@ -1,6 +1,6 @@
#!/usr/bin/env sh
#!/usr/bin/env sh
VER = 2.7.3
VER = 2.7.4
PROJECT_NAME = "acme.sh"
PROJECT_NAME = "acme.sh"
@ -164,11 +164,11 @@ _dlg_versions() {
echo "nginx doesn't exists."
echo "nginx doesn't exists."
fi
fi
echo "nc :"
if _exists "nc " ; then
nc -h 2>& 1
echo "socat :"
if _exists "socat " ; then
socat -h 2>& 1
else
else
_debug "nc doesn't exists."
_debug "socat doesn't exists."
fi
fi
}
}
@ -1814,7 +1814,13 @@ _send_signed_request() {
_CACHED_NONCE = " $( echo " $responseHeaders " | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2) "
_CACHED_NONCE = " $( echo " $responseHeaders " | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2) "
if _contains " $response " "JWS has invalid anti-replay nonce" ; then
_body = " $response "
if [ " $needbase64 " ] ; then
_body = " $( echo " $_body " | _dbase64) "
_debug2 _body " $_body "
fi
if _contains " $_body " "JWS has invalid anti-replay nonce" ; then
_info "It seems the CA server is busy now, let's wait and retry."
_info "It seems the CA server is busy now, let's wait and retry."
_request_retry_times = $( _math " $_request_retry_times " + 1)
_request_retry_times = $( _math " $_request_retry_times " + 1)
_sleep 5
_sleep 5
@ -1967,68 +1973,22 @@ _startserver() {
_debug "ncaddr" " $ncaddr "
_debug "ncaddr" " $ncaddr "
_debug " startserver: $$ "
_debug " startserver: $$ "
nchelp = " $( nc -h 2>& 1) "
_debug Le_HTTPPort " $Le_HTTPPort "
_debug Le_HTTPPort " $Le_HTTPPort "
_debug Le_Listen_V4 " $Le_Listen_V4 "
_debug Le_Listen_V4 " $Le_Listen_V4 "
_debug Le_Listen_V6 " $Le_Listen_V6 "
_debug Le_Listen_V6 " $Le_Listen_V6 "
_NC = "nc"
_NC = "socat"
if [ " $Le_Listen_V4 " ] ; then
if [ " $Le_Listen_V4 " ] ; then
_NC = " $_NC -4 "
_NC = " $_NC -4 "
elif [ " $Le_Listen_V6 " ] ; then
elif [ " $Le_Listen_V6 " ] ; then
_NC = " $_NC -6 "
_NC = " $_NC -6 "
fi
fi
if [ " $Le_Listen_V4 $Le_Listen_V6 $ncaddr " ] ; then
if ! _contains " $nchelp " "-4" ; then
_err "The nc doesn't support '-4', '-6' or local-address, please install 'netcat-openbsd' and try again."
_err " See $( __green $_PREPARE_LINK ) "
return 1
fi
fi
if echo " $nchelp " | grep "\-q[ ,]" >/dev/null; then
_NC = " $_NC -q 1 -l $ncaddr "
else
if echo " $nchelp " | grep "GNU netcat" >/dev/null && echo " $nchelp " | grep "\-c, \-\-close" >/dev/null; then
_NC = " $_NC -c -l $ncaddr "
elif echo " $nchelp " | grep "\-N" | grep "Shutdown the network socket after EOF on stdin" >/dev/null; then
_NC = " $_NC -N -l $ncaddr "
else
_NC = " $_NC -l $ncaddr "
fi
fi
_debug "_NC" " $_NC "
_debug "_NC" " $_NC "
#for centos ncat
if _contains " $nchelp " "nmap.org" ; then
_debug "Using ncat: nmap.org"
if ! _exec " printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \" $content \" | $_NC \" $Le_HTTPPort \" >&2 " ; then
_exec_err
return 1
fi
if [ " $DEBUG " ] ; then
_exec_err
fi
return
fi
# while true ; do
if ! _exec " printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \" $content \" | $_NC -p \" $Le_HTTPPort \" >&2 " ; then
_exec " printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \" $content \" | $_NC \" $Le_HTTPPort \" >&2 "
fi
if [ " $? " != "0" ] ; then
_err "nc listen error."
