support SSL.com

This commit is contained in:
neilpang 2021-06-21 21:31:00 +08:00
parent 280e44304a
commit 53d6ab6c23
2 changed files with 27 additions and 7 deletions

View File

@ -88,6 +88,7 @@ https://github.com/acmesh-official/acmetest
- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default) - [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default)
- Letsencrypt.org CA - Letsencrypt.org CA
- [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
- [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA)
- [Pebble strict Mode](https://github.com/letsencrypt/pebble) - [Pebble strict Mode](https://github.com/letsencrypt/pebble)
- Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA

33
acme.sh
View File

@ -29,18 +29,24 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90" CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email" _ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa"
CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
DEFAULT_CA=$CA_ZEROSSL DEFAULT_CA=$CA_ZEROSSL
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
CA_NAMES=" CA_NAMES="
ZeroSSL.com,zerossl
LetsEncrypt.org,letsencrypt LetsEncrypt.org,letsencrypt
LetsEncrypt.org_test,letsencrypt_test,letsencrypttest LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
BuyPass.com,buypass BuyPass.com,buypass
BuyPass.com_test,buypass_test,buypasstest BuyPass.com_test,buypass_test,buypasstest
ZeroSSL.com,zerossl SSL.com,sslcom
" "
CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL" CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA"
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)" DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
@ -155,6 +161,8 @@ _REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"
_ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA" _ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
_SSLCOM_WIKI="https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA"
_SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server" _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain" _PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
@ -2617,7 +2625,13 @@ _initpath() {
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)" _ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST" _debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST" _ACME_SERVER_PATH="$(echo "$ACME_DIRECTORY" | cut -d : -f 2- | tr -s / | cut -d / -f 3-)"
_debug2 "_ACME_SERVER_PATH" "$_ACME_SERVER_PATH"
if [ -z "$_ACME_SERVER_PATH" ] || [ "$_ACME_SERVER_PATH" = "directory" ]; then
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST"
else
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH"
fi
_DEFAULT_CA_CONF="$CA_DIR/ca.conf" _DEFAULT_CA_CONF="$CA_DIR/ca.conf"
@ -6638,9 +6652,10 @@ _checkSudo() {
return 0 return 0
} }
#server #server #keylength
_selectServer() { _selectServer() {
_server="$1" _server="$1"
_skeylength="$2"
_server_lower="$(echo "$_server" | _lower_case)" _server_lower="$(echo "$_server" | _lower_case)"
_sindex=0 _sindex=0
for snames in $CA_NAMES; do for snames in $CA_NAMES; do
@ -6651,6 +6666,9 @@ _selectServer() {
if [ "$_server_lower" = "$sname" ]; then if [ "$_server_lower" = "$sname" ]; then
_debug2 "_selectServer match $sname" _debug2 "_selectServer match $sname"
_serverdir="$(_getfield "$CA_SERVERS" $_sindex)" _serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
if [ "$_serverdir" = "$CA_SSLCOM_RSA" ] && _isEccKey "$_skeylength"; then
_serverdir="$CA_SSLCOM_ECC"
fi
_debug "Selected server: $_serverdir" _debug "Selected server: $_serverdir"
ACME_DIRECTORY="$_serverdir" ACME_DIRECTORY="$_serverdir"
export ACME_DIRECTORY export ACME_DIRECTORY
@ -6882,7 +6900,6 @@ _process() {
;; ;;
--server) --server)
_server="$2" _server="$2"
_selectServer "$_server"
shift shift
;; ;;
--debug) --debug)
@ -6981,7 +6998,6 @@ _process() {
Le_DNSSleep="$_dnssleep" Le_DNSSleep="$_dnssleep"
shift shift
;; ;;
--keylength | -k) --keylength | -k)
_keylength="$2" _keylength="$2"
shift shift
@ -6990,7 +7006,6 @@ _process() {
_accountkeylength="$2" _accountkeylength="$2"
shift shift
;; ;;
--cert-file | --certpath) --cert-file | --certpath)
_cert_file="$2" _cert_file="$2"
shift shift
@ -7254,6 +7269,10 @@ _process() {
shift 1 shift 1
done done
if [ "$_server" ]; then
_selectServer "$_server" "${_ecc-:$_keylength}"
fi
if [ "${_CMD}" != "install" ]; then if [ "${_CMD}" != "install" ]; then
if [ "$__INTERACTIVE" ] && ! _checkSudo; then if [ "$__INTERACTIVE" ] && ! _checkSudo; then
if [ -z "$FORCE" ]; then if [ -z "$FORCE" ]; then