commit
e66b4d5390
@ -329,7 +329,7 @@ Just set the `length` parameter with a prefix `ec-`.
|
|||||||
|
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
### Single domain ECC cerfiticate
|
### Single domain ECC certificate
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
|
||||||
|
24
acme.sh
24
acme.sh
@ -879,7 +879,7 @@ _sign() {
|
|||||||
if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then
|
if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then
|
||||||
_err "Sign failed: $_sign_openssl"
|
_err "Sign failed: $_sign_openssl"
|
||||||
_err "Key file: $keyfile"
|
_err "Key file: $keyfile"
|
||||||
_err "Key content:$(wc -l <"$keyfile") lises"
|
_err "Key content:$(wc -l <"$keyfile") lines"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_debug3 "_signedECText" "$_signedECText"
|
_debug3 "_signedECText" "$_signedECText"
|
||||||
@ -2258,16 +2258,16 @@ _initpath() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$TLS_CONF" ]; then
|
if [ -z "$TLS_CONF" ]; then
|
||||||
TLS_CONF="$DOMAIN_PATH/tls.valdation.conf"
|
TLS_CONF="$DOMAIN_PATH/tls.validation.conf"
|
||||||
fi
|
fi
|
||||||
if [ -z "$TLS_CERT" ]; then
|
if [ -z "$TLS_CERT" ]; then
|
||||||
TLS_CERT="$DOMAIN_PATH/tls.valdation.cert"
|
TLS_CERT="$DOMAIN_PATH/tls.validation.cert"
|
||||||
fi
|
fi
|
||||||
if [ -z "$TLS_KEY" ]; then
|
if [ -z "$TLS_KEY" ]; then
|
||||||
TLS_KEY="$DOMAIN_PATH/tls.valdation.key"
|
TLS_KEY="$DOMAIN_PATH/tls.validation.key"
|
||||||
fi
|
fi
|
||||||
if [ -z "$TLS_CSR" ]; then
|
if [ -z "$TLS_CSR" ]; then
|
||||||
TLS_CSR="$DOMAIN_PATH/tls.valdation.csr"
|
TLS_CSR="$DOMAIN_PATH/tls.validation.csr"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -2385,7 +2385,7 @@ _setApache() {
|
|||||||
_debug "Backup apache config file" "$httpdconf"
|
_debug "Backup apache config file" "$httpdconf"
|
||||||
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
|
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
|
||||||
_err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
|
_err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
|
||||||
_err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT"
|
_err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
|
||||||
@ -2883,7 +2883,7 @@ _on_issue_err() {
|
|||||||
uri=$(echo "$ventry" | cut -d "$sep" -f 3)
|
uri=$(echo "$ventry" | cut -d "$sep" -f 3)
|
||||||
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
|
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
|
||||||
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
|
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
|
||||||
__trigger_validaton "$uri" "$keyauthorization"
|
__trigger_validation "$uri" "$keyauthorization"
|
||||||
done
|
done
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
@ -3105,7 +3105,7 @@ __get_domain_new_authz() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#uri keyAuthorization
|
#uri keyAuthorization
|
||||||
__trigger_validaton() {
|
__trigger_validation() {
|
||||||
_debug2 "tigger domain validation."
|
_debug2 "tigger domain validation."
|
||||||
_t_url="$1"
|
_t_url="$1"
|
||||||
_debug2 _t_url "$_t_url"
|
_debug2 _t_url "$_t_url"
|
||||||
@ -3490,7 +3490,7 @@ issue() {
|
|||||||
_exec_err >/dev/null 2>&1
|
_exec_err >/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_debug "not chaning owner/group of webroot"
|
_debug "not changing owner/group of webroot"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -3531,7 +3531,7 @@ issue() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! __trigger_validaton "$uri" "$keyauthorization"; then
|
if ! __trigger_validation "$uri" "$keyauthorization"; then
|
||||||
_err "$d:Can not get challenge: $response"
|
_err "$d:Can not get challenge: $response"
|
||||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
@ -4806,13 +4806,13 @@ Parameters:
|
|||||||
--listraw Only used for '--list' command, list the certs in raw format.
|
--listraw Only used for '--list' command, list the certs in raw format.
|
||||||
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
||||||
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
||||||
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
|
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
|
||||||
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
||||||
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
||||||
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
||||||
--csr Specifies the input csr.
|
--csr Specifies the input csr.
|
||||||
--pre-hook Command to be run before obtaining any certificates.
|
--pre-hook Command to be run before obtaining any certificates.
|
||||||
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
|
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed.