_exec_err
exit 1
fi
if [ " $DEBUG " ] ; then
_exec_err
fi
# done
#todo listen address
$_NC TCP-LISTEN:$Le_HTTPPort ,crlf,reuseaddr,fork SYSTEM:" sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content ; echo; " &
serverproc = " $! "
}
}
_stopserver( ) {
_stopserver( ) {
@ -2038,25 +1998,8 @@ _stopserver() {
return
return
fi
fi
_debug2 "Le_HTTPPort" " $Le_HTTPPort "
if [ " $Le_HTTPPort " ] ; then
if [ " $DEBUG " ] && [ " $DEBUG " -gt "3" ] ; then
_get " http://localhost: $Le_HTTPPort " "" 1
else
_get " http://localhost: $Le_HTTPPort " "" 1 >/dev/null 2>& 1
fi
fi
kill $pid
_debug2 "Le_TLSPort" " $Le_TLSPort "
if [ " $Le_TLSPort " ] ; then
if [ " $DEBUG " ] && [ " $DEBUG " -gt "3" ] ; then
_get " https://localhost: $Le_TLSPort " "" 1
_get " https://localhost: $Le_TLSPort " "" 1
else
_get " https://localhost: $Le_TLSPort " "" 1 >/dev/null 2>& 1
_get " https://localhost: $Le_TLSPort " "" 1 >/dev/null 2>& 1
fi
fi
}
}
# sleep sec
# sleep sec
@ -2111,12 +2054,7 @@ _starttlsserver() {
return 1
return 1
fi
fi
__S_OPENSSL = " ${ ACME_OPENSSL_BIN :- openssl } s_server -cert $TLS_CERT -key $TLS_KEY "
if [ " $opaddr " ] ; then
__S_OPENSSL = " $__S_OPENSSL -accept $opaddr : $port "
else
__S_OPENSSL = " $__S_OPENSSL -accept $port "
fi
__S_OPENSSL = "socat"
_debug Le_Listen_V4 " $Le_Listen_V4 "
_debug Le_Listen_V4 " $Le_Listen_V4 "
_debug Le_Listen_V6 " $Le_Listen_V6 "
_debug Le_Listen_V6 " $Le_Listen_V6 "
@ -2127,12 +2065,9 @@ _starttlsserver() {
fi
fi
_debug " $__S_OPENSSL "
_debug " $__S_OPENSSL "
if [ " $DEBUG " ] && [ " $DEBUG " -ge "2" ] ; then
( printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" " $content " | $__S_OPENSSL -tlsextdebug) &
else
( printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" " $content " | $__S_OPENSSL >/dev/null 2>& 1) &
fi
#todo listen address
$__S_OPENSSL openssl-listen:$port ,cert= $TLS_CERT ,key= $TLS_KEY ,verify= 0,reuseaddr,fork SYSTEM:" sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content ; echo; " &
serverproc = " $! "
serverproc = " $! "
sleep 1
sleep 1
_debug serverproc " $serverproc "
_debug serverproc " $serverproc "
@ -2943,8 +2878,8 @@ _on_before_issue() {
fi
fi
if _hasfield " $_chk_web_roots " " $NO_VALUE " ; then
if _hasfield " $_chk_web_roots " " $NO_VALUE " ; then
if ! _exists "nc " ; then
_err "Please install netcat(nc) tools first."
if ! _exists "socat " ; then
_err "Please install socat tools first."
