julien.escario
/
acme.sh
forked from Github/acme.sh
1
0
Fork 0
Code Pull Requests Releases Activity
Browse Source

remove _ACME prefix from all exported variables.

dnsconf
David Kerr 8 years ago
parent
e0b00ee11a
commit
0649206796
2 changed files with 55 additions and 55 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 56
      deploy/README.md
  2. 54
      deploy/ssh.sh

56
deploy/README.md
View File

@ -38,21 +38,21 @@ values are stored by acme.sh in the domain configuration files.
Required... Required...
``` ```
export ACME_DEPLOY_SSH_USER=username
export DEPLOY_SSH_USER=username
``` ```
Optional... Optional...
``` ```
export ACME_DEPLOY_SSH_CMD=custom ssh command
export ACME_DEPLOY_SSH_SERVER=url or ip address of remote host
export ACME_DEPLOY_SSH_KEYFILE=filename for private key
export ACME_DEPLOY_SSH_CERTFILE=filename for certificate file
export ACME_DEPLOY_SSH_CAFILE=filename for intermediate CA file
export ACME_DEPLOY_SSH_FULLCHAIN=filename for fullchain file
export ACME_DEPLOY_SSH_REMOTE_CMD=command to execute on remote host
export ACME_DEPLOY_SSH_BACKUP=yes or no
export DEPLOY_SSH_CMD=custom ssh command
export DEPLOY_SSH_SERVER=url or ip address of remote host
export DEPLOY_SSH_KEYFILE=filename for private key
export DEPLOY_SSH_CERTFILE=filename for certificate file
export DEPLOY_SSH_CAFILE=filename for intermediate CA file
export DEPLOY_SSH_FULLCHAIN=filename for fullchain file
export DEPLOY_SSH_REMOTE_CMD=command to execute on remote host
export DEPLOY_SSH_BACKUP=yes or no
``` ```
**ACME_DEPLOY_SSH_USER**
**DEPLOY_SSH_USER**
Username at the remote host that SSH will login with. Note that Username at the remote host that SSH will login with. Note that
SSH must be able to login to remote host without a password... SSH Keys SSH must be able to login to remote host without a password... SSH Keys
must have been exchanged with the remote host. Validate and test that you must have been exchanged with the remote host. Validate and test that you
@ -62,41 +62,41 @@ The USER@URL at the remote server must also have has permissions to write to
the target location of the certificate files and to execute any commands the target location of the certificate files and to execute any commands
(e.g. to stop/start services). (e.g. to stop/start services).
**ACME_DEPLOY_SSH_CMD**
**DEPLOY_SSH_CMD**
You can customize the ssh command used to connect to the remote host. For example You can customize the ssh command used to connect to the remote host. For example
if you need to connect to a specific port at the remote server you can set this if you need to connect to a specific port at the remote server you can set this
to, for example, "ssh -p 22" or to use `sshpass` to provide password inline to, for example, "ssh -p 22" or to use `sshpass` to provide password inline
instead of exchanging ssh keys (this is not recommended, using keys is instead of exchanging ssh keys (this is not recommended, using keys is
more secure). more secure).
**ACME_DEPLOY_SSH_SERVER**
**DEPLOY_SSH_SERVER**
URL or IP Address of the remote server. If not provided then the domain URL or IP Address of the remote server. If not provided then the domain
name provided on the acme.sh --deploy command line is used. name provided on the acme.sh --deploy command line is used.
**ACME_DEPLOY_SSH_KEYFILE**
**DEPLOY_SSH_KEYFILE**
Target filename for the private key issued by LetsEncrypt. Target filename for the private key issued by LetsEncrypt.
**ACME_DEPLOY_SSH_CERTFILE**
**DEPLOY_SSH_CERTFILE**
Target filename for the certificate issued by LetsEncrypt. Target filename for the certificate issued by LetsEncrypt.
If this is the same as the previous filename (for keyfile) then it is If this is the same as the previous filename (for keyfile) then it is
