Commit Graph

538 Commits

Author SHA1 Message Date
Jan-Philipp Benecke
d853a9ebbe
Make uploading cert to subaccount possible 2021-03-30 09:13:32 +02:00
Christophe Le Guern
cc90f83463
Use 'vault kv put' instead of 'vault write'
When using vault_cli with a kv2 path, it isn't working. I have the following error:
```
WARNING! The following warnings were returned from Vault:                                                                                                                                                                                     
                                                                                                                                                                                                                                              
  * Invalid path for a versioned K/V secrets engine. See the API docs for the                                                                                                                                                                 
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'                                                                                                                                                                
  for this operation.                                                                                                                                                                                                                         
```
The new way to write data  is to use `vault kv put`, it is compatible with kv1 and kv2.
Ref: https://www.vaultproject.io/docs/commands#reading-and-writing-data
```
The original version of K/V used the common read and write operations. A more advanced K/V Version 2 engine was released in Vault 0.10 and introduced the kv get and kv put commands.
```
2021-03-29 15:10:14 +02:00
Jan-Philipp Benecke
1530abbd1a
Make uploading cert to subaccount possible 2021-03-26 15:37:12 +01:00
F-Plass
4bb8e3a121 Update truenas.sh
-error handling
2021-02-21 22:48:31 +01:00
F-Plass
eacc00f786 Update truenas.sh
- check if curl exists
- check if wget exist, then errortext and exit scipt
- _get command "restartUI"  wirh info about curl error 52
2021-02-21 22:42:24 +01:00
Mike Edmunds
bf8c33703c
Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions
2021-02-15 15:01:21 +08:00
F-Plass
93fd6170a3 Update truenas.sh 2021-02-13 12:38:57 +01:00
F-Plass
6f4c5fcc87 Update truenas.sh 2021-02-07 21:25:49 +01:00
F-Plass
a7ca010d4e Update truenas.sh 2021-02-07 21:24:06 +01:00
F-Plass
a836842a7e Update truenas.sh 2021-02-07 21:20:56 +01:00
F-Plass
f8c11a324a Update truenas.sh 2021-02-07 19:19:04 +01:00
F-Plass
052c9be111 Update truenas.sh 2021-02-07 19:12:39 +01:00
F-Plass
854e520528 Update truenas.sh 2021-02-07 19:02:03 +01:00
F-Plass
05737b85eb Update truenas.sh 2021-02-07 18:47:04 +01:00
F-Plass
c8a2308739 Update truenas.sh 2021-02-07 18:42:48 +01:00
F-Plass
ed46a078f9 Update truenas.sh 2021-02-07 16:35:51 +01:00
F-Plass
4f7c2bf8c3 Update truenas.sh 2021-02-07 16:12:24 +01:00
F-Plass
0e341726d2
Edits after DoShellcheck 2021-02-06 23:20:52 +01:00
F-Plass
a4f9746d3a
Danksagung an danb35 2021-02-06 23:03:07 +01:00
F-Plass
556c546b2e
Deploy Scipt for TrueNAs Server
acme .sh deploy Scipt for TrueNAS Server that uses the REST API from TrueNAS.

- Authentification with API Key
- If HTTP redirect is configured, automatik switch to HTTPS
- If WebDAV Certificate is the same as Web UI Certificate, Webdav Certificate get also an updated
- If FTP Certificate is the same as Web UI Certificate, FTP Certificate get also an updated
2021-02-06 22:48:25 +01:00
neil
62c776d90c
Merge pull request #3343 from markchalloner/master
Add Peplink deploy hook
2021-01-16 13:26:43 +08:00
Mark Challoner
61549b4a74 Add Peplink deploy hook 2021-01-13 20:37:05 +00:00
tyahin
7ed7a57d92 deploy gcore_cdn fix syntax 2021-01-10 12:44:56 +03:00
tyahin
1eaf7c89b7 deploy gcore_cdn fix api 2021-01-10 12:39:20 +03:00
tyahin
1fff8dd306 deploy gcore_cdn fix auth 2021-01-10 12:39:12 +03:00
neil
54195b16ad
Merge pull request #3299 from tresni/synology_dsm
Add DSM7 support to synology_dsm deployhook
2020-12-22 22:45:22 +08:00
neil
15fb47cb3d fix https://github.com/acmesh-official/acme.sh/issues/3300 2020-12-10 20:22:14 +08:00
Brian Hartvigsen
2635dfef96
Shellcheck linting
Also removed unused code
2020-12-09 21:01:44 -07:00
Brian Hartvigsen
7d7789ae96
Support DSM 6 and 7
Small changes for DSM 6:

