Commit Graph

477 Commits

Author SHA1 Message Date
neil
4e9f971c91
Merge pull request #4170 from SecT0uch/patch-1
Fix ecc certificates
2022-07-11 22:13:24 +08:00
Ry3nlNaToR
41801a60ad
Also restart postfix 2022-07-09 14:30:18 +01:00
Jordan ERNST
2cbf1259a8
Fix for ECC certificates 2022-07-07 17:20:23 +02:00
neil
9b79743c5d
Update proxmoxve.sh 2022-06-23 14:12:53 +08:00
neil
a386826808
Update proxmoxve.sh 2022-06-23 14:11:36 +08:00
neil
668894fc4d
Update proxmoxve.sh 2022-06-23 14:08:24 +08:00
William Sellitti
799f509ba9 typo 2022-06-22 23:19:12 -04:00
William Sellitti
b3b4811b2c added savedeployconf to preserve environment variables usedi in initial deployments 2022-06-19 22:01:56 -04:00
William Sellitti
966e4246e5 Merge branch 'proxmoxve' of gitlab.lan.home.wesitcllc.com:software/upstream/acme.sh into proxmoxve 2022-06-19 01:49:51 -04:00
William Sellitti
9377c4f3ad Merge branch 'proxmoxve' of github.com:wsellitti/acme.sh into proxmoxve 2022-06-19 01:46:45 -04:00
William Sellitti
b876128635 forced content-type to json 2022-06-19 01:46:10 -04:00
William Sellitti
c0da801580 Revert "'+' are being converted to ' ' at some point"
This reverts commit 149310e1ec.
2022-06-18 17:00:36 -04:00
William Sellitti
149310e1ec '+' are being converted to ' ' at some point 2022-06-18 16:58:15 -04:00
William Sellitti
4e625c18dc Revert "seems like the escaped new lines aren't remaining escaped new lines with the new version of curl"
This reverts commit a5d5113be3.
2022-06-18 16:56:46 -04:00
William Sellitti
a5d5113be3 seems like the escaped new lines aren't remaining escaped new lines with the new version of curl 2022-06-18 16:55:12 -04:00
William Sellitti
7900c493af debugging for the payload 2022-06-18 16:43:25 -04:00
William Sellitti
76fe5d8831 those where flipped by mistake 2022-06-18 16:39:32 -04:00
William Sellitti
37031721dd typo 2022-06-18 15:52:18 -04:00
William Sellitti
3cc283cbee not generating files any more 2022-06-18 15:44:25 -04:00
William Sellitti
35cf98fff2 sensititive things debugged at a higher level 2022-06-18 15:41:38 -04:00
William Sellitti
ca41ea2d5c added _getdeployconf to set all of the environment variables 2022-06-18 15:40:05 -04:00
William Sellitti
daffc4e6a4 typo, using _H1 to provide header keys. 2022-06-18 12:21:14 -04:00
William Sellitti
5f3cb9019b fixed to use _post function instead of curl 2022-06-18 12:18:33 -04:00
neil
7be7586971
Update proxmoxve.sh 2022-06-18 15:01:38 +08:00
William Sellitti
6d64098288 shell check war warning against unnecessary use of cat 2022-06-14 23:46:09 -04:00
