|
@ -84,7 +84,6 @@ __red() { |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_printargs() { |
|
|
_printargs() { |
|
|
if [ -z "$2" ]; then |
|
|
if [ -z "$2" ]; then |
|
|
printf -- "[$(date)] $1" |
|
|
printf -- "[$(date)] $1" |
|
@ -118,7 +117,6 @@ _dlg_versions() { |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_log() { |
|
|
_log() { |
|
|
[ -z "$LOG_FILE" ] && return |
|
|
[ -z "$LOG_FILE" ] && return |
|
|
_printargs "$@" >>$LOG_FILE |
|
|
_printargs "$@" >>$LOG_FILE |
|
@ -129,7 +127,6 @@ _info() { |
|
|
_printargs "$@" |
|
|
_printargs "$@" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_err() { |
|
|
_err() { |
|
|
_log "$@" |
|
|
_log "$@" |
|
|
printf -- "[$(date)] " >&2 |
|
|
printf -- "[$(date)] " >&2 |
|
@ -147,7 +144,6 @@ _usage() { |
|
|
printf "\n" >&2 |
|
|
printf "\n" >&2 |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_debug() { |
|
|
_debug() { |
|
|
if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then |
|
|
if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then |
|
|
_log "$@" |
|
|
_log "$@" |
|
@ -232,8 +228,7 @@ _getfield(){ |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
_ffi=$_findex |
|
|
_ffi=$_findex |
|
|
while [ "$_ffi" -gt "0" ] |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
while [ "$_ffi" -gt "0" ]; do |
|
|
_fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" |
|
|
_fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" |
|
|
if [ "$_fv" ]; then |
|
|
if [ "$_fv" ]; then |
|
|
printf -- "%s" "$_fv" |
|
|
printf -- "%s" "$_fv" |
|
@ -295,7 +290,6 @@ _h_char_2_dec() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_URGLY_PRINTF="" |
|
|
_URGLY_PRINTF="" |
|
|
if [ "$(printf '\x41')" != 'A' ]; then |
|
|
if [ "$(printf '\x41')" != 'A' ]; then |
|
|
_URGLY_PRINTF=1 |
|
|
_URGLY_PRINTF=1 |
|
@ -314,14 +308,14 @@ _h2b() { |
|
|
if [ -z "$_URGLY_PRINTF" ]; then |
|
|
if [ -z "$_URGLY_PRINTF" ]; then |
|
|
h="$(printf $hex | cut -c $i-$j)" |
|
|
h="$(printf $hex | cut -c $i-$j)" |
|
|
if [ -z "$h" ]; then |
|
|
if [ -z "$h" ]; then |
|
|
break; |
|
|
|
|
|
|
|
|
break |
|
|
fi |
|
|
fi |
|
|
printf "\x$h" |
|
|
printf "\x$h" |
|
|
else |
|
|
else |
|
|
ic="$(printf $hex | cut -c $i)" |
|
|
ic="$(printf $hex | cut -c $i)" |
|
|
jc="$(printf $hex | cut -c $j)" |
|
|
jc="$(printf $hex | cut -c $j)" |
|
|
if [ -z "$ic$jc" ]; then |
|
|
if [ -z "$ic$jc" ]; then |
|
|
break; |
|
|
|
|
|
|
|
|
break |
|
|
fi |
|
|
fi |
|
|
ic="$(_h_char_2_dec "$ic")" |
|
|
ic="$(_h_char_2_dec "$ic")" |
|
|
jc="$(_h_char_2_dec "$jc")" |
|
|
jc="$(_h_char_2_dec "$jc")" |
|
@ -556,7 +550,6 @@ _createkey() { |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#domain |
|
|
#domain |
|
|
_is_idn() { |
|
|
_is_idn() { |
|
|
_is_idn_d="$1" |
|
|
_is_idn_d="$1" |
|
@ -703,7 +696,6 @@ _readKeyLengthFromCSR() { |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_ss() { |
|
|
_ss() { |
|
|
_port="$1" |
|
|
_port="$1" |
|
|
|
|
|
|
|
@ -894,7 +886,7 @@ _stat() { |
|
|
return |
|
|
return |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
return 1; #error, 'stat' not found |
|
|
|
|
|
|
|
|
return 1 #error, 'stat' not found |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
#keyfile |
|
|
#keyfile |
|
@ -910,7 +902,6 @@ _calcjwk() { |
|
|
return 0 |
|
|
return 0 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EC_SIGN="" |
|
|
EC_SIGN="" |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then |
|
|
_debug "RSA key" |
|
|
_debug "RSA key" |
|
@ -1074,7 +1065,6 @@ _inithttp() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# body url [needbase64] [POST|PUT] |
|
|
# body url [needbase64] [POST|PUT] |
|
|
_post() { |
|
|
_post() { |
|
|
body="$1" |
|
|
body="$1" |