appended to the same file. appended to the same file.
**ACME_DEPLOY_SSH_CAFILE**
**DEPLOY_SSH_CAFILE**
Target filename for the CA intermediate certificate issued by LetsEncrypt. Target filename for the CA intermediate certificate issued by LetsEncrypt.
If this is the same as a previous filename (for keyfile or certfile) then If this is the same as a previous filename (for keyfile or certfile) then
it is appended to the same file. it is appended to the same file.
**ACME_DEPLOY_SSH_FULLCHAIN**
**DEPLOY_SSH_FULLCHAIN**
Target filename for the fullchain certificate issued by LetsEncrypt. Target filename for the fullchain certificate issued by LetsEncrypt.
If this is the same as a previous filename (for keyfile, certfile or If this is the same as a previous filename (for keyfile, certfile or
cafile) then it is appended to the same file. cafile) then it is appended to the same file.
**ACME_DEPLOY_SSH_REMOTE_CMD**
**DEPLOY_SSH_REMOTE_CMD**
Command to execute on the remote server after copying any certificates. This Command to execute on the remote server after copying any certificates. This
could be any additional command required for example to stop and restart could be any additional command required for example to stop and restart
the service. the service.
**ACME_DEPLOY_SSH_BACKUP**
**DEPLOY_SSH_BACKUP**
Before writing a certificate file to the remote server the existing Before writing a certificate file to the remote server the existing
certificate will be copied to a backup directory on the remote server. certificate will be copied to a backup directory on the remote server.
These are placed in a hidden directory in the home directory of the SSH These are placed in a hidden directory in the home directory of the SSH
@ -113,11 +113,11 @@ The following example illustrates deploying certifcates to a QNAP NAS
(tested with QTS version 4.2.3) (tested with QTS version 4.2.3)
```sh ```sh
export ACME_DEPLOY_SSH_USER="admin"
export ACME_DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
export DEPLOY_SSH_USER="admin"
export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
acme.sh --deploy -d qnap.example.com --deploy-hook ssh acme.sh --deploy -d qnap.example.com --deploy-hook ssh
``` ```
@ -130,10 +130,10 @@ The next example illustates deploying certificates to a Unifi
Contolller (tested with version 5.4.11). Contolller (tested with version 5.4.11).
```sh ```sh
export ACME_DEPLOY_SSH_USER="root"
export ACME_DEPLOY_SSH_KEYFILE="/var/lib/unifi/unifi.example.com.key"
export ACME_DEPLOY_SSH_FULLCHAIN="/var/lib/unifi/unifi.example.com.cer"
export ACME_DEPLOY_SSH_REMOTE_CMD="openssl pkcs12 -export \
export DEPLOY_SSH_USER="root"
export DEPLOY_SSH_KEYFILE="/var/lib/unifi/unifi.example.com.key"
export DEPLOY_SSH_FULLCHAIN="/var/lib/unifi/unifi.example.com.cer"
export DEPLOY_SSH_REMOTE_CMD="openssl pkcs12 -export \
-inkey /var/lib/unifi/unifi.example.com.key \ -inkey /var/lib/unifi/unifi.example.com.key \
-in /var/lib/unifi/unifi.example.com.cer \ -in /var/lib/unifi/unifi.example.com.cer \
-out /var/lib/unifi/unifi.example.com.p12 \ -out /var/lib/unifi/unifi.example.com.p12 \
@ -158,7 +158,7 @@ required. We could if we desired delete those files immediately. If we
do that then we should disable backup at the remote host (as there are do that then we should disable backup at the remote host (as there are
no files to backup -- they were erased during deployment). For example... no files to backup -- they were erased during deployment). For example...
```sh ```sh
export ACME_DEPLOY_SSH_BACKUP=no
export DEPLOY_SSH_BACKUP=no
# modify the end of the remote command... # modify the end of the remote command...
&& rm /var/lib/unifi/unifi.example.com.key \ && rm /var/lib/unifi/unifi.example.com.key \
/var/lib/unifi/unifi.example.com.cer \ /var/lib/unifi/unifi.example.com.cer \