William Sellitti
4351110082 properly quoted variable names 2022-06-14 22:38:06 -04:00
William Sellitti
6652138d3e fixed per shellcheck's preference for -n instead of ! -z 2022-06-14 22:33:38 -04:00
William Sellitti
c8d0d475e4 deploy api script to upload certs to proxmox using proxmox api 2022-06-11 13:49:31 -04:00
Debian Bear
b169a5c707
change _dbase64 to single line 2022-06-08 22:44:10 +08:00
neil
d2a9d731ed
Update ssh.sh 2022-05-24 22:25:44 +08:00
PM Extra
3ce7d410c8 improve doc comments 2022-05-14 22:59:02 +08:00
PM Extra
74f28021e7 fix format again 2022-05-14 22:49:40 +08:00
PM Extra
f90cbb636a fix format 2022-05-14 22:41:59 +08:00
PM Extra
c8929ca0cb support specifying port for each host 2022-05-14 22:29:48 +08:00
PM Extra
9fb5bb620d refact ssh hook to use deploy config 2022-05-14 22:28:02 +08:00
PM Extra
ed58f32052 Merge branch 'dev' into feature/ssh_scp 2022-05-14 15:43:26 +08:00
quthla
08ae8cc3cb
Fix 2022-04-11 11:39:21 +02:00
quthla
201673ca8a
Store Mailcow deploy parameters 2022-04-11 00:29:55 +02:00
neil
6fb8c0ec4c
Merge pull request #3989 from abiessmann/deploy_routeros_handle_remote_errors
deploy/routeros: handle errors
2022-03-20 13:30:58 +08:00
neil
499ea07934
Merge pull request #3993 from imgrant/deploy-truenas-s3-feature
feat: Configure TrueNAS S3 certificate
2022-03-20 12:34:58 +08:00
Ian Grant
afa06267a2 style: Neaten up some of the info & error messages, fix some typos 2022-03-19 20:39:48 +00:00
Ian Grant
d4a6d9c076 fix: Adjust the sed extraction of certificate ID from JSON response
Prior to this, an error in the regex didn't match. Resolves #3992 (TrueNAS deploy hook fails to set certificate for FTP or WebDAV)
2022-03-19 20:38:47 +00:00
Ian Grant
c3f6112443 feat: Configure certificate for TrueNAS S3 service (MinIO) 2022-03-19 20:36:11 +00:00
Andreas Bießmann
3411b736dd deploy/routeros: add error handling for scp
In order to stop processing on failure to copy certificate
to remote side, fail on error of scp command.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-03-18 09:10:12 +01:00
Andreas Bießmann
c603b9c40b deploy/routeros: add error handling for ssh
In order to detect errorneous scripts on remote side, catch return code
and handle it respectively.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
Reviewed-by: Ross Shen @sjtuross
2022-03-18 09:07:59 +01:00
Andreas Bießmann
9d6d96adf3 deploy/routeros.sh: fix routeros script
Commit c46ceb06b4 introduced an error in
routeros script.

