@ -1617,6 +1617,7 @@ _post() {
_debug $httpmethod
_debug $httpmethod
_debug "_post_url" " $_post_url "
_debug "_post_url" " $_post_url "
_debug2 "body" " $body "
_debug2 "body" " $body "
_debug2 "_postContentType" " $_postContentType "
_inithttp
_inithttp
@ -1625,15 +1626,20 @@ _post() {
if [ " $HTTPS_INSECURE " ] ; then
if [ " $HTTPS_INSECURE " ] ; then
_CURL = " $_CURL --insecure "
_CURL = " $_CURL --insecure "
fi
fi
if [ " $_postContentType " ] ; then
_CURL = " $_CURL -H \"Content-Type: $_postContentType \" "
fi
_debug "_CURL" " $_CURL "
_debug "_CURL" " $_CURL "
if [ " $needbase64 " ] ; then
if [ " $needbase64 " ] ; then
if [ " $_postContentType " ] ; then
response = " $( $_CURL --user-agent " $USER_AGENT " -X $httpmethod -H " Content-Type: $_postContentType " -H " $_H1 " -H " $_H2 " -H " $_H3 " -H " $_H4 " -H " $_H5 " --data " $body " " $_post_url " | _base64) "
else
response = " $( $_CURL --user-agent " $USER_AGENT " -X $httpmethod -H " $_H1 " -H " $_H2 " -H " $_H3 " -H " $_H4 " -H " $_H5 " --data " $body " " $_post_url " | _base64) "
response = " $( $_CURL --user-agent " $USER_AGENT " -X $httpmethod -H " $_H1 " -H " $_H2 " -H " $_H3 " -H " $_H4 " -H " $_H5 " --data " $body " " $_post_url " | _base64) "
fi
else
if [ " $_postContentType " ] ; then
response = " $( $_CURL --user-agent " $USER_AGENT " -X $httpmethod -H " Content-Type: $_postContentType " -H " $_H1 " -H " $_H2 " -H " $_H3 " -H " $_H4 " -H " $_H5 " --data " $body " " $_post_url " ) "
else
else
response = " $( $_CURL --user-agent " $USER_AGENT " -X $httpmethod -H " $_H1 " -H " $_H2 " -H " $_H3 " -H " $_H4 " -H " $_H5 " --data " $body " " $_post_url " ) "
response = " $( $_CURL --user-agent " $USER_AGENT " -X $httpmethod -H " $_H1 " -H " $_H2 " -H " $_H3 " -H " $_H4 " -H " $_H5 " --data " $body " " $_post_url " ) "
fi
fi
fi
_ret = " $? "
_ret = " $? "
if [ " $_ret " != "0" ] ; then
if [ " $_ret " != "0" ] ; then
_err " Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret "
_err " Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret "
@ -1785,6 +1791,11 @@ _send_signed_request() {
return 1
return 1
fi
fi
if [ " $ACME_VERSION " = "2" ] ; then
__request_conent_type = " $CONTENT_TYPE_JSON "
else
__request_conent_type = ""
fi
payload64 = $( printf "%s" " $payload " | _base64 | _url_replace)
payload64 = $( printf "%s" " $payload " | _base64 | _url_replace)
_debug3 payload64 " $payload64 "
_debug3 payload64 " $payload64 "
@ -1797,7 +1808,7 @@ _send_signed_request() {
if [ " $ACME_NEW_NONCE " ] ; then
if [ " $ACME_NEW_NONCE " ] ; then
_debug2 "Get nonce. ACME_NEW_NONCE" " $ACME_NEW_NONCE "
_debug2 "Get nonce. ACME_NEW_NONCE" " $ACME_NEW_NONCE "
nonceurl = " $ACME_NEW_NONCE "
nonceurl = " $ACME_NEW_NONCE "
if _post "" " $nonceurl " "" "HEAD" " $CONTENT_TYPE_JSON " ; then
if _post "" " $nonceurl " "" "HEAD" " $__request_conent_type " ; then
_headers = " $( cat " $HTTP_HEADER " ) "
_headers = " $( cat " $HTTP_HEADER " ) "
fi
fi
fi
fi
@ -1852,7 +1863,7 @@ _send_signed_request() {
fi
fi
_debug3 body " $body "
_debug3 body " $body "
response = " $( _post " $body " " $url " " $needbase64 " "POST" " $CONTENT_TYPE_JSON " ) "
response = " $( _post " $body " " $url " " $needbase64 " "POST" " $__request_conent_type " ) "
_CACHED_NONCE = ""
_CACHED_NONCE = ""
if [ " $? " != "0" ] ; then
if [ " $? " != "0" ] ; then
@ -3247,10 +3258,16 @@ _regAccount() {
return 1
return 1
fi
fi
_debug2 responseHeaders " $responseHeaders "
_accUri = " $( echo " $responseHeaders " | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n" ) "
_accUri = " $( echo " $responseHeaders " | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n" ) "
_debug "_accUri" " $_accUri "
_debug "_accUri" " $_accUri "
if [ -z " $_accUri " ] ; then
_err "Can not find account id url."