|
||||||
--renew-hook Command to be run once for each successfully renewed certificate.
|
--renew-hook Command to be run once for each successfully renewed certificate.
|
||||||
--deploy-hook The hook file to deploy cert
|
--deploy-hook The hook file to deploy cert
|
||||||
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
|
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
|
||||||
|
@ -79,7 +79,7 @@ exim4_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore exim4 conf, please report bug to us."
|
_err "Oops, error restore exim4 conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -105,7 +105,7 @@ exim4_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore exim4 conf, please report bug to us."
|
_err "Oops, error restore exim4 conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -43,7 +43,7 @@ kong_deploy() {
|
|||||||
#Save kong url if it's succesful (First run case)
|
#Save kong url if it's succesful (First run case)
|
||||||
_saveaccountconf KONG_URL "$KONG_URL"
|
_saveaccountconf KONG_URL "$KONG_URL"
|
||||||
#Generate DEIM
|
#Generate DEIM
|
||||||
delim="-----MultipartDelimeter$(date "+%s%N")"
|
delim="-----MultipartDelimiter$(date "+%s%N")"
|
||||||
nl="\015\012"
|
nl="\015\012"
|
||||||
#Set Header
|
#Set Header
|
||||||
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||||
@ -72,7 +72,7 @@ kong_deploy() {
|
|||||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
||||||
fi
|
fi
|
||||||
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
||||||
_err "An error occured with cert upload. Check response:"
|
_err "An error occurred with cert upload. Check response:"
|
||||||
_err "$response"
|
_err "$response"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -76,7 +76,7 @@ vsftpd_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
_err "Oops, error restore vsftpd conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -102,7 +102,7 @@ vsftpd_deploy() {
|
|||||||
_info "Restore conf success"
|
_info "Restore conf success"
|
||||||
eval "$_reload"
|
eval "$_reload"
|
||||||
else
|
else
|
||||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
_err "Oops, error restore vsftpd conf, please report bug to us."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -302,7 +302,7 @@ acme.sh --issue --dns dns_freedns -d example.com -d www.example.com
|
|||||||
```
|
```
|
||||||
|
|
||||||
Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
|
Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that
|
||||||
you create under a FreeDNS public domain. You must own the top level domain in order to automaitcally
|
you create under a FreeDNS public domain. You must own the top level domain in order to automatically
|
||||||
validate with acme.sh at FreeDNS.
|
validate with acme.sh at FreeDNS.
|
||||||
|
|
||||||
## 16. Use cyon.ch
|
## 16. Use cyon.ch
|
||||||
|
@ -50,7 +50,7 @@ _cyon_load_credentials() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then
|
if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then
|
||||||
# Dummy entries to satify script checker.
|
# Dummy entries to satisfy script checker.
|
||||||
CY_Username=""
|
CY_Username=""
|
||||||
CY_Password=""
|
CY_Password=""
|
||||||
CY_OTP_Secret=""
|
CY_OTP_Secret=""
|
||||||
|
@ -158,7 +158,7 @@ _get_base_domain() {
|
|||||||
export _H2="Authorization: Bearer $DO_API_KEY"
|
export _H2="Authorization: Bearer $DO_API_KEY"
|
||||||
_debug DO_API_KEY "$DO_API_KEY"
|
_debug DO_API_KEY "$DO_API_KEY"
|
||||||
## get URL for the list of domains
|
## get URL for the list of domains
|
||||||
## havent seen this request paginated, tested with 18 domains (more requres manual requests with DO)
|
## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO)
|
||||||
DOMURL="https://api.digitalocean.com/v2/domains"
|
DOMURL="https://api.digitalocean.com/v2/domains"
|
||||||
|
|
||||||
## get the domain list (DO gives basically a full XFER!)
|
## get the domain list (DO gives basically a full XFER!)
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
#
|
#
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
|
|
||||||
# Export FreeDNS userid and password in folowing variables...
|
# Export FreeDNS userid and password in following variables...
|
||||||
# FREEDNS_User=username
|
# FREEDNS_User=username
|
||||||
# FREEDNS_Password=password
|
# FREEDNS_Password=password
|
||||||
# login cookie is saved in acme account config file so userid / pw
|
# login cookie is saved in acme account config file so userid / pw
|
||||||
@ -53,7 +53,7 @@ dns_freedns_add() {
|
|||||||
i="$(_math "$i" - 1)"
|
i="$(_math "$i" - 1)"
|
||||||
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not reurn the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
# returns the correct subdomain page. So, we will try twice to
|
# returns the correct subdomain page. So, we will try twice to
|
||||||
@ -65,7 +65,7 @@ dns_freedns_add() {
|
|||||||
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
if [ "$using_cached_cookies" = "true" ]; then
|
if [ "$using_cached_cookies" = "true" ]; then
|
||||||
_err "Has your FreeDNS username and password channged? If so..."
|
_err "Has your FreeDNS username and password changed? If so..."
|
||||||
_err "Please export as FREEDNS_User / FREEDNS_Password and try again."
|
_err "Please export as FREEDNS_User / FREEDNS_Password and try again."
