commit
c70681712d
@ -257,7 +257,7 @@ acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
|
||||
|
||||
**This apache mode is only to issue the cert, it will not change your apache config files.
|
||||
You will need to configure your website config files to use the cert by yourself.
|
||||
We don't want to mess your apache server, don't worry.**
|
||||
We don't want to mess with your apache server, don't worry.**
|
||||
|
||||
More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
|
||||
|
||||
@ -281,7 +281,7 @@ acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
|
||||
|
||||
**This nginx mode is only to issue the cert, it will not change your nginx config files.
|
||||
You will need to configure your website config files to use the cert by yourself.
|
||||
We don't want to mess your nginx server, don't worry.**
|
||||
We don't want to mess with your nginx server, don't worry.**
|
||||
|
||||
More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
|
||||
|
||||
|
2
acme.sh
2
acme.sh
@ -207,7 +207,7 @@ _dlg_versions() {
|
||||
|
||||
echo "socat:"
|
||||
if _exists "socat"; then
|
||||
socat -h 2>&1
|
||||
socat -V 2>&1
|
||||
else
|
||||
_debug "socat doesn't exists."
|
||||
fi
|
||||
|
@ -208,33 +208,37 @@ haproxy_deploy() {
|
||||
_issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||
_debug _issuerdn "${_issuerdn}"
|
||||
_info "Requesting OCSP response"
|
||||
# Request the OCSP response from the issuer and store it
|
||||
if [ "${_subjectdn}" = "${_issuerdn}" ]; then
|
||||
# If the issuer is a CA cert then our command line has "-CAfile" added
|
||||
openssl ocsp \
|
||||
-issuer "${_issuer}" \
|
||||
-cert "${_pem}" \
|
||||
-url "${_ocsp_url}" \
|
||||
-header Host "${_ocsp_host}" \
|
||||
-respout "${_ocsp}" \
|
||||
-verify_other "${_issuer}" \
|
||||
-no_nonce \
|
||||
-CAfile "${_issuer}" \
|
||||
| grep -q "${_pem}: good"
|
||||
_ret=$?
|
||||
if [ "${_subjectdn}" = "${_issuerdn}" ]; then
|
||||
_cafile_argument="-CAfile \"${_issuer}\""
|
||||
else
|
||||
# Issuer is not a root CA so no "-CAfile" option
|
||||
openssl ocsp \
|
||||
-issuer "${_issuer}" \
|
||||
-cert "${_pem}" \
|
||||
-url "${_ocsp_url}" \
|
||||
-header Host "${_ocsp_host}" \
|
||||
-respout "${_ocsp}" \
|
||||
-verify_other "${_issuer}" \
|
||||
-no_nonce \
|
||||
| grep -q "${_pem}: good"
|
||||
_ret=$?
|
||||
_cafile_argument=""
|
||||
fi
|
||||
_debug _cafile_argument "${_cafile_argument}"
|
||||
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
|
||||
_openssl_version=$(openssl version | cut -d' ' -f2)
|
||||
_debug _openssl_version "${_openssl_version}"
|
||||
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
|
||||
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
|
||||
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then
|
||||
_header_sep="="
|
||||
else
|
||||
_header_sep=" "
|
||||
fi
|
||||
# Request the OCSP response from the issuer and store it
|
||||
_openssl_ocsp_cmd="openssl ocsp \
|
||||
-issuer \"${_issuer}\" \
|
||||
-cert \"${_pem}\" \
|
||||
-url \"${_ocsp_url}\" \
|
||||
-header Host${_header_sep}\"${_ocsp_host}\" \
|
||||
-respout \"${_ocsp}\" \
|
||||
-verify_other \"${_issuer}\" \
|
||||
-no_nonce \
|
||||
${_cafile_argument} \
|
||||
| grep -q \"${_pem}: good\""
|
||||
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}"
|
||||
eval "${_openssl_ocsp_cmd}"
|
||||
_ret=$?
|
||||
else
|
||||
# Non fatal: No issuer file was present so no OCSP stapling file created
|
||||
_err "OCSP stapling in use but no .issuer file was present"
|
||||
|
@ -7,6 +7,7 @@
|
||||
|
||||
#CF_Token="xxxx"
|
||||
#CF_Account_ID="xxxx"
|
||||
#CF_Zone_ID="xxxx"
|
||||
|
||||
CF_Api="https://api.cloudflare.com/client/v4"
|
||||
|
||||
@ -19,12 +20,14 @@ dns_cf_add() {
|
||||
|
||||
CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
|
||||
CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
|
||||
CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
|
||||
CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
|
||||
CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
|
||||
|
||||
if [ "$CF_Token" ]; then
|
||||
_saveaccountconf_mutable CF_Token "$CF_Token"
|
||||
_saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
|
||||
_saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID"
|
||||
else
|
||||
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
||||
CF_Key=""
|
||||
@ -141,6 +144,28 @@ _get_root() {
|
||||
domain=$1
|
||||
i=1
|
||||
p=1
|
||||
|
||||
# Use Zone ID directly if provided
|
||||
if [ "$CF_Zone_ID" ]; then
|
||||
if ! _cf_rest GET "zones/$CF_Zone_ID"; then
|
||||
return 1
|
||||
else
|
||||
if _contains "$response" '"success":true'; then
|
||||
_domain=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
|
||||
if [ "$_domain" ]; then
|
||||
_cutlength=$((${#domain} - ${#_domain} - 1))
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
|
||||
_domain_id=$CF_Zone_ID
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
_debug h "$h"
|
||||
|
Loading…
Reference in New Issue
Block a user