Fix it!

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-03-17 12:24:42 +01:00
fradev
b37bf06de8 Update ssh.sh 2022-03-01 17:57:59 +01:00
fradev
27bbf0ccaf
Merge branch 'acmesh-official:master' into master 2022-03-01 17:44:46 +01:00
Andreas Bießmann
c46ceb06b4 deploy/routeros.sh: change DEPLOY_SCRIPT_CMD
This set the owner of script to ssh user, have the comment line in script
as real comment and removes policy since this is set from current user,
at least for RouterOS 7.x.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:13:01 +01:00
Andreas Bießmann
92e4ecce3b deploy/routeros.sh: remove all certificates
As the script is applying the fullchain which includes three certificates,
delete all of them before applying updated certificate.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:13:01 +01:00
Andreas Bießmann
8a2f673903 deploy/routeros.sh: make ssh/scp configurable
In order to modify ssh/scp commands make them configurable via
environment variables.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:12:59 +01:00
Mac_Zhou
205e95a246 Add environment variables ROUTER_OS_PORT 2022-02-10 11:29:09 +08:00
John Elliott
3a99a77104 Update return statement 2022-02-07 21:55:12 -08:00
John Elliott
5ce8050e46 Update missing oathtool check 2022-02-07 11:58:14 -08:00
John Elliott
5ae3a020bd Add err log for missing oathtool in Synology
Alerts the user that the oathtool is missing and the TOTP can't be
generated.
2022-02-07 11:53:24 -08:00
Ross Shen
67c990e8cf omv deploy hook: add usage comments 2022-01-20 17:46:47 +08:00
Ross Shen
0292e20c86 omv deploy hook: support both local and remote deployment 2022-01-20 17:27:11 +08:00
Ross Shen
a78a4e6716 omv deploy hook: shellcheck disable=SC2029 2022-01-19 21:42:17 +08:00
Ross Shen
6bbf927f57 omv deploy hook: separate DEPLOY_OMV_WEBUI_ADMIN and DEPLOY_OMV_SSH_USER 2022-01-19 21:13:02 +08:00
Ross Shen
dca9def42c add remote deploy hook for openmediavault 5
based on #3757
2022-01-19 12:36:54 +08:00
Ross Shen
edee7ea284 routeros deploy hook: store the env vars within the domainconf
related to #2344 and #2413
2022-01-16 20:46:09 +08:00
neil
658d09ed84
Merge pull request #3396 from F-Plass/master
deploy scipt for TrueNAS Server using REST API
2022-01-16 08:17:49 +08:00
Sergey Pashinin
7e7291ace9
Support Vault KV v2 (#3502) 2022-01-09 11:01:38 +08:00
neil
c959d64099
Merge pull request #3807 from dacrystal/topic/synology_dsm-otp_code
Add SYNO_TOTP_SECRET for user with two-factor authentication enabled
2022-01-08 20:03:13 +08:00
Frank Wall
6aa1ec0802 deploy/fritzbox: allow hook to be used with multiple fritzboxes
Previously the deploy hook config was stored in the account config.
This seems odd and adds unnecessary limitations to the hook.
Now we're using the correct _*deployconf() functions to read and
write the deploy hook config.
2022-01-06 16:20:43 +01:00
fradev
71a32477e4
Merge branch 'acmesh-official:master' into master 2021-12-20 09:28:19 +01:00
F-Plass
b203f2abaa
Merge branch 'acmesh-official:master' into master 2021-12-03 17:18:44 +01:00
Nasser Alansari
4635dacf7f Add SYNO_TOTP_SECRET for user with two-factor authentication 2021-11-13 13:01:38 +03:00
F-Plass
3bcb91f6ae Update truenas.sh
solved the problem of UI-Restart after 12.0-U3
2021-11-11 23:03:00 +01:00
Miguel Angelo
a31ed4a723 Notify user about a possible problem when using synology_dsm.sh with 2fa enabled user account 2021-11-01 01:40:14 -03:00
neil
fba6de76b1
Merge pull request #3687 from gstrauss/use-getdeployconf
use _getdeployconf instead of sourcing DOMAIN_CONF
2021-10-01 12:41:12 +08:00
Glenn Strauss
8419b42e83 use ${ACME_OPENSSL_BIN:-openssl} instead of openssl
(requested by @Neilpang in #3687)
2021-09-30 19:00:39 -04:00
Nookery
2447fccf1e
name="snis" => name="snis[]"
kong 2.5.x,snis参数是一个数组
2021-09-04 16:59:50 +08:00
Glenn Strauss
c43c711f72 use _getdeployconf instead of sourcing DOMAIN_CONF
(requested by @Neilpang in #3394)

github: closes #3394
2021-09-01 16:37:10 -04:00
Michael Weber
f354e6de69 lighttpd deploy hook
* verbatim copy from haproxy.sh, s/haproxy/lighttpd
* enable issuer
2021-09-01 16:33:24 -04:00
fradev
08d60fcbf2 Update ssh.sh
shfmt formatting
2021-08-30 11:32:07 +02:00
fradev
4cda54774a Update ssh.sh
SC2086 and SC2215
2021-08-30 11:17:03 +02:00
fradev
613475ac26 Update ssh.sh 2021-08-30 11:08:06 +02:00
fradev
20d23fcb92 Update ssh.sh
Added scp mode for copy the certs
2021-08-25 16:55:36 +02:00
neil
f41f93af3a
Merge pull request #3491 from bgarret/consul-deploy-hook
Consul deploy hooks
2021-06-24 20:25:01 +08:00
Brian Hartvigsen
dcb51683c5
shellcheck cleanup
shellcheck sees '\\' as trying to escape the trailing quote (see
koalaman/shellcheck#1548 ).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen
74a4a788b1
Make certificate descriptions sed safe
This escapes special characters used in POSIX sed to prevent mismatches.
e.g. `SYNO_Certficiate=*.example.com` would not match a description of
"*.example.com" and would look to match any number of double quotes (the
last character in the sed regex prior to certificate description),
followed by any single character, followed by "example", followed by any
character, followed by "com".