All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params
enable_syno_token=yes must be in both the GET and POST params.
If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work.
Need to use /webapi/auth.cgi instead of /webapi/entry.cgi
Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850
2020-12-09 20:35:50 -07:00
Thijn
cc69285420
Fix synology_dsm deployhook for DSM 7 2020-12-09 19:47:31 -07:00
Brian Hartvigsen
99d3a283ef
Use POST for login
This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.)  HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
2020-12-09 19:44:14 -07:00
neil
8440d013f8 fix 2020-12-07 22:01:30 +08:00
neil
174c87a192 fix 2020-12-07 21:42:31 +08:00
neil
32b62d6d4f fix 2020-12-07 21:41:08 +08:00
Christian Burmeister
2bc627970e
Update mailcow.sh
I have modified the following things:

    Originally, "/data/assets/ssl/" is always appended to the varialbe ${_mailcow_path}. Since I use acme.sh as docker container, I only want to include the mailcow-ssl directory in the acem.sh container and not the complete mailcow directory. So now it is checked if the file generate_config.sh is in the directory (then it is the mailcow root directory, see https://github.com/mailcow/mailcow-dockerized) and only then "/data/assets/ssl/" is appended, in all other cases the passed variable is taken over unchanged.

    Because of the RP mailcow/mailcow-dockerized#2443 I have extended the script with ECC certificates.

    I adapted the reboot commands as described in the mailcow manual (https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#how-to-use-your-own-certificate).
2020-12-01 20:30:56 +01:00
neil
be067466fe
Merge pull request #3132 from jpbede/deploy-cleverreach
Add CleverReach Deploy API
2020-11-29 21:47:05 +08:00
Moritz H
ed01fd4edf uconv as fallback for iconv 2020-11-28 15:22:14 +01:00
neil
7530266330 remove dependency to md5 and awk 2020-11-09 20:14:22 +08:00
neil
97b87d4ce4
Merge pull request #3111 from pashinin/master
Vault deploy hook (using curl)
2020-11-02 22:37:43 +08:00
Sergey Pashinin
e203e98375
Use _savedeployconf 2020-11-02 16:46:09 +03:00
Sergey Pashinin
9fcd104065
Use _getdeployconf for env vars 2020-11-02 13:35:12 +03:00
Jan-Philipp Benecke
1db963361c
Rework based on review from Neilpang 2020-10-28 13:50:40 +01:00
Jan-Philipp Benecke
f7e12b629f
Update CleverReach REST Endpoint 2020-10-01 11:26:29 +02:00
Jan-Philipp Benecke
2a9c56d9e3
Formatting for CI 2020-08-28 11:30:23 +02:00
Jan-Philipp Benecke
39a5688464
Make CI happy 2020-08-28 11:28:06 +02:00
Jan-Philipp Benecke
e4e6173eff
CleverReach Deploy API 2020-08-28 11:21:20 +02:00
Sergey Pashinin
f511a52705
Using _post function 2020-08-24 00:05:21 +03:00
Sergey Pashinin
de692d3dcc
Vault deploy hook 2020-08-18 13:14:00 +03:00
neil
19c4345162 fix shfmt 2020-08-17 22:18:20 +08:00
Brian Hartvigsen
5f5096e1d4
Addressing issues found in DS218+ DSM
DS218+ appears to have a slighly different DSM that sends back headers in lowercase.

Reported by @BartSiwek in #2727
2020-07-25 21:56:18 -06:00
neil
7f33ae3bee
Merge pull request #3059 from andybotting/dev
Fix CI test failure for deploy/openstack.sh
2020-07-16 13:44:40 +08:00
neil
645135bf56
Merge pull request #3051 from szepeviktor/patch-2
Upgrade Travis image
2020-07-16 13:44:02 +08:00
Viktor Szépe
61613bee98
Fix SC2230 2020-07-16 06:13:15 +02:00
Andy Botting
3ce967d8e5 Fix CI test failure for deploy/openstack.sh 2020-07-16 13:53:21 +10:00
Andy Botting
9b23cd6d19 Add OpenStack Barbican deploy support
This provider relies on the the python-openstackclient and
python-designateclient tools be installed and working, with
either password or application credentials loaded in your env.
2020-07-16 09:59:40 +10:00
andrewheberle
01ebb6576d
Use base64 for reload
Ensure that reload command is encoded with base64 so special characters in command do not wreck config on renewals
2020-07-13 09:31:47 +08:00
Tony Gravagno
eca57beec1
Issue #2850 : grammar corrections for "exists" and "exist". 2020-06-29 11:29:10 -07:00
PM Extra
a78a09f594 Support multiple servers for SSH deployment. 2020-05-22 18:15:38 +08:00
neil
341f000b9c
Merge pull request #2947 from kref/patch-1
fix octal escapes for printf %b format
2020-05-19 13:45:42 +08:00
kref
0deea53931
fix octal escapes for printf %b format
Stop it from misinterpreting a following digit as part of the escape sequence
2020-05-19 13:27:00 +08:00
Brian Hartvigsen
694194be2f
Shellcheck fix
SYNO_Certificate gets set by _getdeployconf, so this may be an empty string but that's fine
2020-05-16 02:25:53 -06:00
Brian Hartvigsen
c7f61f8b80
Allow rotating the default certificate which has no description
This means, by default, we will rotate the default certificate that comes with the DSM
2020-05-16 02:02:23 -06:00
Brian Hartvigsen
3a7c7fe4e8
Fix shellcheck issues 2020-05-16 00:19:18 -06:00
Brian Hartvigsen
668967a719
If SYNO_Create is not set here, print the nice message 2020-05-16 00:05:35 -06:00
Brian Hartvigsen
d15c14ab93
Fix support for wget
I'm actually not entirely sure why/how this worked with curl but not wget, but it did.  The short answer is that using a GET does not result in the HTTP_HEADER file being written, instead you must pass in the http_headers param ($2) which will return the HTTP headers as a string.  Luckily, the Token is in both the body and the header.  We need it and the id (and smid if 2fa) cookie to proceed.  So now we parrse the response for that instead of the HTTP_HEADER file.