|
@ -1140,7 +1130,6 @@ _post() { |
|
|
return $_ret |
|
|
return $_ret |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# url getheader timeout |
|
|
# url getheader timeout |
|
|
_get() { |
|
|
_get() { |
|
|
_debug GET |
|
|
_debug GET |
|
@ -1266,7 +1255,6 @@ _send_signed_request() { |
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
|
body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" |
|
|
_debug3 body "$body" |
|
|
_debug3 body "$body" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
response="$(_post "$body" $url "$needbase64")" |
|
|
response="$(_post "$body" $url "$needbase64")" |
|
|
_CACHED_NONCE="" |
|
|
_CACHED_NONCE="" |
|
|
if [ "$?" != "0" ]; then |
|
|
if [ "$?" != "0" ]; then |
|
@ -1288,7 +1276,6 @@ _send_signed_request() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#setopt "file" "opt" "=" "value" [";"] |
|
|
#setopt "file" "opt" "=" "value" [";"] |
|
|
_setopt() { |
|
|
_setopt() { |
|
|
__conf="$1" |
|
|
__conf="$1" |
|
@ -1326,7 +1313,6 @@ _setopt() { |
|
|
_debug2 "$(grep -n "^$__opt$__sep" $__conf)" |
|
|
_debug2 "$(grep -n "^$__opt$__sep" $__conf)" |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#_save_conf file key value |
|
|
#_save_conf file key value |
|
|
#save to conf |
|
|
#save to conf |
|
|
_save_conf() { |
|
|
_save_conf() { |
|
@ -1365,7 +1351,6 @@ _read_conf() { |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#_savedomainconf key value |
|
|
#_savedomainconf key value |
|
|
#save to domain.conf |
|
|
#save to domain.conf |
|
|
_savedomainconf() { |
|
|
_savedomainconf() { |
|
@ -1439,7 +1424,6 @@ _startserver() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_debug "_NC" "$_NC" |
|
|
_debug "_NC" "$_NC" |
|
|
|
|
|
|
|
|
#for centos ncat |
|
|
#for centos ncat |
|
@ -1460,7 +1444,7 @@ _startserver() { |
|
|
# while true ; do |
|
|
# while true ; do |
|
|
if [ "$DEBUG" ]; then |
|
|
if [ "$DEBUG" ]; then |
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort; then |
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort; then |
|
|
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; |
|
|
|
|
|
|
|
|
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort |
|
|
fi |
|
|
fi |
|
|
else |
|
|
else |
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then |
|
|
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then |
|
@ -1507,8 +1491,7 @@ _sleep() { |
|
|
_sleep_sec="$1" |
|
|
_sleep_sec="$1" |
|
|
if [ "$__INTERACTIVE" ]; then |
|
|
if [ "$__INTERACTIVE" ]; then |
|
|
_sleep_c="$_sleep_sec" |
|
|
_sleep_c="$_sleep_sec" |
|
|
while [ "$_sleep_c" -ge "0" ] ; |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
while [ "$_sleep_c" -ge "0" ]; do |
|
|
printf "\r \r" |
|
|
printf "\r \r" |
|
|
__green "$_sleep_c" |
|
|
__green "$_sleep_c" |
|
|
_sleep_c="$(_math $_sleep_c - 1)" |
|
|
_sleep_c="$(_math $_sleep_c - 1)" |
|
@ -1612,7 +1595,6 @@ __initHome() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$LE_WORKING_DIR" ]; then |
|
|
if [ -z "$LE_WORKING_DIR" ]; then |
|
|
if [ -f "$DEFAULT_INSTALL_HOME/account.conf" ]; then |
|
|
if [ -f "$DEFAULT_INSTALL_HOME/account.conf" ]; then |
|
|
_debug "It seems that $PROJECT_NAME is already installed in $DEFAULT_INSTALL_HOME" |
|
|
_debug "It seems that $PROJECT_NAME is already installed in $DEFAULT_INSTALL_HOME" |
|
@ -1720,7 +1702,6 @@ _initpath() { |
|
|
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" |
|
|
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_DEFAULT_CERT_HOME="$LE_WORKING_DIR" |
|
|
_DEFAULT_CERT_HOME="$LE_WORKING_DIR" |
|
|
if [ -z "$CERT_HOME" ]; then |
|
|
if [ -z "$CERT_HOME" ]; then |
|
|
CERT_HOME="$_DEFAULT_CERT_HOME" |
|
|
CERT_HOME="$_DEFAULT_CERT_HOME" |
