commit
e66b4d5390
@ -329,7 +329,7 @@ Just set the `length` parameter with a prefix `ec-`.
|
||||
|
||||
For example:
|
||||
|
||||
### Single domain ECC cerfiticate
|
||||
### Single domain ECC certificate
|
||||
|
||||
```bash
|
||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
||||
|
24
acme.sh
24
acme.sh
@ -879,7 +879,7 @@ _sign() {
|
||||
if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then
|
||||
_err "Sign failed: $_sign_openssl"
|
||||
_err "Key file: $keyfile"
|
||||
_err "Key content:$(wc -l <"$keyfile") lises"
|
||||
_err "Key content:$(wc -l <"$keyfile") lines"
|
||||
return 1
|
||||
fi
|
||||
_debug3 "_signedECText" "$_signedECText"
|
||||
@ -2258,16 +2258,16 @@ _initpath() {
|
||||
fi
|
||||
|
||||
if [ -z "$TLS_CONF" ]; then
|
||||
TLS_CONF="$DOMAIN_PATH/tls.valdation.conf"
|
||||
TLS_CONF="$DOMAIN_PATH/tls.validation.conf"
|
||||
fi
|
||||
if [ -z "$TLS_CERT" ]; then
|
||||
TLS_CERT="$DOMAIN_PATH/tls.valdation.cert"
|
||||
TLS_CERT="$DOMAIN_PATH/tls.validation.cert"
|
||||
fi
|
||||
if [ -z "$TLS_KEY" ]; then
|
||||
TLS_KEY="$DOMAIN_PATH/tls.valdation.key"
|
||||
TLS_KEY="$DOMAIN_PATH/tls.validation.key"
|
||||
fi
|
||||
if [ -z "$TLS_CSR" ]; then
|
||||
TLS_CSR="$DOMAIN_PATH/tls.valdation.csr"
|
||||
TLS_CSR="$DOMAIN_PATH/tls.validation.csr"
|
||||
fi
|
||||
|
||||
}
|
||||
@ -2385,7 +2385,7 @@ _setApache() {
|
||||
_debug "Backup apache config file" "$httpdconf"
|
||||
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
|
||||
_err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
|
||||
_err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT"
|
||||
_err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT"
|
||||
return 1
|
||||
fi
|
||||
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
||||
@ -2883,7 +2883,7 @@ _on_issue_err() {
|
||||
uri=$(echo "$ventry" | cut -d "$sep" -f 3)
|
||||
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
|
||||
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
|
||||
__trigger_validaton "$uri" "$keyauthorization"
|
||||
__trigger_validation "$uri" "$keyauthorization"
|
||||
done
|
||||
)
|
||||
fi
|
||||
@ -3105,7 +3105,7 @@ __get_domain_new_authz() {
|
||||
}
|
||||
|
||||
#uri keyAuthorization
|
||||
__trigger_validaton() {
|
||||
__trigger_validation() {
|
||||
_debug2 "tigger domain validation."
|
||||
_t_url="$1"
|
||||
_debug2 _t_url "$_t_url"
|
||||
@ -3490,7 +3490,7 @@ issue() {
|
||||
_exec_err >/dev/null 2>&1
|
||||
fi
|
||||
else
|
||||
_debug "not chaning owner/group of webroot"
|
||||
_debug "not changing owner/group of webroot"
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -3531,7 +3531,7 @@ issue() {
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! __trigger_validaton "$uri" "$keyauthorization"; then
|
||||
if ! __trigger_validation "$uri" "$keyauthorization"; then
|
||||
_err "$d:Can not get challenge: $response"
|
||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||
_clearup
|
||||
@ -4806,13 +4806,13 @@ Parameters:
|
||||
--listraw Only used for '--list' command, list the certs in raw format.
|
||||
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
||||
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
||||
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
|
||||
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
|
||||
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
||||
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
||||
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
||||
--csr Specifies the input csr.
|
||||
--pre-hook Command to be run before obtaining any certificates.
|
||||
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
|
||||
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
|
||||
--renew-hook Command to be run once for each successfully renewed certificate.
|
||||
--deploy-hook The hook file to deploy cert
|
||||
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
|
||||
|
@ -79,7 +79,7 @@ exim4_deploy() {
|
||||
_info "Restore conf success"
|
||||
eval "$_reload"
|
||||
else
|
||||
_err "Opps, error restore exim4 conf, please report bug to us."
|
||||
_err "Oops, error restore exim4 conf, please report bug to us."