Interesting side note: wget is fine if the URL contains a \r or \n, but curl will barf on it.  So we need to make sure those are stripped from the token as it will be passed in the URL later.
2020-05-15 23:53:00 -06:00
Brian Hartvigsen
52b81608a1
need to _url_encode anything sent in GET requests
Fixes issue raised by @tatablack
2020-05-15 23:48:50 -06:00
Felix Bünemann
cf5952f508
fix haproxy deploy hook ocsp update
fixes ocsp reponse update failing with `Responder Error: unauthorized (6)`
by removing `-no_nonce` switch from `openssl oscp` command .
2020-05-02 22:14:21 +02:00
neil
b6fbb012ad
Merge pull request #2749 from dkerr64/ssh-deploy
Updates to ssh_deploy hook
2020-04-12 13:58:44 +08:00
ucando
6132af8ecb enable qiniu to deploy more than one domain 2020-03-26 14:59:23 +08:00
Brian Torres-Gil
0453d656d6 fix(deploy/panos): data format improvements
It was discovered in testing that PAN-OS < 9.0 has slightly different
requirements for the multipart/form-data format and requires the `type`
parameter to be passed in the URL. These corrections should work for all
PAN-OS versions.
2020-03-24 20:01:51 -07:00
dkerr64
f38df4df11 Make remote backup directory path user configurable. 2020-03-14 21:51:21 -04:00
dkerr64
554e083f3d For MULTI_CALL default to undefined, deleting entry in config file if set to "no" 2020-03-11 10:58:36 -04:00
Markus Lippert
fd64c20807 store device ID 2020-03-08 20:22:31 +01:00
Markus Lippert
80f1034dd6 add OTP support 2020-03-08 19:49:46 +01:00
dkerr64
8ba573d196 Change variable name to MULTI_CALL so default can be "no" 2020-03-03 13:40:33 -05:00
dkerr64
f73a494407 Remove spaces on blank line to fix travis error 2020-02-22 22:09:28 -05:00
dkerr64
46ee74ed16 Remove variable from info/error printout that could potentially expose login credentials. 2020-02-22 22:05:06 -05:00
dkerr64
806b746fc0 Fix bug where backup and batch_mode yes/no values could not be changed.
Once set to "no" then they could never be set back to "yes"
2020-02-22 21:23:59 -05:00
dkerr64
cc820e97c6 Add support for DEPLOY_SSH_BATCH_MODE with default of yes.
Before this update all remote commands were bunched together and
sent to the remote host in a single SSH command.  This could result
in a very long sequence of commands that might be rejected by a
remote host (example is VMware ESXi that uses busybox sh).
With this update you can set DEPLOY_SSH_BATCH_MODE="no" and
each remote command is sent as a separate SSH call so now we
do not have big long sequence of commands.  Defaults to same
behaviour as before this update.
2020-02-22 21:10:42 -05:00
dkerr64
283b04df73 Move cleanup of backup directory to first step in the function. 2020-02-22 20:43:28 -05:00
dkerr64
6420d1239f Move call to remote system into separate function 2020-02-22 20:31:52 -05:00
dkerr64
3d9608faa0 Move -T parameter into default ssh command variable 2020-02-22 20:09:24 -05:00
xpac1985
e184a1b9e6
haproxy deploy script now compatible with OpenSSL v1.1+
haproxy deploy script now compatible with OpenSSL v1.1+

The OpenSSL OCSP request for haproxy deployment breaks from OpenSSL v1.1.0 on.
The format of the `-header` option has been changed and does now contain a `=` instead of a whitespace.
Other projects have hit the same issue:
https://github.com/nghttp2/nghttp2/issues/742