|
@ -1884,7 +1865,7 @@ _restoreApache() { |
|
|
if ! _exec $_APACHECTL -t; then |
|
|
if ! _exec $_APACHECTL -t; then |
|
|
_exec_err |
|
|
_exec_err |
|
|
_err "Sorry, restore apache config error, please contact me." |
|
|
_err "Sorry, restore apache config error, please contact me." |
|
|
return 1; |
|
|
|
|
|
|
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
_debug "Restored successfully." |
|
|
_debug "Restored successfully." |
|
|
rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" |
|
|
rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" |
|
@ -1904,7 +1885,7 @@ _setApache() { |
|
|
_exec_err |
|
|
_exec_err |
|
|
_err "The apache config file has error, please fix it first, then try again." |
|
|
_err "The apache config file has error, please fix it first, then try again." |
|
|
_err "Don't worry, there is nothing changed to your system." |
|
|
_err "Don't worry, there is nothing changed to your system." |
|
|
return 1; |
|
|
|
|
|
|
|
|
return 1 |
|
|
else |
|
|
else |
|
|
_info "OK" |
|
|
_info "OK" |
|
|
fi |
|
|
fi |
|
@ -1954,7 +1935,7 @@ Allow from all |
|
|
else |
|
|
else |
|
|
_err "Sorry, The apache config file can not be restored, please report bug." |
|
|
_err "Sorry, The apache config file can not be restored, please report bug." |
|
|
fi |
|
|
fi |
|
|
return 1; |
|
|
|
|
|
|
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ ! -d "$ACME_DIR" ]; then |
|
|
if [ ! -d "$ACME_DIR" ]; then |
|
@ -1966,7 +1947,7 @@ Allow from all |
|
|
_exec_err |
|
|
_exec_err |
|
|
_err "$_APACHECTL graceful error, please contact me." |
|
|
_err "$_APACHECTL graceful error, please contact me." |
|
|
_restoreApache |
|
|
_restoreApache |
|
|
return 1; |
|
|
|
|
|
|
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
usingApache="1" |
|
|
usingApache="1" |
|
|
return 0 |
|
|
return 0 |
|
@ -1993,8 +1974,7 @@ _clearupdns() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
ventries=$(echo "$vlist" | tr ',' ' ') |
|
|
ventries=$(echo "$vlist" | tr ',' ' ') |
|
|
for ventry in $ventries |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for ventry in $ventries; do |
|
|
d=$(echo $ventry | cut -d $sep -f 1) |
|
|
d=$(echo $ventry | cut -d $sep -f 1) |
|
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2) |
|
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2) |
|
|
vtype=$(echo $ventry | cut -d $sep -f 4) |
|
|
vtype=$(echo $ventry | cut -d $sep -f 4) |
|
@ -2087,8 +2067,7 @@ _on_before_issue() { |
|
|
_index=1 |
|
|
_index=1 |
|
|
_currentRoot="" |
|
|
_currentRoot="" |
|
|
_addrIndex=1 |
|
|
_addrIndex=1 |
|
|
for d in $alldomains |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for d in $alldomains; do |
|
|
_debug "Check for domain" $d |
|
|
_debug "Check for domain" $d |
|
|
_currentRoot="$(_getfield "$Le_Webroot" $_index)" |
|
|
_currentRoot="$(_getfield "$Le_Webroot" $_index)" |
|
|
_debug "_currentRoot" "$_currentRoot" |
|
|
_debug "_currentRoot" "$_currentRoot" |
|
@ -2220,13 +2199,11 @@ __calcAccountKeyHash() { |
|
|
[ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 |
|
|
[ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#keylength |
|
|
#keylength |
|
|
_regAccount() { |
|
|
_regAccount() { |
|
|
_initpath |
|
|
_initpath |
|
|
_reg_length="$1" |
|
|
_reg_length="$1" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then |
|
|
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then |
|
|
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" |
|
|
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" |
|
|
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" |
|
|
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" |
|
@ -2250,8 +2227,7 @@ _regAccount() { |
|
|
|
|
|
|
|