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
@ -105,7 +105,7 @@ exim4_deploy() {
|
||||
_info "Restore conf success"
|
||||
eval "$_reload"
|
||||
else
|
||||
_err "Opps, error restore exim4 conf, please report bug to us."
|
||||
_err "Oops, error restore exim4 conf, please report bug to us."
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
|
@ -43,7 +43,7 @@ kong_deploy() {
|
||||
#Save kong url if it's succesful (First run case)
|
||||
_saveaccountconf KONG_URL "$KONG_URL"
|
||||
#Generate DEIM
|
||||
delim="-----MultipartDelimeter$(date "+%s%N")"
|
||||
delim="-----MultipartDelimiter$(date "+%s%N")"
|
||||
nl="\015\012"
|
||||
#Set Header
|
||||
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||
@ -72,7 +72,7 @@ kong_deploy() {
|
||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
||||
fi
|
||||
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
||||
_err "An error occured with cert upload. Check response:"
|
||||
_err "An error occurred with cert upload. Check response:"
|
||||
_err "$response"
|
||||
return 1
|
||||
fi
|
||||
|
@ -76,7 +76,7 @@ vsftpd_deploy() {
|
||||
_info "Restore conf success"
|
||||
eval "$_reload"
|
||||
else
|
||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
||||
_err "Oops, error restore vsftpd conf, please report bug to us."
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
@ -102,7 +102,7 @@ vsftpd_deploy() {
|
||||
_info "Restore conf success"
|
||||
eval "$_reload"
|
||||
else
|
||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
||||
_err "Oops, error restore vsftpd conf, please report bug to us."
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
|
@ -302,7 +302,7 @@ acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
|
||||
you create under a FreeDNS public domain. You must own the top level domain in order to automaitcally
|
||||
you create under a FreeDNS public domain. You must own the top level domain in order to automatically
|
||||
validate with acme.sh at FreeDNS.
|
||||
|
||||
## 16. Use cyon.ch
|
||||
|
@ -50,7 +50,7 @@ _cyon_load_credentials() {
|
||||
fi
|
||||
|
||||
if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then
|
||||
# Dummy entries to satify script checker.
|
||||
# Dummy entries to satisfy script checker.
|
||||
CY_Username=""
|
||||
CY_Password=""
|
||||
CY_OTP_Secret=""
|
||||
|
@ -158,7 +158,7 @@ _get_base_domain() {
|
||||
export _H2="Authorization: Bearer $DO_API_KEY"
|
||||
_debug DO_API_KEY "$DO_API_KEY"
|
||||
## get URL for the list of domains
|
||||
## havent seen this request paginated, tested with 18 domains (more requres manual requests with DO)
|
||||
## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO)
|
||||
DOMURL="https://api.digitalocean.com/v2/domains"