This commit determines the OpenSSL/LibreSSL version and then adjusts the request accordingly.
Also removed the duplicate command line and added some more debug output.
2020-02-20 23:28:55 +01:00
neil
754f7a7891
Merge pull request #2614 from PaloAltoNetworks/deploy-panos
Adding abillity to deploy cert to Palo Alto Networks Firewall via API.
2020-02-15 20:46:59 +08:00
Paul Nguyen
21450a08c2 Fixed 6 character requirement. 2020-02-13 18:01:27 -08:00
Paul Nguyen
c355b25bb1 Fixed line formatting 2020-02-12 15:00:23 -08:00
Paul Nguyen
1fe3d80838 Updated to use saveconf function and base64encode. 2020-02-12 14:57:31 -08:00
Paul Nguyen
930e16b64a fix gitdiff 2020-02-11 22:50:05 -08:00
Paul Nguyen
2077a70d03 Fixing gitdiff 2020-02-11 22:44:51 -08:00
Paul Nguyen
cbdb8bd9b9 Fixing gitdiff 2020-02-11 22:34:55 -08:00
Paul Nguyen
5dcb417676 ShellCheck fixes 2020-02-11 22:26:48 -08:00
Paul Nguyen
71bc993e3d Fixed Shellchecks 2020-02-11 22:23:10 -08:00
Paul Nguyen
c2812896f8 Update deployer 2020-02-11 18:15:10 -08:00
Brian Hartvigsen
1b475cf9f3
Remove -q from greps 2020-02-10 21:02:27 -07:00
Brian Hartvigsen
d07172a528
Replace disabled linter with variable substituion 2020-02-09 12:06:13 -08:00
Brian Hartvigsen
79637097ba
Use _utc_date 2020-02-09 11:50:50 -08:00
Brian Hartvigsen
1259341095
Use deployconf properly 2020-02-09 03:10:11 -08:00
Brian Hartvigsen
5d3bc95ac5
Fix some debug output 2020-02-09 02:50:29 -08:00
Brian Hartvigsen
de25232a73
Allow creating new certificates when certificate is not found 2020-02-09 02:26:55 -08:00
Brian Hartvigsen
95769de464
Fix shfmt/shellcheck issues 2020-02-09 02:01:26 -08:00
Brian Hartvigsen
52a168b961
Stop using jq/curl directly
This is a lot more fragile then the previous code due to treating JSON as just a string
2020-02-09 01:49:20 -08:00
Brian Hartvigsen
b3b00b6700
Using domainconf instead of account 2020-02-09 01:49:20 -08:00
Brian Hartvigsen
8e8cda132c
Remove boilerplate from what I used for template 2020-02-09 01:49:20 -08:00
Brian Hartvigsen
6459ccb185
Cleanup shfmt warnings 2020-02-09 01:49:20 -08:00
Brian Hartvigsen
548f83c3ad
Cleanup shellcheck errors 2020-02-09 01:49:19 -08:00
Brian Hartvigsen
555e0de9e4
Initial support for Synology DSM
This allows you to update a key on a Synology DSM using the existing API.
Handles restarting the necessary services the certificate is attached to and all other internal stuff (copying the certificate around, etc.)

This is way less error prone than most articles I've found on how to update a Synology DSM certificate.
2020-02-09 01:49:19 -08:00
Paul Nguyen
d9a9695fe0 Deploy certificates to Palo Alto Network Firewalls 2020-02-05 14:29:01 -08:00
neilpang
d795fac37a update repo name 2020-01-30 12:06:39 +08:00
Charlie Garrison
84b0f29d87
Merge branch 'dev' into master 2019-11-26 20:44:48 +11:00
Charlie Garrison
b23e05dbc5 Added trailing slash to end of each line of DEPLOY_SCRIPT_CMD 2019-11-26 20:39:08 +11:00
neil
7ad3ddef2a
Merge pull request #2539 from temoffey/gcore_cdn
Gcore cdn
2019-10-10 10:35:22 +08:00
temoffey
252a21e2ae fixed json parse regex for support api gcore_cdn 2019-10-10 00:36:34 +03:00
Peter Dave Hello
ac9f6e3a41 Remove trailing spaces in text files
This issue in the shell scripts will also be detected in the stable
version of shfmt(we are currently using an ancient pre-release of shfmt)
2019-10-05 21:09:24 +08:00
neil
ee38cccad8
sync (#2436)
* fix https://github.com/Neilpang/acme.sh/issues/2409 (#2430)

* Add variable exports for Successful Post Hook and Renew Hook calls (#2431)

* fixed json parse regex for support api gcore_cdn (#2381)
2019-08-11 11:56:59 +08:00
Тимур Яхин
f82ff90f06 fixed json parse regex for support api gcore_cdn (#2381) 2019-08-11 11:41:57 +08:00
neil
55dea4ee9d
sync (#2404)
* support jdcloud.com

* fix format

* ttl 3000

* Escape slashes (#2375)

* Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330)

As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server.