|
_updateTos="" |
|
|
_updateTos="" |
|
|
_reg_res="new-reg" |
|
|
_reg_res="new-reg" |
|
|
while true ; |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
while true; do |
|
|
_debug AGREEMENT "$AGREEMENT" |
|
|
_debug AGREEMENT "$AGREEMENT" |
|
|
|
|
|
|
|
|
regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}' |
|
|
regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}' |
|
@ -2316,7 +2292,6 @@ _regAccount() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# domain folder file |
|
|
# domain folder file |
|
|
_findHook() { |
|
|
_findHook() { |
|
|
_hookdomain="$1" |
|
|
_hookdomain="$1" |
|
@ -2364,7 +2339,7 @@ __get_domain_new_authz() { |
|
|
_authz_i="$(_math "$_authz_i" + 1)" |
|
|
_authz_i="$(_math "$_authz_i" + 1)" |
|
|
_info "The server is busy, Sleep $_authz_i to retry." |
|
|
_info "The server is busy, Sleep $_authz_i to retry." |
|
|
_sleep "$_authz_i" |
|
|
_sleep "$_authz_i" |
|
|
done; |
|
|
|
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then |
|
|
if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then |
|
|
_debug "new-authz retry reach the max $_Max_new_authz_retry_times times." |
|
|
_debug "new-authz retry reach the max $_Max_new_authz_retry_times times." |
|
@ -2507,8 +2482,7 @@ issue() { |
|
|
alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') |
|
|
alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') |
|
|
_index=1 |
|
|
_index=1 |
|
|
_currentRoot="" |
|
|
_currentRoot="" |
|
|
for d in $alldomains |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for d in $alldomains; do |
|
|
_info "Getting webroot for domain" $d |
|
|
_info "Getting webroot for domain" $d |
|
|
_w="$(echo $Le_Webroot | cut -d , -f $_index)" |
|
|
_w="$(echo $Le_Webroot | cut -d , -f $_index)" |
|
|
_info _w "$_w" |
|
|
_info _w "$_w" |
|
@ -2555,14 +2529,12 @@ issue() { |
|
|
keyauthorization="$token.$thumbprint" |
|
|
keyauthorization="$token.$thumbprint" |
|
|
_debug keyauthorization "$keyauthorization" |
|
|
_debug keyauthorization "$keyauthorization" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1; then |
|
|
if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1; then |
|
|
_info "$d is already verified, skip." |
|
|
_info "$d is already verified, skip." |
|
|
keyauthorization=$STATE_VERIFIED |
|
|
keyauthorization=$STATE_VERIFIED |
|
|
_debug keyauthorization "$keyauthorization" |
|
|
_debug keyauthorization "$keyauthorization" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" |
|
|
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" |
|
|
_debug dvlist "$dvlist" |
|
|
_debug dvlist "$dvlist" |
|
|
|
|
|
|
|
@ -2573,8 +2545,7 @@ issue() { |
|
|
#add entry |
|
|
#add entry |
|
|
dnsadded="" |
|
|
dnsadded="" |
|
|
ventries=$(echo "$vlist" | tr ',' ' ') |
|
|
ventries=$(echo "$vlist" | tr ',' ' ') |
|
|
for ventry in $ventries |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for ventry in $ventries; do |
|
|
d=$(echo $ventry | cut -d $sep -f 1) |
|
|
d=$(echo $ventry | cut -d $sep -f 1) |
|
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2) |
|
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2) |
|
|
vtype=$(echo $ventry | cut -d $sep -f 4) |
|
|
vtype=$(echo $ventry | cut -d $sep -f 4) |
|
@ -2660,8 +2631,7 @@ issue() { |
|
|
|
|
|
|
|
|
_ncIndex=1 |
|
|
_ncIndex=1 |
|
|
ventries=$(echo "$vlist" | tr ',' ' ') |
|
|
ventries=$(echo "$vlist" | tr ',' ' ') |
|
|
for ventry in $ventries |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for ventry in $ventries; do |
|
|
d=$(echo $ventry | cut -d $sep -f 1) |
|
|
d=$(echo $ventry | cut -d $sep -f 1) |
|
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2) |
|
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2) |
