commit
4967fa020f
103
.github/workflows/LetsEncrypt.yml
vendored
103
.github/workflows/LetsEncrypt.yml
vendored
@ -16,34 +16,89 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
Ubuntu:
|
Ubuntu:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
env:
|
env:
|
||||||
TEST_LOCAL: 1
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
run: sudo apt-get install -y socat
|
run: sudo apt-get install -y socat
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: |
|
||||||
|
cd .. \
|
||||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||||
|
&& cp -r acme.sh acmetest/
|
||||||
- name: Run acmetest
|
- name: Run acmetest
|
||||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh
|
run: |
|
||||||
|
cd ../acmetest \
|
||||||
|
&& sudo --preserve-env ./letest.sh
|
||||||
|
|
||||||
MacOS:
|
MacOS:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
runs-on: macos-latest
|
runs-on: macos-latest
|
||||||
env:
|
env:
|
||||||
TEST_LOCAL: 1
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
run: brew install socat
|
run: brew install socat
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: |
|
||||||
|
cd .. \
|
||||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||||
|
&& cp -r acme.sh acmetest/
|
||||||
- name: Run acmetest
|
- name: Run acmetest
|
||||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh
|
run: |
|
||||||
|
cd ../acmetest \
|
||||||
|
&& sudo --preserve-env ./letest.sh
|
||||||
|
|
||||||
Windows:
|
Windows:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
runs-on: windows-latest
|
runs-on: windows-latest
|
||||||
env:
|
env:
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
TEST_LOCAL: 1
|
TEST_LOCAL: 1
|
||||||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
||||||
Le_HTTPPort: 8888
|
Le_HTTPPort: 8888
|
||||||
@ -77,9 +132,24 @@ jobs:
|
|||||||
run: cd ../acmetest && bash.exe -c ./letest.sh
|
run: cd ../acmetest && bash.exe -c ./letest.sh
|
||||||
|
|
||||||
FreeBSD:
|
FreeBSD:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
runs-on: macos-latest
|
runs-on: macos-latest
|
||||||
env:
|
env:
|
||||||
TEST_LOCAL: 1
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- uses: vmactions/cf-tunnel@v0.0.2
|
- uses: vmactions/cf-tunnel@v0.0.2
|
||||||
@ -93,18 +163,34 @@ jobs:
|
|||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/freebsd-vm@v0.1.4
|
- uses: vmactions/freebsd-vm@v0.1.4
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_LOCAL TestingDomain'
|
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
||||||
nat: |
|
nat: |
|
||||||
"8080": "80"
|
"8080": "80"
|
||||||
prepare: pkg install -y socat curl
|
prepare: pkg install -y socat curl
|
||||||
usesh: true
|
usesh: true
|
||||||
run: |
|
run: |
|
||||||
cd ../acmetest && ./letest.sh
|
cd ../acmetest \
|
||||||
|
&& ./letest.sh
|
||||||
|
|
||||||
Solaris:
|
Solaris:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
runs-on: macos-latest
|
runs-on: macos-latest
|
||||||
env:
|
env:
|
||||||
TEST_LOCAL: 1
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- uses: vmactions/cf-tunnel@v0.0.2
|
- uses: vmactions/cf-tunnel@v0.0.2
|
||||||
@ -118,10 +204,11 @@ jobs:
|
|||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/solaris-vm@v0.0.3
|
- uses: vmactions/solaris-vm@v0.0.3
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_LOCAL TestingDomain'
|
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
||||||
nat: |
|
nat: |
|
||||||
"8080": "80"
|
"8080": "80"
|
||||||
prepare: pkgutil -y -i socat curl
|
prepare: pkgutil -y -i socat curl
|
||||||
run: |
|
run: |
|
||||||
cd ../acmetest && ./letest.sh
|
cd ../acmetest \
|
||||||
|
&& ./letest.sh
|
||||||
|
|
||||||
|
16
acme.sh
16
acme.sh
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
VER=2.9.0
|
VER=3.0.0
|
||||||
|
|
||||||
PROJECT_NAME="acme.sh"
|
PROJECT_NAME="acme.sh"
|
||||||
|
|
||||||
@ -29,7 +29,7 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
|
|||||||
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
||||||
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
|
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
|
||||||
|
|
||||||
DEFAULT_CA=$CA_LETSENCRYPT_V2
|
DEFAULT_CA=$CA_ZEROSSL
|
||||||
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
||||||
|
|
||||||
CA_NAMES="
|
CA_NAMES="
|
||||||
@ -3056,7 +3056,7 @@ _checkConf() {
|
|||||||
_debug "Try include files"
|
_debug "Try include files"
|
||||||
for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
|
for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
|
||||||
_debug "check included $included"
|
_debug "check included $included"
|
||||||
if !_startswith "$included" "/" && _exists dirname; then
|
if ! _startswith "$included" "/" && _exists dirname; then
|
||||||
_relpath="$(dirname "$_c_file")"
|
_relpath="$(dirname "$_c_file")"
|
||||||
_debug "_relpath" "$_relpath"
|
_debug "_relpath" "$_relpath"
|
||||||
included="$_relpath/included"
|
included="$_relpath/included"
|
||||||
@ -3526,8 +3526,10 @@ _regAccount() {
|
|||||||
if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
|
if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
|
||||||
_info "No EAB credentials found for ZeroSSL, let's get one"
|
_info "No EAB credentials found for ZeroSSL, let's get one"
|
||||||
if [ -z "$_email" ]; then
|
if [ -z "$_email" ]; then
|
||||||
_err "Please provide a email address for ZeroSSL account."