After this change, it will properly match `*.example.com` and not
`""zexamplefcom`.

Additionally we now store the certificate description as base64 encoded
to prevent issues with single quotes.

Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen
5ab9ca1c0d
Better fix for Synology DSM setting wrong default
As noted by @buxm, previous fix didn't work for all versions of DSM 6.
The better fix appears to be simply not outputting the "as_default"
parameter unless we are doing something with the default certificate.
2021-05-19 13:21:34 -06:00
Benoit Garret
07afc4953a Fix the shfmt check 2021-05-07 12:12:30 +02:00
neil
8c14150536
Merge pull request #3350 from temoffey/deploy-gcore_cdn
Deploy gcore_cdn fix
2021-05-05 23:48:37 +08:00
Benoit Garret
c127903127 Add Consul deploy hook 2021-05-05 10:01:09 +02:00
Brian Hartvigsen
1a4a180e8c
FIX: Synology sets "default" on wrong certificate
For some DSM installs, it appears that setting the "default" flag to the
string "false" actually sets it to true.  This causes Synology to set
the last updated certificate to be the default certificate.  Using an
empty string appears to still be accepted as a false-y value for DSMs
where this isn't happening and corrects the behavior in the cases that
it was.

Credit to @Run-King for identifying the fix and @buxm for reporting.
2021-05-02 13:37:59 -06:00
neil
e71238571a
Merge pull request #3464 from jpbede/cleverreach-deploy-sublient
CleverReach Deploy Hook: Allow deploy to agency subaccounts
2021-04-04 19:03:33 +08:00
Jan-Philipp Benecke
2867ec509e
Make CI happy 2021-03-30 09:18:33 +02:00
Jan-Philipp Benecke
d853a9ebbe
Make uploading cert to subaccount possible 2021-03-30 09:13:32 +02:00
Christophe Le Guern
cc90f83463
Use 'vault kv put' instead of 'vault write'
When using vault_cli with a kv2 path, it isn't working. I have the following error:
```
WARNING! The following warnings were returned from Vault:                                                                                                                                                                                     
                                                                                                                                                                                                                                              
  * Invalid path for a versioned K/V secrets engine. See the API docs for the                                                                                                                                                                 
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'                                                                                                                                                                
  for this operation.                                                                                                                                                                                                                         
```
The new way to write data  is to use `vault kv put`, it is compatible with kv1 and kv2.
Ref: https://www.vaultproject.io/docs/commands#reading-and-writing-data
```
The original version of K/V used the common read and write operations. A more advanced K/V Version 2 engine was released in Vault 0.10 and introduced the kv get and kv put commands.
```
2021-03-29 15:10:14 +02:00
Jan-Philipp Benecke
1530abbd1a
Make uploading cert to subaccount possible 2021-03-26 15:37:12 +01:00
F-Plass
4bb8e3a121 Update truenas.sh
-error handling
2021-02-21 22:48:31 +01:00
F-Plass
eacc00f786 Update truenas.sh
- check if curl exists
- check if wget exist, then errortext and exit scipt
- _get command "restartUI"  wirh info about curl error 52
2021-02-21 22:42:24 +01:00
Mike Edmunds
bf8c33703c
Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions
2021-02-15 15:01:21 +08:00
F-Plass
93fd6170a3 Update truenas.sh 2021-02-13 12:38:57 +01:00
F-Plass
6f4c5fcc87 Update truenas.sh 2021-02-07 21:25:49 +01:00
F-Plass
a7ca010d4e Update truenas.sh 2021-02-07 21:24:06 +01:00
F-Plass
a836842a7e Update truenas.sh 2021-02-07 21:20:56 +01:00
F-Plass
f8c11a324a Update truenas.sh 2021-02-07 19:19:04 +01:00