|
|
uri=$(echo $ventry | cut -d $sep -f 3) |
|
|
uri=$(echo $ventry | cut -d $sep -f 3) |
|
@ -2682,7 +2652,6 @@ issue() { |
|
|
|
|
|
|
|
|
_debug "_currentRoot" "$_currentRoot" |
|
|
_debug "_currentRoot" "$_currentRoot" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$vtype" = "$VTYPE_HTTP" ]; then |
|
|
if [ "$vtype" = "$VTYPE_HTTP" ]; then |
|
|
if [ "$_currentRoot" = "$NO_VALUE" ]; then |
|
|
if [ "$_currentRoot" = "$NO_VALUE" ]; then |
|
|
_info "Standalone mode server" |
|
|
_info "Standalone mode server" |
|
@ -2731,7 +2700,7 @@ issue() { |
|
|
_debug "Changing owner/group of .well-known to $webroot_owner" |
|
|
_debug "Changing owner/group of .well-known to $webroot_owner" |
|
|
chown -R $webroot_owner "$_currentRoot/.well-known" |
|
|
chown -R $webroot_owner "$_currentRoot/.well-known" |
|
|
else |
|
|
else |
|
|
_debug "not chaning owner/group of webroot"; |
|
|
|
|
|
|
|
|
_debug "not chaning owner/group of webroot" |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
@ -2825,7 +2794,7 @@ issue() { |
|
|
_stopserver $serverproc |
|
|
_stopserver $serverproc |
|
|
serverproc="" |
|
|
serverproc="" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
break; |
|
|
|
|
|
|
|
|
break |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$status" = "invalid" ]; then |
|
|
if [ "$status" = "invalid" ]; then |
|
@ -2847,7 +2816,7 @@ issue() { |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" |
|
|
_clearup |
|
|
_clearup |
|
|
_on_issue_err |
|
|
_on_issue_err |
|
|
return 1; |
|
|
|
|
|
|
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$status" = "pending" ]; then |
|
|
if [ "$status" = "pending" ]; then |
|
@ -2909,7 +2878,6 @@ issue() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$Le_LinkCert" ]; then |
|
|
if [ -z "$Le_LinkCert" ]; then |
|
|
response="$(echo $response | _dbase64 "multiline" | _normalizeJson)" |
|
|
response="$(echo $response | _dbase64 "multiline" | _normalizeJson)" |
|
|
_err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" |
|
|
_err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" |
|
@ -2969,14 +2937,12 @@ issue() { |
|
|
|
|
|
|
|
|
Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) |
|
|
Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Le_NextRenewTimeStr=$(_time2str $Le_NextRenewTime) |
|
|
Le_NextRenewTimeStr=$(_time2str $Le_NextRenewTime) |
|
|
_savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" |
|
|
_savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" |
|
|
|
|
|
|
|
|
Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) |
|
|
Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) |
|
|
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" |
|
|
_savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_on_issue_success |
|
|
_on_issue_success |
|
|
|
|
|
|
|
|
if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ]; then |
|
|
if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ]; then |
|
@ -3000,7 +2966,7 @@ renew() { |
|
|
_info "$(__green "Renew: '$Le_Domain'")" |
|
|
_info "$(__green "Renew: '$Le_Domain'")" |
|
|
if [ ! -f "$DOMAIN_CONF" ]; then |
|
|
if [ ! -f "$DOMAIN_CONF" ]; then |
|
|
_info "'$Le_Domain' is not a issued domain, skip." |
|
|
_info "'$Le_Domain' is not a issued domain, skip." |
|
|
return 0; |
|
|
|
|
|
|
|
|
return 0 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ "$Le_RenewalDays" ]; then |
|
|
if [ "$Le_RenewalDays" ]; then |
|
@ -3069,7 +3035,6 @@ renewAll() { |
|
|
return $_ret |
|
|
return $_ret |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#csr webroot |
|
|
#csr webroot |
|
|
signcsr() { |
|
|
signcsr() { |
|
|
_csrfile="$1" |
|
|
_csrfile="$1" |
|
@ -3095,7 +3060,6 @@ signcsr(){ |
