)
- [more...](https://github.com/acmesh-official/acme.sh/wiki/Blogs-and-tutorials)
From caf23f9a0484c81ed9185e7ed479394d9736d3af Mon Sep 17 00:00:00 2001
From: Justin Nogossek
Date: Wed, 7 Jun 2023 23:36:18 +0200
Subject: [PATCH 14/16] Remove not anymore exists tutorials and websites
---
README.md | 2 --
1 file changed, 2 deletions(-)
diff --git a/README.md b/README.md
index d04d4d48..73ff3321 100644
--- a/README.md
+++ b/README.md
@@ -51,12 +51,10 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
- [ruby-china.org](https://ruby-china.org/topics/31983)
- [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management)
- [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89)
-- [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt)
- [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty)
- [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709)
- [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html)
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
-- [archlinux](https://www.archlinux.org/packages/community/any/acme.sh)
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
- [CentOS Web Panel](https://control-webpanel.com)
- [lnmp.org](https://lnmp.org/)
From 4c30250782ff7440ca5ceeddb066a67ca450fcc7 Mon Sep 17 00:00:00 2001
From: neil
Date: Fri, 9 Jun 2023 19:59:29 +0800
Subject: [PATCH 15/16] fix
https://github.com/acmesh-official/acme.sh/issues/4659
---
acme.sh | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/acme.sh b/acme.sh
index 37d13662..df0bd27d 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2884,6 +2884,7 @@ _initpath() {
fi
fi
_debug DOMAIN_PATH "$DOMAIN_PATH"
+ export DOMAIN_PATH
fi
if [ -z "$DOMAIN_BACKUP_PATH" ]; then
@@ -4952,18 +4953,6 @@ $_authorizations_map"
if ! chmod a+r "$wellknown_path/$token"; then
_debug "chmod failed, but we just continue."
fi
- if [ ! "$usingApache" ]; then
- if webroot_owner=$(_stat "$_currentRoot"); then
- _debug "Changing owner/group of .well-known to $webroot_owner"
- if ! _exec "chown -R \"$webroot_owner\" \"$_currentRoot/.well-known\""; then
- _debug "$(cat "$_EXEC_TEMP_ERR")"
- _exec_err >/dev/null 2>&1
- fi
- else
- _debug "not changing owner/group of webroot"
- fi
- fi
-
fi
elif [ "$vtype" = "$VTYPE_ALPN" ]; then
acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
From 327e2fb0a4bdbe4b75339e1cad6d20bda29318d6 Mon Sep 17 00:00:00 2001
From: neil
Date: Fri, 9 Jun 2023 20:18:38 +0800
Subject: [PATCH 16/16] remove all exec.
https://github.com/acmesh-official/acme.sh/issues/4659
---
acme.sh | 40 ++++++++--------------------------------
1 file changed, 8 insertions(+), 32 deletions(-)
diff --git a/acme.sh b/acme.sh
index df0bd27d..633eb9fa 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2936,22 +2936,6 @@ _initpath() {
}
-_exec() {
- if [ -z "$_EXEC_TEMP_ERR" ]; then
- _EXEC_TEMP_ERR="$(_mktemp)"
- fi
-
- if [ "$_EXEC_TEMP_ERR" ]; then
- eval "$@ 2>>$_EXEC_TEMP_ERR"
- else
- eval "$@"
- fi
-}
-
-_exec_err() {
- [ "$_EXEC_TEMP_ERR" ] && _err "$(cat "$_EXEC_TEMP_ERR")" && echo "" >"$_EXEC_TEMP_ERR"
-}
-
_apachePath() {
_APACHECTL="apachectl"
if ! _exists apachectl; then
@@ -2964,8 +2948,7 @@ _apachePath() {
fi
fi
- if ! _exec $_APACHECTL -V >/dev/null; then
- _exec_err
+ if ! $_APACHECTL -V >/dev/null; then
return 1
fi
@@ -3017,8 +3000,7 @@ _restoreApache() {
cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf"
_debug "Restored: $httpdconf."
- if ! _exec $_APACHECTL -t; then
- _exec_err
+ if ! $_APACHECTL -t; then
_err "Sorry, restore apache config error, please contact me."
return 1
fi
@@ -3036,8 +3018,7 @@ _setApache() {
#test the conf first
_info "Checking if there is an error in the apache config file before starting."
- if ! _exec "$_APACHECTL" -t >/dev/null; then
- _exec_err
+ if ! $_APACHECTL -t >/dev/null; then
_err "The apache config file has error, please fix it first, then try again."
_err "Don't worry, there is nothing changed to your system."
return 1
@@ -3098,8 +3079,7 @@ Allow from all
chmod 755 "$ACME_DIR"
fi
- if ! _exec "$_APACHECTL" graceful; then
- _exec_err
+ if ! $_APACHECTL graceful; then
_err "$_APACHECTL graceful error, please contact me."
_restoreApache
return 1
@@ -3184,8 +3164,7 @@ _setNginx() {
return 1
fi
_info "Check the nginx conf before setting up."
- if ! _exec "nginx -t" >/dev/null; then
- _exec_err
+ if ! nginx -t >/dev/null; then
return 1
fi
@@ -3212,16 +3191,14 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
fi
_debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)"
_info "nginx conf is done, let's check it again."
- if ! _exec "nginx -t" >/dev/null; then
- _exec_err
+ if ! nginx -t >/dev/null; then
_err "It seems that nginx conf was broken, let's restore."
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
return 1
fi
_info "Reload nginx"
- if ! _exec "nginx -s reload" >/dev/null; then
- _exec_err
+ if ! nginx -s reload >/dev/null; then
_err "It seems that nginx reload error, let's restore."
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
return 1
@@ -3346,8 +3323,7 @@ _restoreNginx() {
done
_info "Reload nginx"
- if ! _exec "nginx -s reload" >/dev/null; then
- _exec_err
+ if ! nginx -s reload >/dev/null; then
_err "It seems that nginx reload error, please report bug."
return 1
fi