|
||||
|
||||
## get the domain list (DO gives basically a full XFER!)
|
||||
|
@ -10,7 +10,7 @@
|
||||
#
|
||||
######## Public functions #####################
|
||||
|
||||
# Export FreeDNS userid and password in folowing variables...
|
||||
# Export FreeDNS userid and password in following variables...
|
||||
# FREEDNS_User=username
|
||||
# FREEDNS_Password=password
|
||||
# login cookie is saved in acme account config file so userid / pw
|
||||
@ -53,7 +53,7 @@ dns_freedns_add() {
|
||||
i="$(_math "$i" - 1)"
|
||||
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
||||
|
||||
# Sometimes FreeDNS does not reurn the subdomain page but rather
|
||||
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||
# returns a page regarding becoming a premium member. This usually
|
||||
# happens after a period of inactivity. Immediately trying again
|
||||
# returns the correct subdomain page. So, we will try twice to
|
||||
@ -65,7 +65,7 @@ dns_freedns_add() {
|
||||
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
||||
if [ "$?" != "0" ]; then
|
||||
if [ "$using_cached_cookies" = "true" ]; then
|
||||
_err "Has your FreeDNS username and password channged? If so..."
|
||||
_err "Has your FreeDNS username and password changed? If so..."
|
||||
_err "Please export as FREEDNS_User / FREEDNS_Password and try again."
|
||||
fi
|
||||
return 1
|
||||
@ -112,7 +112,7 @@ dns_freedns_add() {
|
||||
# not produce accurate results as the value field is truncated
|
||||
# on this webpage. To get full value we would need to load
|
||||
# another page. However we don't really need this so long as
|
||||
# there is only one TXT record for the acme chalenge subdomain.
|
||||
# there is only one TXT record for the acme challenge subdomain.
|
||||
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')"
|
||||
if [ $found != 0 ]; then
|
||||
break
|
||||
@ -192,11 +192,11 @@ dns_freedns_rm() {
|
||||
|
||||
# Need to read cookie from conf file again in case new value set
|
||||
# during login to FreeDNS when TXT record was created.
|
||||
# acme.sh does not have a _readaccountconf() fuction
|
||||
# acme.sh does not have a _readaccountconf() function
|
||||
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
||||
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
||||
|
||||
# Sometimes FreeDNS does not reurn the subdomain page but rather
|
||||
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||
# returns a page regarding becoming a premium member. This usually
|
||||
# happens after a period of inactivity. Immediately trying again
|
||||
# returns the correct subdomain page. So, we will try twice to
|
||||
@ -302,12 +302,12 @@ _freedns_retrieve_subdomain_page() {
|
||||
export _H2="Accept-Language:en-US"
|
||||
url="https://freedns.afraid.org/subdomain/"
|
||||
|
||||
_debug "Retrieve subdmoain page from FreeDNS"
|
||||
_debug "Retrieve subdomain page from FreeDNS"
|
||||
|
||||
htmlpage="$(_get "$url")"
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "FreeDNS retrieve subdomins failed bad RC from _get"
|
||||
_err "FreeDNS retrieve subdomains failed bad RC from _get"
|
||||
return 1
|
||||
elif [ -z "$htmlpage" ]; then
|
||||
_err "FreeDNS returned empty subdomain page"
|
||||
@ -341,7 +341,7 @@ _freedns_add_txt_record() {
|
||||
return 1
|
||||
elif _contains "$htmlpage" "security code was incorrect"; then
|
||||
_debug "$htmlpage"
|
||||
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested seurity code"
|
||||
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
|
||||
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
||||
return 1
|
||||
fi
|
||||
|
@ -19,7 +19,7 @@ dns_gandi_livedns_add() {
|
||||
txtvalue=$2
|
||||
|
||||
if [ -z "$GANDI_LIVEDNS_KEY" ]; then
|
||||
_err "No API key specifed for Gandi LiveDNS."
|
||||
_err "No API key specified for Gandi LiveDNS."
|
||||
_err "Create your key and export it as GANDI_LIVEDNS_KEY"
|
||||
return 1
|
||||
fi
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#Applcation Key
|
||||
#Application Key
|
||||
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
#
|
||||
#Application Secret
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#PowerDNS Emdedded API
|
||||
#PowerDNS Embedded API
|
||||
#https://doc.powerdns.com/md/httpapi/api_spec/
|
||||
#
|
||||
#PDNS_Url="http://ns.example.com:8081"
|
||||
|
Loading…
Reference in New Issue
Block a user