|
|
fi |
|
|
fi |
|
|
_debug "_csrdomainlist" "$_csrdomainlist" |
|
|
_debug "_csrdomainlist" "$_csrdomainlist" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$_csrsubj" ]; then |
|
|
if [ -z "$_csrsubj" ]; then |
|
|
_csrsubj="$(_getfield "$_csrdomainlist" 1)" |
|
|
_csrsubj="$(_getfield "$_csrdomainlist" 1)" |
|
|
_debug _csrsubj "$_csrsubj" |
|
|
_debug _csrsubj "$_csrsubj" |
|
@ -3151,7 +3115,6 @@ showcsr() { |
|
|
|
|
|
|
|
|
_info "SubjectAltNames=$_csrdomainlist" |
|
|
_info "SubjectAltNames=$_csrdomainlist" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") |
|
|
_csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") |
|
|
if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then |
|
|
if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then |
|
|
_err "Can not read key length from csr: $_csrfile" |
|
|
_err "Can not read key length from csr: $_csrfile" |
|
@ -3189,7 +3152,6 @@ list() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
deploy() { |
|
|
deploy() { |
|
@ -3265,7 +3227,6 @@ installcert() { |
|
|
_installcert |
|
|
_installcert |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_installcert() { |
|
|
_installcert() { |
|
|
|
|
|
|
|
|
_savedomainconf "Le_RealCertPath" "$Le_RealCertPath" |
|
|
_savedomainconf "Le_RealCertPath" "$Le_RealCertPath" |
|
@ -3314,7 +3275,6 @@ _installcert() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$Le_RealKeyPath" ]; then |
|
|
if [ "$Le_RealKeyPath" ]; then |
|
|
_installed=1 |
|
|
_installed=1 |
|
|
_info "Installing key to:$Le_RealKeyPath" |
|
|
_info "Installing key to:$Le_RealKeyPath" |
|
@ -3343,7 +3303,6 @@ _installcert() { |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
installcronjob() { |
|
|
installcronjob() { |
|
@ -3364,9 +3323,15 @@ installcronjob() { |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
if _exists uname && uname -a | grep solaris >/dev/null; then |
|
|
if _exists uname && uname -a | grep solaris >/dev/null; then |
|
|
crontab -l | { cat; echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"; } | crontab -- |
|
|
|
|
|
|
|
|
crontab -l | { |
|
|
|
|
|
cat |
|
|
|
|
|
echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" |
|
|
|
|
|
} | crontab -- |
|
|
else |
|
|
else |
|
|
crontab -l | { cat; echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"; } | crontab - |
|
|
|
|
|
|
|
|
crontab -l | { |
|
|
|
|
|
cat |
|
|
|
|
|
echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" |
|
|
|
|
|
} | crontab - |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
if [ "$?" != "0" ]; then |
|
|
if [ "$?" != "0" ]; then |
|
@ -3408,7 +3373,7 @@ revoke() { |
|
|
_initpath $Le_Domain "$_isEcc" |
|
|
_initpath $Le_Domain "$_isEcc" |
|
|
if [ ! -f "$DOMAIN_CONF" ]; then |
|
|
if [ ! -f "$DOMAIN_CONF" ]; then |
|
|
_err "$Le_Domain is not a issued domain, skip." |
|
|
_err "$Le_Domain is not a issued domain, skip." |
|
|
return 1; |
|
|
|
|
|
|
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ ! -f "$CERT_PATH" ]; then |
|
|
if [ ! -f "$CERT_PATH" ]; then |
|
@ -3457,7 +3422,6 @@ revoke() { |
|
|
return 1 |
|
|
return 1 |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#domain vtype |
|
|
#domain vtype |
|
|
_deactivate() { |
|
|
_deactivate() { |
|
|
_d_domain="$1" |
|
|
_d_domain="$1" |
|
@ -3466,12 +3430,10 @@ _deactivate() { |
|
|
|
|
|
|
|
|
_d_i=0 |
|
|
_d_i=0 |
|
|
_d_max_retry=9 |
|
|
_d_max_retry=9 |
|
|
while [ "$_d_i" -lt "$_d_max_retry" ] ; |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
while [ "$_d_i" -lt "$_d_max_retry" ]; do |
|
|
_info "Deactivate: $_d_domain" |
|
|
_info "Deactivate: $_d_domain" |
|
|
_d_i="$(_math $_d_i + 1)" |
|
|