|
_info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")"
|
||||||
_err "See ZeroSSL usage: $_ZEROSSL_WIKI"
|
_info "$(__green "Please update your account with an email address first.")"
|
||||||
|
_info "$(__green "$PROJECT_ENTRY --register-account -m my@example.com")"
|
||||||
|
_info "See: $(__green "$_ZEROSSL_WIKI")"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
|
_eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
|
||||||
@ -3538,11 +3540,13 @@ _regAccount() {
|
|||||||
fi
|
fi
|
||||||
_debug2 "$_eabresp"
|
_debug2 "$_eabresp"
|
||||||
_eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
|
_eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
|
||||||
|
_secure_debug2 _eab_id "$_eab_id"
|
||||||
if [ -z "$_eab_id" ]; then
|
if [ -z "$_eab_id" ]; then
|
||||||
_err "Can not resolve _eab_id"
|
_err "Can not resolve _eab_id"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
|
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
|
||||||
|
_secure_debug2 _eab_hmac_key "$_eab_hmac_key"
|
||||||
if [ -z "$_eab_hmac_key" ]; then
|
if [ -z "$_eab_hmac_key" ]; then
|
||||||
_err "Can not resolve _eab_hmac_key"
|
_err "Can not resolve _eab_hmac_key"
|
||||||
return 1
|
return 1
|
||||||
@ -3564,7 +3568,7 @@ _regAccount() {
|
|||||||
eab_sign_t="$eab_protected64.$eab_payload64"
|
eab_sign_t="$eab_protected64.$eab_payload64"
|
||||||
_debug3 eab_sign_t "$eab_sign_t"
|
_debug3 eab_sign_t "$eab_sign_t"
|
||||||
|
|
||||||
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')"
|
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')"
|
||||||
_debug3 key_hex "$key_hex"
|
_debug3 key_hex "$key_hex"
|
||||||
|
|
||||||
eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)
|
eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)
|
||||||
|
@ -59,7 +59,7 @@ dns_1984hosting_add() {
|
|||||||
if _contains "$response" '"haserrors": true'; then
|
if _contains "$response" '"haserrors": true'; then
|
||||||
_err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
|
_err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
|
||||||
return 1
|
return 1
|
||||||
elif _contains "$response" "<html>"; then
|
elif _contains "$response" "html>"; then
|
||||||
_err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
|
_err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
|
||||||
return 1
|
return 1
|
||||||
elif _contains "$response" '"auth": false'; then
|
elif _contains "$response" '"auth": false'; then
|
||||||
@ -204,7 +204,7 @@ _get_root() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
_authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
|
_authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
|
||||||
if _contains "$_response" "serial" && ! _contains "$_response" 'null}'; then
|
if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
|
||||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
_domain="$h"
|
_domain="$h"
|
||||||
return 0
|
return 0
|
||||||
|
@ -33,7 +33,7 @@ dns_vultr_add() {
|
|||||||
_debug 'Getting txt records'
|
_debug 'Getting txt records'
|
||||||
_vultr_rest GET "dns/records?domain=$_domain"
|
_vultr_rest GET "dns/records?domain=$_domain"
|
||||||
|
|
||||||
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||||
_err 'Error'
|
_err 'Error'
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -73,12 +73,12 @@ dns_vultr_rm() {
|
|||||||
_debug 'Getting txt records'
|
_debug 'Getting txt records'
|
||||||
_vultr_rest GET "dns/records?domain=$_domain"
|
_vultr_rest GET "dns/records?domain=$_domain"
|
||||||
|
|
||||||
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||||
_err 'Error'
|
_err 'Error'
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
|
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
|
||||||
_debug _record_id "$_record_id"
|
_debug _record_id "$_record_id"
|
||||||
if [ "$_record_id" ]; then
|
if [ "$_record_id" ]; then
|
||||||
_info "Successfully retrieved the record id for ACME challenge."
|
_info "Successfully retrieved the record id for ACME challenge."
|
||||||
|
Loading…
Reference in New Issue
Block a user