return 1
return 1
fi
fi
fi
fi
@ -3665,13 +3600,12 @@ issue() {
_info "Standalone mode server"
_info "Standalone mode server"
_ncaddr = " $( _getfield " $_local_addr " " $_ncIndex " ) "
_ncaddr = " $( _getfield " $_local_addr " " $_ncIndex " ) "
_ncIndex = " $( _math $_ncIndex + 1) "
_ncIndex = " $( _math $_ncIndex + 1) "
_startserver " $keyauthorization " " $_ncaddr " &
_startserver " $keyauthorization " " $_ncaddr "
if [ " $? " != "0" ] ; then
if [ " $? " != "0" ] ; then
_clearup
_clearup
_on_issue_err " $_post_hook " " $vlist "
_on_issue_err " $_post_hook " " $vlist "
return 1
return 1
fi
fi
serverproc = " $! "
sleep 1
sleep 1
_debug serverproc " $serverproc "
_debug serverproc " $serverproc "
elif [ " $_currentRoot " = " $MODE_STATELESS " ] ; then
elif [ " $_currentRoot " = " $MODE_STATELESS " ] ; then
@ -4006,7 +3940,10 @@ issue() {
Le_NextRenewTime = $( _math " $Le_NextRenewTime " - 86400)
Le_NextRenewTime = $( _math " $Le_NextRenewTime " - 86400)
_savedomainconf "Le_NextRenewTime" " $Le_NextRenewTime "
_savedomainconf "Le_NextRenewTime" " $Le_NextRenewTime "
_on_issue_success " $_post_hook " " $_renew_hook "
if ! _on_issue_success " $_post_hook " " $_renew_hook " ; then
_err "Call hook error."
return 1
fi
if [ " $_real_cert $_real_key $_real_ca $_reload_cmd $_real_fullchain " ] ; then
if [ " $_real_cert $_real_key $_real_ca $_reload_cmd $_real_fullchain " ] ; then
_savedomainconf "Le_RealCertPath" " $_real_cert "
_savedomainconf "Le_RealCertPath" " $_real_cert "
@ -4788,9 +4725,9 @@ _precheck() {
return 1
return 1
fi
fi
if ! _exists "nc " ; then
_err "It is recommended to install nc first, try to install 'nc' or 'netcat' ."
_err "We use nc for standalone server if you use standalone mode."
if ! _exists "socat " ; then
_err "It is recommended to install socat first ."
_err "We use socat for standalone server if you use standalone mode."
_err "If you don't use standalone mode, just ignore this warning."
_err "If you don't use standalone mode, just ignore this warning."
fi
fi
@ -4890,10 +4827,12 @@ install() {
_debug "Skip install cron job"
_debug "Skip install cron job"
fi
fi
if [ " $IN_CRON " != "1" ] ; then
if ! _precheck " $_nocron " ; then
if ! _precheck " $_nocron " ; then
_err "Pre-check failed, can not install."
_err "Pre-check failed, can not install."
return 1
return 1
fi
fi
fi
if [ -z " $_c_home " ] && [ " $LE_CONFIG_HOME " != " $LE_WORKING_DIR " ] ; then
if [ -z " $_c_home " ] && [ " $LE_CONFIG_HOME " != " $LE_WORKING_DIR " ] ; then
_info " Using config home: $LE_CONFIG_HOME "
_info " Using config home: $LE_CONFIG_HOME "
@ -4945,7 +4884,9 @@ install() {
_info " Installed to $LE_WORKING_DIR / $PROJECT_ENTRY "
_info " Installed to $LE_WORKING_DIR / $PROJECT_ENTRY "
if [ " $IN_CRON " != "1" ] ; then
_installalias " $_c_home "
_installalias " $_c_home "
fi
for subf in $_SUB_FOLDERS ; do
for subf in $_SUB_FOLDERS ; do
if [ -d " $subf " ] ; then
if [ -d " $subf " ] ; then
@ -5035,7 +4976,7 @@ _uninstallalias() {
}
}
cron( ) {
cron( ) {
IN_CRON = 1
export IN_CRON = 1
_initpath
_initpath
_info " $( __green "===Starting cron===" ) "
_info " $( __green "===Starting cron===" ) "
if [ " $AUTO_UPGRADE " = "1" ] ; then
if [ " $AUTO_UPGRADE " = "1" ] ; then