54
deploy/ssh.sh
View File

@ -12,15 +12,15 @@
# Only a username is required. All others are optional. # Only a username is required. All others are optional.
# #
# The following examples are for QNAP NAS running QTS 4.2 # The following examples are for QNAP NAS running QTS 4.2
# export ACME_DEPLOY_SSH_CMD="" # defaults to ssh
# export ACME_DEPLOY_SSH_USER="admin" # required
# export ACME_DEPLOY_SSH_SERVER="qnap" # defaults to domain name
# export ACME_DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
# export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
# export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
# export ACME_DEPLOY_SSH_FULLCHAIN=""
# export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
# export ACME_DEPLOY_SSH_BACKUP="" # yes or no, default to yes
# export DEPLOY_SSH_CMD="" # defaults to ssh
# export DEPLOY_SSH_USER="admin" # required
# export DEPLOY_SSH_SERVER="qnap" # defaults to domain name
# export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
# export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
# export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
# export DEPLOY_SSH_FULLCHAIN=""
# export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
# export DEPLOY_SSH_BACKUP="" # yes or no, default to yes
# #
######## Public functions ##################### ######## Public functions #####################
@ -48,34 +48,34 @@ ssh_deploy() {
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
# USER is required to login by SSH to remote host. # USER is required to login by SSH to remote host.
if [ -z "$ACME_DEPLOY_SSH_USER" ]; then
if [ -z "$DEPLOY_SSH_USER" ]; then
if [ -z "$Le_Deploy_ssh_user" ]; then if [ -z "$Le_Deploy_ssh_user" ]; then
_err "ACME_DEPLOY_SSH_USER not defined."
_err "DEPLOY_SSH_USER not defined."
return 1 return 1
fi fi
else else
Le_Deploy_ssh_user="$ACME_DEPLOY_SSH_USER"
Le_Deploy_ssh_user="$DEPLOY_SSH_USER"
_savedomainconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user" _savedomainconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user"
fi fi
# SERVER is optional. If not provided then use _cdomain # SERVER is optional. If not provided then use _cdomain
if [ -n "$ACME_DEPLOY_SSH_SERVER" ]; then
Le_Deploy_ssh_server="$ACME_DEPLOY_SSH_SERVER"
if [ -n "$DEPLOY_SSH_SERVER" ]; then
Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER"
_savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server" _savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server"
elif [ -z "$Le_Deploy_ssh_server" ]; then elif [ -z "$Le_Deploy_ssh_server" ]; then
Le_Deploy_ssh_server="$_cdomain" Le_Deploy_ssh_server="$_cdomain"
fi fi
# CMD is optional. If not provided then use ssh # CMD is optional. If not provided then use ssh
if [ -n "$ACME_DEPLOY_SSH_CMD" ]; then
Le_Deploy_ssh_cmd="$ACME_DEPLOY_SSH_CMD"
if [ -n "$DEPLOY_SSH_CMD" ]; then
Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD"
_savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd" _savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd"
elif [ -z "$Le_Deploy_ssh_cmd" ]; then elif [ -z "$Le_Deploy_ssh_cmd" ]; then
Le_Deploy_ssh_cmd="ssh" Le_Deploy_ssh_cmd="ssh"
fi fi
# BACKUP is optional. If not provided then default to yes # BACKUP is optional. If not provided then default to yes
if [ "$ACME_DEPLOY_SSH_BACKUP" = "no" ]; then
if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then
Le_Deploy_ssh_backup="no" Le_Deploy_ssh_backup="no"
elif [ -z "$Le_Deploy_ssh_backup" ]; then elif [ -z "$Le_Deploy_ssh_backup" ]; then
Le_Deploy_ssh_backup="yes" Le_Deploy_ssh_backup="yes"
@ -86,8 +86,8 @@ ssh_deploy() {
# KEYFILE is optional. # KEYFILE is optional.
# If provided then private key will be copied to provided filename. # If provided then private key will be copied to provided filename.
if [ -n "$ACME_DEPLOY_SSH_KEYFILE" ]; then
Le_Deploy_ssh_keyfile="$ACME_DEPLOY_SSH_KEYFILE"
if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE"
_savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile" _savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
fi fi
if [ -n "$Le_Deploy_ssh_keyfile" ]; then if [ -n "$Le_Deploy_ssh_keyfile" ]; then
@ -102,8 +102,8 @@ ssh_deploy() {
# CERTFILE is optional. # CERTFILE is optional.
# If provided then private key will be copied or appended to provided filename. # If provided then private key will be copied or appended to provided filename.
if [ -n "$ACME_DEPLOY_SSH_CERTFILE" ]; then
Le_Deploy_ssh_certfile="$ACME_DEPLOY_SSH_CERTFILE"
if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE"
_savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile" _savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
fi fi
if [ -n "$Le_Deploy_ssh_certfile" ]; then if [ -n "$Le_Deploy_ssh_certfile" ]; then
@ -122,8 +122,8 @@ ssh_deploy() {
# CAFILE is optional. # CAFILE is optional.
# If provided then CA intermediate certificate will be copied or appended to provided filename. # If provided then CA intermediate certificate will be copied or appended to provided filename.
if [ -n "$ACME_DEPLOY_SSH_CAFILE" ]; then
Le_Deploy_ssh_cafile="$ACME_DEPLOY_SSH_CAFILE"
if [ -n "$DEPLOY_SSH_CAFILE" ]; then
Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE"
_savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile" _savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
fi fi
if [ -n "$Le_Deploy_ssh_cafile" ]; then if [ -n "$Le_Deploy_ssh_cafile" ]; then
@ -143,8 +143,8 @@ ssh_deploy() {
# FULLCHAIN is optional. # FULLCHAIN is optional.
# If provided then fullchain certificate will be copied or appended to provided filename. # If provided then fullchain certificate will be copied or appended to provided filename.
if [ -n "$ACME_DEPLOY_SSH_FULLCHAIN" ]; then
Le_Deploy_ssh_fullchain="$ACME_DEPLOY_SSH_FULLCHAIN"
if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN"
_savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain" _savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
fi fi
if [ -n "$Le_Deploy_ssh_fullchain" ]; then if [ -n "$Le_Deploy_ssh_fullchain" ]; then
@ -165,8 +165,8 @@ ssh_deploy() {
# REMOTE_CMD is optional. # REMOTE_CMD is optional.
# If provided then this command will be executed on remote host. # If provided then this command will be executed on remote host.
if [ -n "$ACME_DEPLOY_SSH_REMOTE_CMD" ]; then
Le_Deploy_ssh_remote_cmd="$ACME_DEPLOY_SSH_REMOTE_CMD"
if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD"
_savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd" _savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd"
fi fi
if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then

Write Preview
Loading…
Cancel
Save