* check empty id

* fix error

* Add dnsapi for Vultr (#2370)

* Add Vultr dns api

* PushOver notifications (#2325)

* PushOver notifications, using AppToken, UserKey, and optional sounds

* fix errors

* added dns api support for hexonet (#1776)

* update

* minor

* support new Cloudflare Token format
fix https://github.com/Neilpang/acme.sh/issues/2398

* fix wildcard domain name

* add more info

* fix https://github.com/Neilpang/acme.sh/issues/2377

* fix format

* fix format
2019-07-27 11:48:29 +08:00
neilpang
45e8bb03e4 add more info 2019-07-23 21:43:00 +08:00
neilpang
54e189616c fix wildcard domain name 2019-07-23 21:36:42 +08:00
neil
06f860c8ea
Merge pull request #2292 from cngarrison/master
change to routeros native script rather than bash multiline commands
2019-06-19 21:27:32 +08:00
neilpang
951bd3a517 minor, check for mkdir 2019-06-03 21:03:03 +08:00
neilpang
2e3ddd3a61 trim quotation marks 2019-06-03 20:55:22 +08:00
Charlie Garrison
c42dbbfec8 reformatted RouterOS script for shfmt checks 2019-06-03 11:38:39 +10:00
neilpang
aec6636205 add _getdeployconf 2019-06-02 19:36:11 +08:00
neilpang
a18c3ff07d use sh -c 2019-06-02 15:21:08 +08:00
neilpang
64928b28bc trim quotation marks 2019-06-02 11:11:34 +08:00
neilpang
0bbaa51945 fix format 2019-06-02 10:05:24 +08:00
neilpang
561803c0a7 add deploy hook to docker containers 2019-06-01 22:30:25 +08:00
Charlie Garrison
03a407d4df Added additional shellcheck ignores for client-side evaluation warning
Should pass CI tests now
2019-05-29 14:05:20 +10:00
Charlie Garrison
0cddc8a154 change to routeros native script rather than bash multiline commands 2019-05-26 01:32:13 +10:00
neilpang
1a126b700f fix https://github.com/Neilpang/acme.sh/issues/2252 2019-05-08 22:13:33 +08:00
neil
b28835a604
Update haproxy deploy hook (#1591)
* implement basic haproxy deploy

HAProxy requires the certificate chain and key to be concatenated and placed somewhere (can be anywhere). This script expects a single environment variable with the path where the concatenated PEM file should be written

* add docs for HAProxy deployment

* Add conditional check to ensure path is provided

* remove whitespace

* remove more whitespace (trying to get TravisCI working)

* add reload

* update for POSIX compliance

* add documentation for reload command

* Update haproxy deploy hook

Add functionality to add OCSP stapling info (.ocsp file), issuer (.issuer file) and multi-cert bundles (suffix on pem file based on key type).

This also corrects the order of key, certificate and intermediate in the PEM file, which although HAProxy does not seem to care, was incorrect in the prior version.

* Document updated haproxy deploy hook

* Fix variable name

* whitespace fixes

* Support HAPROXY_DEPLOY_PEM_PATH

Adds compatibility to original haproxy deploy hook while still allowing custom PEM file name (via HAPROXY_DEPLOY_PEM_NAME)