_err " $responseHeaders "
return 1
fi
_savecaconf "ACCOUNT_URL" " $_accUri "
_savecaconf "ACCOUNT_URL" " $_accUri "
export ACCOUNT_URL = " $ACCOUNT_URL "
export ACCOUNT_URL = " $_accUri "
CA_KEY_HASH = " $( __calcAccountKeyHash) "
CA_KEY_HASH = " $( __calcAccountKeyHash) "
_debug "Calc CA_KEY_HASH" " $CA_KEY_HASH "
_debug "Calc CA_KEY_HASH" " $CA_KEY_HASH "
@ -3521,7 +3538,7 @@ issue() {
_saved_account_key_hash = " $( _readcaconf "CA_KEY_HASH" ) "
_saved_account_key_hash = " $( _readcaconf "CA_KEY_HASH" ) "
_debug2 _saved_account_key_hash " $_saved_account_key_hash "
_debug2 _saved_account_key_hash " $_saved_account_key_hash "
if [ -z " $_saved_account_key_hash " ] || [ " $_saved_account_key_hash " != " $( __calcAccountKeyHash) " ] ; then
if [ -z " $ACCOUNT_URL " ] || [ -z " $ _saved_account_key_hash " ] || [ " $_saved_account_key_hash " != " $( __calcAccountKeyHash) " ] ; then
if ! _regAccount " $_accountkeylength " ; then
if ! _regAccount " $_accountkeylength " ; then
_on_issue_err " $_post_hook "
_on_issue_err " $_post_hook "
return 1
return 1
@ -3819,7 +3836,7 @@ $_authorizations_map"
if [ " $dnsadded " = '0' ] ; then
if [ " $dnsadded " = '0' ] ; then
_savedomainconf "Le_Vlist" " $vlist "
_savedomainconf "Le_Vlist" " $vlist "
_debug " Dns record not added yet, so, save to $DOMAIN_CONF and exit. "
_debug " Dns record not added yet, so, save to $DOMAIN_CONF and exit. "
_err "Please add the TXT records to the domains, and retry again ."
_err "Please add the TXT records to the domains, and re-run with --renew ."
_clearup
_clearup
_on_issue_err " $_post_hook "
_on_issue_err " $_post_hook "
return 1
return 1
@ -4105,12 +4122,12 @@ $_authorizations_map"
fi
fi
else
else
if ! _send_signed_request " ${ ACME_NEW_ORDER } " " {\"resource\": \" $ACME_NEW_ORDER_RES \", \"csr\": \" $der \"} " "needbase64" ; then
if ! _send_signed_request " ${ ACME_NEW_ORDER } " " {\"resource\": \" $ACME_NEW_ORDER_RES \", \"csr\": \" $der \"} " "needbase64" ; then
_err "Sign failed."
_err " Sign failed. $response "
_on_issue_err " $_post_hook "
_on_issue_err " $_post_hook "
return 1
return 1
fi
fi
_rcert = " $response "
_rcert = " $response "
Le_LinkCert = " $( grep -i '^Location.*$' " $HTTP_HEADER " | _head _n 1 | tr -d "\r\n" | cut -d " " -f 2) "
Le_LinkCert = " $( grep -i '^Location.*$' " $HTTP_HEADER " | _tail _n 1 | tr -d "\r\n" | cut -d " " -f 2) "
echo " $BEGIN_CERT " >" $CERT_PATH "
echo " $BEGIN_CERT " >" $CERT_PATH "
#if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then
#if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then
@ -5456,8 +5473,8 @@ Parameters:
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations.
--config-home Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too.
--useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email f or registering, O nly valid for the '--install' command.
--accountkey Specifies the account key path, O nly valid for the '--install' command.
--accountemail Specifies the account email, only valid for the '--install' and '--update-account ' command.
--accountkey Specifies the account key path, o nly valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.