commit
8bcc19d91e
26
acme.sh
26
acme.sh
@ -347,7 +347,7 @@ _hasfield() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
_debug2 "'$_str' does not contain '$_field'"
|
_debug2 "'$_str' does not contain '$_field'"
|
||||||
return 1 #not contains
|
return 1 #not contains
|
||||||
}
|
}
|
||||||
|
|
||||||
_getfield() {
|
_getfield() {
|
||||||
@ -722,7 +722,7 @@ _url_encode() {
|
|||||||
"7e")
|
"7e")
|
||||||
printf "%s" "~"
|
printf "%s" "~"
|
||||||
;;
|
;;
|
||||||
#other hex
|
#other hex
|
||||||
*)
|
*)
|
||||||
printf '%%%s' "$_hex_code"
|
printf '%%%s' "$_hex_code"
|
||||||
;;
|
;;
|
||||||
@ -1025,7 +1025,7 @@ _createcsr() {
|
|||||||
else
|
else
|
||||||
alt="DNS:$domainlist"
|
alt="DNS:$domainlist"
|
||||||
fi
|
fi
|
||||||
#multi
|
#multi
|
||||||
_info "Multi domain" "$alt"
|
_info "Multi domain" "$alt"
|
||||||
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
|
||||||
fi
|
fi
|
||||||
@ -1093,7 +1093,7 @@ _readSubjectAltNamesFromCSR() {
|
|||||||
printf "%s" "$_dnsAltnames" | sed "s/DNS://g"
|
printf "%s" "$_dnsAltnames" | sed "s/DNS://g"
|
||||||
}
|
}
|
||||||
|
|
||||||
#_csrfile
|
#_csrfile
|
||||||
_readKeyLengthFromCSR() {
|
_readKeyLengthFromCSR() {
|
||||||
_csrfile="$1"
|
_csrfile="$1"
|
||||||
if [ -z "$_csrfile" ]; then
|
if [ -z "$_csrfile" ]; then
|
||||||
@ -1192,7 +1192,7 @@ toPkcs8() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[2048]
|
#[2048]
|
||||||
createAccountKey() {
|
createAccountKey() {
|
||||||
_info "Creating account key"
|
_info "Creating account key"
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
@ -2546,7 +2546,7 @@ _setNginx() {
|
|||||||
location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
|
location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
return 200 \"\$1.$_thumbpt\";
|
return 200 \"\$1.$_thumbpt\";
|
||||||
}
|
}
|
||||||
#NGINX_START
|
#NGINX_START
|
||||||
" >>"$FOUND_REAL_NGINX_CONF"
|
" >>"$FOUND_REAL_NGINX_CONF"
|
||||||
|
|
||||||
@ -3133,7 +3133,7 @@ __trigger_validation() {
|
|||||||
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
|
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
|
||||||
}
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
|
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ "
|
||||||
@ -3666,7 +3666,7 @@ issue() {
|
|||||||
|
|
||||||
#if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then
|
#if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then
|
||||||
# _debug "Get cert failed. Let's try last response."
|
# _debug "Get cert failed. Let's try last response."
|
||||||
# printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH"
|
# printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH"
|
||||||
#fi
|
#fi
|
||||||
|
|
||||||
if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then
|
if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then
|
||||||
@ -4807,7 +4807,7 @@ Commands:
|
|||||||
--create-domain-key Create an domain private key, professional use.
|
--create-domain-key Create an domain private key, professional use.
|
||||||
--createCSR, -ccsr Create CSR , professional use.
|
--createCSR, -ccsr Create CSR , professional use.
|
||||||
--deactivate Deactivate the domain authz, professional use.
|
--deactivate Deactivate the domain authz, professional use.
|
||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
||||||
--force, -f Used to force to install or force to renew a cert immediately.
|
--force, -f Used to force to install or force to renew a cert immediately.
|
||||||
@ -4821,20 +4821,20 @@ Parameters:
|
|||||||
--apache Use apache mode.
|
--apache Use apache mode.
|
||||||
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
||||||
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
||||||
|
|
||||||
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
|
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
|
||||||
--accountkeylength, -ak [2048] Specifies the account key length.
|
--accountkeylength, -ak [2048] Specifies the account key length.
|
||||||
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
|
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
|
||||||
--log-level 1|2 Specifies the log level, default is 1.
|
--log-level 1|2 Specifies the log level, default is 1.
|
||||||
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
|
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
|
||||||
|
|
||||||
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
|
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
|
||||||
|
|
||||||
--cert-file After issue/renew, the cert will be copied to this path.
|
--cert-file After issue/renew, the cert will be copied to this path.
|
||||||
--key-file After issue/renew, the key will be copied to this path.
|
--key-file After issue/renew, the key will be copied to this path.
|
||||||
--ca-file After issue/renew, the intermediate cert will be copied to this path.
|
--ca-file After issue/renew, the intermediate cert will be copied to this path.
|
||||||
--fullchain-file After issue/renew, the fullchain cert will be copied to this path.
|
--fullchain-file After issue/renew, the fullchain cert will be copied to this path.
|
||||||
|
|
||||||
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
|
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
|
||||||
|
|
||||||
--accountconf Specifies a customized account config file.
|
--accountconf Specifies a customized account config file.
|
||||||
|
@ -53,7 +53,7 @@ dns_freedns_add() {
|
|||||||
i="$(_math "$i" - 1)"
|
i="$(_math "$i" - 1)"
|
||||||
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not return the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
# returns the correct subdomain page. So, we will try twice to
|
# returns the correct subdomain page. So, we will try twice to
|
||||||
@ -72,7 +72,7 @@ dns_freedns_add() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Now convert the tables in the HTML to CSV. This litte gem from
|
# Now convert the tables in the HTML to CSV. This litte gem from
|
||||||
# http://stackoverflow.com/questions/1403087/how-can-i-convert-an-html-table-to-csv
|
# http://stackoverflow.com/questions/1403087/how-can-i-convert-an-html-table-to-csv
|
||||||
subdomain_csv="$(echo "$htmlpage" \
|
subdomain_csv="$(echo "$htmlpage" \
|
||||||
| grep -i -e '</\?TABLE\|</\?TD\|</\?TR\|</\?TH' \
|
| grep -i -e '</\?TABLE\|</\?TD\|</\?TR\|</\?TH' \
|
||||||
| sed 's/^[\ \t]*//g' \
|
| sed 's/^[\ \t]*//g' \
|
||||||
@ -196,7 +196,7 @@ dns_freedns_rm() {
|
|||||||
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
||||||
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not return the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
# returns the correct subdomain page. So, we will try twice to
|
# returns the correct subdomain page. So, we will try twice to
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
#'ovh-eu'
|
#'ovh-eu'
|
||||||
OVH_EU='https://eu.api.ovh.com/1.0'
|
OVH_EU='https://eu.api.ovh.com/1.0'
|
||||||
|
|
||||||
#'ovh-ca':
|
#'ovh-ca':
|
||||||
OVH_CA='https://ca.api.ovh.com/1.0'
|
OVH_CA='https://ca.api.ovh.com/1.0'
|
||||||
|
|
||||||
#'kimsufi-eu'
|
#'kimsufi-eu'
|
||||||
|
Loading…
Reference in New Issue
Block a user