* update for new haproxy deploy vars

* Fix return from reload

* Fix Le_Keylength case

* Update cert suffix for bundles .ocsp generation

* Whitepspace

* Change default for reload

* Readme update

* Actually set reload default

* Fix README.md confict
2019-05-01 15:13:42 +08:00
Тимур Яхин
6340704173 fixed line breaks for support api gcore_cdn (#2237) 2019-05-01 15:11:39 +08:00
andrewheberle
37ef0a0cb6
Fix README.md confict 2019-04-30 15:32:36 +08:00
neil
d1f39e6217
Merge pull request #706 from palhaland/dev
Shell script for deploying changes to a routeros server.
2019-04-10 20:49:05 +08:00
neil
297859c5bc
Merge pull request #2191 from temoffey/gcore_cdn_deploy
fix gcore_cdn_deploy
2019-03-23 21:46:40 +08:00
temoffey
bea52aa743 remove use grep -E 2019-03-23 16:29:33 +03:00
neil
a4cc9ef2cc
Merge pull request #2178 from temoffey/gcore_cdn_deploy
Gcore cdn deploy
2019-03-23 11:06:16 +08:00
temoffey
df9174577a remove check jq 2019-03-22 23:00:47 +03:00
temoffey
bd1bb7a71b fix syntax 2019-03-22 20:08:35 +03:00
temoffey
4b6e7e6c37 remove use while, [[ ]], array 2019-03-22 20:02:59 +03:00
temoffey
8896642e25 fix syntax 2019-03-22 20:01:39 +03:00
temoffey
0ecb5a3fec fix syntax 2019-03-22 04:31:58 +03:00
temoffey
d289b0b450 fix syntax 2019-03-22 04:21:41 +03:00
temoffey
b8489464b3 remove use awk, jq, curl 2019-03-22 03:41:26 +03:00
Pål Håland
ebaa3f39e4 Merge remote-tracking branch 'origin/dev' into dev 2019-03-21 15:54:02 +01:00
Pål Håland
e19753dcde Moved documentation from deploy/README.md to deploy/routeros.sh 2019-03-21 15:53:11 +01:00
temoffey
16b0704acc remove readme 2019-03-20 18:10:53 +03:00
neilpang
61bcd67a5d move to wiki 2019-03-20 23:03:49 +08:00
temoffey
89989adcad fix syntax 2019-03-20 14:05:18 +03:00
temoffey
95cdb4b2bc fix syntax 2019-03-20 14:02:11 +03:00
temoffey
228c835466 gcore_cdn_deploy 2019-03-20 03:03:10 +03:00
Valentin Brandl
d604166194
Fix formatting 2019-03-19 19:15:31 +01:00
Valentin Brandl
d643a2ff13
Check if mailcow path is set and fix directory check 2019-03-19 19:09:25 +01:00
Valentin Brandl
b581a171f0
Add documentation for mailcow deploy hook 2019-03-19 18:43:07 +01:00
Valentin Brandl
307336cfc4
Add deploy hook for mailcow
This hook will copy the key and certificate chain to the specified
mailcow installation (as described in
https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#use-own-certificates)
and restarts the containers, that are using the certificates.

The hook has 2 parameters:

* `DEPLOY_MAILCOW_PATH`: The path to the mailcow installation (required)
* `DEPLOY_MAILCOW_RELOAD`: The reload command, defaults to `docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow`
2019-03-19 18:42:47 +01:00
Pål Håland
86fbb5952e Use env sh 2019-03-02 16:39:41 +01:00
neil
2a52603b7e
Merge pull request #2128 from the729/fix-qiniu-base64
fix deploy/qiniu.sh base64
2019-03-01 22:44:23 +08:00
tianji
22e7b4c911 fix doc of qiniu deploy script
A leading dot should be included when updating wildcard domains.
2019-02-28 23:51:43 +08:00
tianji
af5f7a7779 fix deploy/qiniu.sh base64
According to the doc (https://developer.qiniu.com/kodo/manual/1231/appendix#1), we should use URL-safe base64 instead of plain base64 for token calculation.
2019-02-28 23:43:58 +08:00
Pål Håland
1dab2ac7d3 Updated with latest changes from Neilpang/dev 2019-02-26 17:41:24 +01:00
Marcin Konicki
16a0f40ac2 Support for MyDevil.net (#2076)
support mydevil
2019-02-20 09:40:36 +08:00
shonenada
a4a53e1355
Move docs into README.md from README_zh.md 2019-01-21 17:33:09 +08:00
shonenada
c445e70cff
fix indent 2019-01-21 14:33:15 +08:00
shonenada
e8eec2cb41
add chinese readme 2019-01-21 00:11:06 +08:00
shonenada
dd6fa4af00
Save QINIU_CDN_DOMAIN only when defined 2019-01-20 23:58:10 +08:00
shonenada
afdb9a63ff
chore: replece Le_Deploy_Qiniu_* with QINIU_* 2019-01-19 23:58:55 +08:00
shonenada
4c1fa9c242
save CDN Domain with _savedomainconf 2019-01-14 22:55:05 +08:00
shonenada
3c6b707353
add QINIU_CDN_DOMAIN for wildcard certificate 2019-01-13 12:25:03 +08:00
shonenada
96efc8c7f0
lint codes 2019-01-12 23:11:19 +08:00
shonenada
0cd6afde6f
Add guidance to deploying cert to qiniu.com 2019-01-12 21:15:16 +08:00
shonenada
82b11da4ca
replace awk with sed and tr 2019-01-12 21:07:22 +08:00
shonenada
4ec39ab707
replace with functions defined in acme.sh 2019-01-12 20:16:28 +08:00
shonenada
d2a60f3ca4
lint code 2019-01-12 15:54:42 +08:00
shonenada
3bc6628227
Update Qiniu's domain settings after uploading certificate 2019-01-12 15:25:36 +08:00
shonenada
e19809d5b5
Add deployment for qiniu cdn
Upload certificate and privkey to Qiniu's CDN service with https://developer.qiniu.com/fusion/api/4248/certificate
2019-01-11 18:47:01 +08:00
Sergey Pashinin
9f067d7f56
Deploy to Hashicorp Vault docs 2018-12-10 18:17:18 +03:00
Sergey Pashinin
c84466b131
Write certs in Vault for Fabio load balancer 2018-12-10 16:55:21 +03:00
andrewheberle
454c90820d
Actually set reload default 2018-09-28 08:57:13 +08:00
andrewheberle
0a4e61c1dd
Readme update 2018-09-28 08:46:39 +08:00
andrewheberle
31d9ba7e02
Change default for reload 2018-09-28 08:45:18 +08:00
Christian Brandel
80b40c02b4 use perl instead of iconv, if iconv is not available 2018-09-10 01:24:20 +02:00
Yann Bizeul
8d6443b25d Fix Syntax 2018-08-21 16:41:45 +02:00
Yann Bizeul
e3c7fc8077 Fix Syntax 2018-08-21 16:35:39 +02:00
Yann Bizeul
bbf2a15f27 Fix Syntax 2018-08-21 16:30:33 +02:00
Yann Bizeul
5a326b82bd Fix Syntax 2018-08-21 16:24:57 +02:00
Yann Bizeul
f1b0dd7836 Fix Syntax 2018-08-21 16:22:08 +02:00
Yann Bizeul
c205777542 Better integration with acme.sh utils 2018-08-21 16:18:00 +02:00
Yann Bizeul
b401dbbf65 Fix Syntax 2018-08-15 19:17:24 +02:00
Yann Bizeul
75dd0a770f Fix Syntax 2018-08-15 19:10:31 +02:00
Yann Bizeul
6d8292cdd8 Syntax fix 2018-08-15 19:00:08 +02:00
Yann Bizeul
0575eb671a Fix double quote around URL 2018-08-15 18:44:24 +02:00
Yann Bizeul
d06eea53ef Add deploy plugin for Gitlab pages 2018-08-15 18:36:34 +02:00
Yann Bizeul
9e96a93172 Updated README with Gitlab help 2018-08-15 18:36:24 +02:00
little-fat
63134fafec Fix key leakage in SSH deploy log 2018-08-02 20:57:27 +08:00
neil
f60dde4138
Merge pull request #1698 from Neilpang/dev
Dev
2018-06-29 20:12:57 +08:00
neilpang
9c545059ae fix warning 2018-06-28 22:21:22 +08:00
neilpang
05dea7b22a fix warning 2018-06-28 20:34:29 +08:00
Santeri Kannisto
d987d61ea9
Issue #1328 bug fix v3
Eliminated php dependency with a private function for urlencode using sed. Php had failed on godaddy due to multiple php instances and naturally cron using the one without the necessary -r option. Compared to previous PR the sed code is now POSIX and should work on all environments.
2018-06-28 09:38:14 +02:00
andrewheberle
8d348954a7
Whitepspace 2018-05-14 13:22:46 +08:00
andrewheberle
7d19d784df
Update cert suffix for bundles .ocsp generation 2018-05-14 13:16:56 +08:00
andrewheberle
733b4e0a34
Fix Le_Keylength case 2018-05-14 11:26:03 +08:00
andrewheberle
08d29a8342
Fix return from reload 2018-05-14 10:58:46 +08:00
andrewheberle
675e2d25d6
update for new haproxy deploy vars 2018-05-10 15:28:54 +08:00
andrewheberle
ba20af48d3
Support HAPROXY_DEPLOY_PEM_PATH
Adds compatibility to original haproxy deploy hook while still allowing custom PEM file name (via HAPROXY_DEPLOY_PEM_NAME)
2018-05-10 15:25:28 +08:00
andrewheberle
707e053949
whitespace fixes 2018-05-10 12:18:03 +08:00
andrewheberle
c47e67e52c
Fix variable name 2018-05-10 12:06:25 +08:00
andrewheberle
3a95bfb699
Document updated haproxy deploy hook 2018-05-10 12:02:58 +08:00
andrewheberle
6567bb4c12
Update haproxy deploy hook
Add functionality to add OCSP stapling info (.ocsp file), issuer (.issuer file) and multi-cert bundles (suffix on pem file based on key type).