_d_i="$(_math $_d_i + 1)" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ! __get_domain_new_authz "$_d_domain"; then |
|
|
if ! __get_domain_new_authz "$_d_domain"; then |
|
|
_err "Can not get domain new authz token." |
|
|
_err "Can not get domain new authz token." |
|
|
return 1 |
|
|
return 1 |
|
@ -3497,7 +3459,6 @@ _deactivate() { |
|
|
_debug _vtype $_vtype |
|
|
_debug _vtype $_vtype |
|
|
_info "Found $_vtype" |
|
|
_info "Found $_vtype" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" |
|
|
uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" |
|
|
_debug uri $uri |
|
|
_debug uri $uri |
|
|
|
|
|
|
|
@ -3534,8 +3495,7 @@ deactivate() { |
|
|
_usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]" |
|
|
_usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]" |
|
|
return 1 |
|
|
return 1 |
|
|
fi |
|
|
fi |
|
|
for _d_dm in $(echo "$_d_domain_list" | tr ',' ' ' ) ; |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do |
|
|
if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ]; then |
|
|
if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ]; then |
|
|
continue |
|
|
continue |
|
|
fi |
|
|
fi |
|
@ -3721,7 +3681,6 @@ _installalias() { |
|
|
_info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" |
|
|
_info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#for csh |
|
|
#for csh |
|
|
_cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" |
|
|
_cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" |
|
|
_csh_profile="$HOME/.cshrc" |
|
|
_csh_profile="$HOME/.cshrc" |
|
@ -3766,8 +3725,7 @@ install() { |
|
|
|
|
|
|
|
|
#convert from le |
|
|
#convert from le |
|
|
if [ -d "$HOME/.le" ]; then |
|
|
if [ -d "$HOME/.le" ]; then |
|
|
for envfile in "le.env" "le.sh.env" |
|
|
|
|
|
do |
|
|
|
|
|
|
|
|
for envfile in "le.env" "le.sh.env"; do |
|
|
if [ -f "$HOME/.le/$envfile" ]; then |
|
|
if [ -f "$HOME/.le/$envfile" ]; then |
|
|
if grep "le.sh" "$HOME/.le/$envfile" >/dev/null; then |
|
|
if grep "le.sh" "$HOME/.le/$envfile" >/dev/null; then |
|
|
_upgrading="1" |
|
|
_upgrading="1" |
|
@ -3775,7 +3733,7 @@ install() { |
|
|
_info "Renaming \"$HOME/.le\" to $LE_WORKING_DIR" |
|
|
_info "Renaming \"$HOME/.le\" to $LE_WORKING_DIR" |
|
|
mv "$HOME/.le" "$LE_WORKING_DIR" |
|
|
mv "$HOME/.le" "$LE_WORKING_DIR" |
|
|
mv "$LE_WORKING_DIR/$envfile" "$LE_WORKING_DIR/$PROJECT_ENTRY.env" |
|
|
mv "$LE_WORKING_DIR/$envfile" "$LE_WORKING_DIR/$PROJECT_ENTRY.env" |
|
|
break; |
|
|
|
|
|
|
|
|
break |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
done |
|
|
done |
|
@ -3808,7 +3766,6 @@ install() { |
|
|
fi |
|
|
fi |
|
|
done |
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ ! -f "$ACCOUNT_CONF_PATH" ]; then |
|
|
if [ ! -f "$ACCOUNT_CONF_PATH" ]; then |
|
|
_initconf |
|
|
_initconf |
|
|
fi |
|
|
fi |
|
@ -4536,7 +4493,7 @@ _process() { |
|
|
|
|
|
|
|
|
*) |
|
|
*) |
|
|
_err "Invalid command: $_CMD" |
|
|
_err "Invalid command: $_CMD" |
|
|
showhelp; |
|
|
|
|
|
|
|
|
showhelp |
|
|
return 1 |
|
|
return 1 |
|
|
;; |
|
|
;; |
|
|
esac |
|
|
esac |
|
@ -4561,24 +4518,15 @@ _process() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$INSTALLONLINE" ]; then |
|
|
if [ "$INSTALLONLINE" ]; then |
|
|
INSTALLONLINE="" |
|
|
INSTALLONLINE="" |
|
|
_installOnline $BRANCH |
|
|
_installOnline $BRANCH |
|
|
exit |
|
|
exit |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
main() { |
|
|
main() { |
|
|
[ -z "$1" ] && showhelp && return |
|
|
[ -z "$1" ] && showhelp && return |
|
|
if _startswith "$1" '-'; then _process "$@"; else "$@"; fi |
|
|
if _startswith "$1" '-'; then _process "$@"; else "$@"; fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
main "$@" |
|
|
main "$@" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|