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
@ -112,7 +112,7 @@ dns_freedns_add() {
|
|||||||
# not produce accurate results as the value field is truncated
|
# not produce accurate results as the value field is truncated
|
||||||
# on this webpage. To get full value we would need to load
|
# on this webpage. To get full value we would need to load
|
||||||
# another page. However we don't really need this so long as
|
# another page. However we don't really need this so long as
|
||||||
# there is only one TXT record for the acme chalenge subdomain.
|
# there is only one TXT record for the acme challenge subdomain.
|
||||||
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')"
|
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')"
|
||||||
if [ $found != 0 ]; then
|
if [ $found != 0 ]; then
|
||||||
break
|
break
|
||||||
@ -192,11 +192,11 @@ dns_freedns_rm() {
|
|||||||
|
|
||||||
# Need to read cookie from conf file again in case new value set
|
# Need to read cookie from conf file again in case new value set
|
||||||
# during login to FreeDNS when TXT record was created.
|
# during login to FreeDNS when TXT record was created.
|
||||||
# acme.sh does not have a _readaccountconf() fuction
|
# acme.sh does not have a _readaccountconf() function
|
||||||
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")"
|
||||||
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
_debug "FreeDNS login cookies: $FREEDNS_COOKIE"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not reurn the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
# returns the correct subdomain page. So, we will try twice to
|
# returns the correct subdomain page. So, we will try twice to
|
||||||
@ -302,12 +302,12 @@ _freedns_retrieve_subdomain_page() {
|
|||||||
export _H2="Accept-Language:en-US"
|
export _H2="Accept-Language:en-US"
|
||||||
url="https://freedns.afraid.org/subdomain/"
|
url="https://freedns.afraid.org/subdomain/"
|
||||||
|
|
||||||
_debug "Retrieve subdmoain page from FreeDNS"
|
_debug "Retrieve subdomain page from FreeDNS"
|
||||||
|
|
||||||
htmlpage="$(_get "$url")"
|
htmlpage="$(_get "$url")"
|
||||||
|
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
_err "FreeDNS retrieve subdomins failed bad RC from _get"
|
_err "FreeDNS retrieve subdomains failed bad RC from _get"
|
||||||
return 1
|
return 1
|
||||||
elif [ -z "$htmlpage" ]; then
|
elif [ -z "$htmlpage" ]; then
|
||||||
_err "FreeDNS returned empty subdomain page"
|
_err "FreeDNS returned empty subdomain page"
|
||||||
@ -341,7 +341,7 @@ _freedns_add_txt_record() {
|
|||||||
return 1
|
return 1
|
||||||
elif _contains "$htmlpage" "security code was incorrect"; then
|
elif _contains "$htmlpage" "security code was incorrect"; then
|
||||||
_debug "$htmlpage"
|
_debug "$htmlpage"
|
||||||
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested seurity code"
|
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
|
||||||
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -19,7 +19,7 @@ dns_gandi_livedns_add() {
|
|||||||
txtvalue=$2
|
txtvalue=$2
|
||||||
|
|
||||||
if [ -z "$GANDI_LIVEDNS_KEY" ]; then
|
if [ -z "$GANDI_LIVEDNS_KEY" ]; then
|
||||||
_err "No API key specifed for Gandi LiveDNS."
|
_err "No API key specified for Gandi LiveDNS."
|
||||||
_err "Create your key and export it as GANDI_LIVEDNS_KEY"
|
_err "Create your key and export it as GANDI_LIVEDNS_KEY"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
#Applcation Key
|
#Application Key
|
||||||
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||||
#
|
#
|
||||||
#Application Secret
|
#Application Secret
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
#PowerDNS Emdedded API
|
#PowerDNS Embedded API
|
||||||
#https://doc.powerdns.com/md/httpapi/api_spec/
|
#https://doc.powerdns.com/md/httpapi/api_spec/
|
||||||
#
|
#
|
||||||
#PDNS_Url="http://ns.example.com:8081"
|
#PDNS_Url="http://ns.example.com:8081"
|
||||||
|
Loading…
Reference in New Issue
Block a user