This also corrects the order of key, certificate and intermediate in the PEM file, which although HAProxy does not seem to care, was incorrect in the prior version.
2018-05-10 11:51:59 +08:00
Daniel Watrous
c9818ea2c4
add documentation for reload command 2018-05-04 13:03:27 -05:00
Daniel Watrous
afe5cb588d
update for POSIX compliance 2018-05-04 10:25:54 -05:00
Daniel Watrous
e9e999542d
add reload 2018-05-04 10:14:31 -05:00
Daniel Watrous
5f593994c7
remove more whitespace (trying to get TravisCI working) 2018-05-03 12:25:11 -05:00
Daniel Watrous
ec73aeba16
remove whitespace 2018-05-03 12:17:26 -05:00
Daniel Watrous
7573e560b6
Add conditional check to ensure path is provided 2018-05-03 10:06:05 -05:00
Daniel Watrous
c8bc155cfe
Merge pull request #1 from dwatrous/patch-2
add docs for HAProxy deployment
2018-05-03 01:38:33 -05:00
Daniel Watrous
1eae73105a
add docs for HAProxy deployment 2018-05-03 01:33:06 -05:00
Daniel Watrous
360dc140ea
implement basic haproxy deploy
HAProxy requires the certificate chain and key to be concatenated and placed somewhere (can be anywhere). This script expects a single environment variable with the path where the concatenated PEM file should be written
2018-05-03 01:28:56 -05:00
Bob Belnap
87a8dda955 add chain cert 2018-03-28 12:40:31 -04:00
Pål Håland
8d38cf4d1f Use allchain instead of ca an cert, add documentation after review 2018-03-26 22:00:01 +02:00
Pål Håland
d698c1093a remove spaces around assignment 2018-03-26 08:24:04 +02:00
Pål Håland
7b327d47c0 Fix documentation 2018-03-26 08:21:31 +02:00
Pål Håland
e629985cf4 Use _cdomain if ROUTER_OS_HOST is missing 2018-03-26 07:41:56 +02:00
Pål Håland
aa875f1147 Merge branch 'master' into dev 2018-03-25 22:50:58 +02:00
Alex
6b15cf3f72
Remove template text 2018-03-22 13:45:43 -04:00
Jakub Wilk
2d7b9817cb Fix typos 2018-03-03 16:27:17 +01:00
David Kerr
98b8bfb3fa Merge branch 'dev' of https://github.com/Neilpang/acme.sh into ssh-deploy 2018-02-22 11:46:34 -05:00
neil
d3de50e0f9
Merge pull request #1270 from rbelnap/vault-deploy
Vault deploy
2018-02-21 10:17:27 +08:00
Bob Belnap
2c45f27356 rename deploy hook vault to vault_cli 2018-02-20 09:11:45 -05:00
Bob Belnap
c86755f1ab format fix 2018-02-16 09:19:47 -05:00
Bob Belnap
b8418ced44 syntax fixes 2018-02-16 09:01:26 -05:00
Jose Luis Duran
fac0beaa0a
Add support for strongSwan deploys in FreeBSD
Related to 8ea800205c
2018-02-16 11:29:10 -02:00
Bob Belnap
90e587a974 add vault deploy hook script 2018-02-15 15:34:47 -05:00
hiska
8ea800205c support both debian and redhat 2018-01-04 19:01:57 +09:00
David Kerr
c809b33161 Merge branch 'master' of https://github.com/Neilpang/acme.sh into ssh-deploy 2017-10-29 21:03:05 -04:00
neil
4ef1159666 Merge pull request #1055 from hiskang/deploy/strongswan
Deploy/strongswan
2017-10-04 08:59:05 +08:00
hiska
c924e7c537 remove "return 0" 2017-10-04 06:44:02 +09:00
hebbet
372f691fd6 unify headlines
unify headlines in deploy readme
2017-10-02 15:04:02 +02:00
hiska
5f05a452fc Merge branch 'dev' into deploy/strongswan 2017-10-02 08:39:55 +09:00
hiska
afe3283c53 Update README.md 2017-10-02 08:34:32 +09:00
hiska
641a2895a6 Create strongswan.sh 2017-10-02 08:32:36 +09:00
neil
0427e8bbb4 Merge pull request #993 from fritteli/deploy-fritzbox
Deploy fritzbox
2017-09-29 21:00:07 +08:00
Santeri Kannisto
acf117584b #1042
Apparently UAPI does not return any error code, just JSON output that has a string "status: 0" whenever the command fails.
2017-09-26 07:04:30 +04:00
Manuel Friedli
2fc0225bc9 Make command line example consistent with env variable example. 2017-09-12 11:35:21 +02:00
Manuel Friedli
3536cd336d Merge branch 'dev' into deploy-fritzbox 2017-09-12 11:32:54 +02:00
Santeri Kannisto
a9726fde19 1 cert per domain
for cpanel_uapi
2017-09-05 17:42:17 +04:00
Santeri Kannisto
f81d4033fa One cert per domain
Deploy works only for the first domain
2017-09-05 17:37:48 +04:00
Manuel Friedli
1e30718df6 Try and work around shellcheck error SC2039: In POSIX sh, printf -%s-- is undefined. 2017-09-04 14:48:27 +02:00
Manuel Friedli
72e1eb88d9 Don't use individual redirects, but do it all in one block. 2017-09-04 14:40:28 +02:00
Manuel Friedli
8ee5ede834 Fix more formatting errors 2017-09-04 14:30:40 +02:00
Manuel Friedli
bd8b1a2501 Don't use wget directly, but instead use _get and _post. 2017-09-04 14:27:22 +02:00