From 4a743f81a830a04aa9f6452ddbf95ecf869b0e27 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 27 Dec 2015 17:57:41 +0800 Subject: [PATCH 1/5] base64 the binary response --- le.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/le.sh b/le.sh index 8580144..417da11 100755 --- a/le.sh +++ b/le.sh @@ -130,7 +130,8 @@ _b64() { _send_signed_request() { url=$1 payload=$2 - + needbase64=$3 + _debug url $url _debug payload "$payload" @@ -160,7 +161,11 @@ _send_signed_request() { body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug body "$body" - response="$($CURL -X POST --data "$body" $url)" + if [ "$needbase64" ] ; then + response="$($CURL -X POST --data "$body" $url | base64)" + else + response="$($CURL -X POST --data "$body" $url)" + fi responseHeaders="$(cat $CURL_HEADER)" @@ -383,7 +388,7 @@ issue() { _info "Verify finished, start to sign." der="$(openssl req -in $CSR_PATH -outform DER | base64 | _b64)" - _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" + _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)" @@ -405,6 +410,7 @@ issue() { _setopt $DOMAIN_CONF "Le_Keylength" "=" "$Le_Keylength" if [ -z "$Le_LinkCert" ] ; then + response="$(echo $response | base64 -d)" _info "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')" return 1 fi From a2c5949dfdccc7344610cb05289973c635afe026 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 27 Dec 2015 18:12:34 +0800 Subject: [PATCH 2/5] add "FORCE" macro to force renew cert --- le.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/le.sh b/le.sh index 417da11..03c62a9 100755 --- a/le.sh +++ b/le.sh @@ -252,7 +252,7 @@ issue() { DOMAIN_CONF=$WORKING_DIR/$Le_Domain/$Le_Domain.conf if [ -f "$DOMAIN_CONF" ] ; then source "$DOMAIN_CONF" - if [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then + if [ -z "$FORCE" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then _info "Skip, Next renwal time is: $Le_NextRenewTimeStr" return 2 fi From c767f3d9a46bedbfd8caa40c37cc682072347b9b Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 27 Dec 2015 18:27:55 +0800 Subject: [PATCH 3/5] error debug info --- le.sh | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/le.sh b/le.sh index 03c62a9..5fb88ff 100755 --- a/le.sh +++ b/le.sh @@ -34,6 +34,14 @@ _info() { fi } +_err() { + if [ -z "$2" ] ; then + echo "$1" >&2 + else + echo "$1:$2" >&2 + fi +} + #domain [2048] createAccountKey() { if [ -z "$1" ] ; then @@ -304,7 +312,7 @@ issue() { elif [ "$code" == '409' ] ; then _info "Already registered" else - _info "Register account Error." + _err "Register account Error." return 1 fi @@ -319,7 +327,7 @@ issue() { _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}" if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then - _info "new-authz error: $d" + _err "new-authz error: $response" return 1 fi @@ -349,7 +357,7 @@ issue() { _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then - _info "challenge error: $d" + _err "challenge error: $d" return 1 fi @@ -359,7 +367,7 @@ issue() { _debug "checking" if ! _get $uri ; then - _info "Verify error:$d" + _err "Verify error:$resource" return 1 fi @@ -371,15 +379,14 @@ issue() { if [ "$status" == "invalid" ] ; then error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) - _info "Verify error:$d" - _debug $error + _err "Verify error:$error" return 1; fi if [ "$status" == "pending" ] ; then _info "Verify pending:$d" else - _info "Verify error:$d" + _err "Verify error:$response" return 1 fi From e4a552da2504fa2700cd10fd0bd14ab2860ce694 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 27 Dec 2015 19:27:43 +0800 Subject: [PATCH 4/5] fix the error message --- le.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/le.sh b/le.sh index 5fb88ff..9d5234f 100755 --- a/le.sh +++ b/le.sh @@ -175,7 +175,7 @@ _send_signed_request() { response="$($CURL -X POST --data "$body" $url)" fi - responseHeaders="$(cat $CURL_HEADER)" + responseHeaders="$(cat $CURL_HEADER | sed 's/\r//g')" _debug responseHeaders "$responseHeaders" _debug response "$response" @@ -417,7 +417,7 @@ issue() { _setopt $DOMAIN_CONF "Le_Keylength" "=" "$Le_Keylength" if [ -z "$Le_LinkCert" ] ; then - response="$(echo $response | base64 -d)" + response="$(echo $response | sed 's/ //g'| base64 -d)" _info "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')" return 1 fi @@ -426,7 +426,6 @@ issue() { _setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer" if [ "$Le_LinkIssuer" ] ; then - _get "$Le_LinkIssuer" echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH curl --silent $Le_LinkIssuer | base64 >> $CA_CERT_PATH echo -----END CERTIFICATE----- >> $CA_CERT_PATH From 10af90d67be0ecf12e5d3f05866044bc6252935b Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 27 Dec 2015 19:34:51 +0800 Subject: [PATCH 5/5] minor --- le.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/le.sh b/le.sh index 9d5234f..177cf59 100755 --- a/le.sh +++ b/le.sh @@ -175,7 +175,7 @@ _send_signed_request() { response="$($CURL -X POST --data "$body" $url)" fi - responseHeaders="$(cat $CURL_HEADER | sed 's/\r//g')" + responseHeaders="$(sed 's/\r//g' $CURL_HEADER)" _debug responseHeaders "$responseHeaders" _debug response "$response"