Browse Source

Merge pull request #552 from Neilpang/dev

Dev
master
neil 8 years ago
committed by GitHub
parent
commit
8ca99e85b0
  1. 117
      acme.sh

117
acme.sh

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.6.5
VER=2.6.6
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -1634,7 +1634,13 @@ __initHome() {
fi fi
export LE_WORKING_DIR export LE_WORKING_DIR
_DEFAULT_ACCOUNT_CONF_PATH="$LE_WORKING_DIR/account.conf"
if [ -z "$LE_CONFIG_HOME" ]; then
LE_CONFIG_HOME="$LE_WORKING_DIR"
fi
_debug "Using config home:$LE_CONFIG_HOME"
export LE_CONFIG_HOME
_DEFAULT_ACCOUNT_CONF_PATH="$LE_CONFIG_HOME/account.conf"
if [ -z "$ACCOUNT_CONF_PATH" ]; then if [ -z "$ACCOUNT_CONF_PATH" ]; then
if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then
@ -1646,12 +1652,12 @@ __initHome() {
ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH" ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH"
fi fi
DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log"
DEFAULT_LOG_FILE="$LE_CONFIG_HOME/$PROJECT_NAME.log"
DEFAULT_CA_HOME="$LE_WORKING_DIR/ca"
DEFAULT_CA_HOME="$LE_CONFIG_HOME/ca"
if [ -z "$LE_TEMP_DIR" ]; then if [ -z "$LE_TEMP_DIR" ]; then
LE_TEMP_DIR="$LE_WORKING_DIR/tmp"
LE_TEMP_DIR="$LE_CONFIG_HOME/tmp"
fi fi
} }
@ -1703,7 +1709,7 @@ _initpath() {
fi fi
if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then
APACHE_CONF_BACKUP_DIR="$LE_WORKING_DIR"
APACHE_CONF_BACKUP_DIR="$LE_CONFIG_HOME"
fi fi
if [ -z "$USER_AGENT" ]; then if [ -z "$USER_AGENT" ]; then
@ -1711,7 +1717,7 @@ _initpath() {
fi fi
if [ -z "$HTTP_HEADER" ]; then if [ -z "$HTTP_HEADER" ]; then
HTTP_HEADER="$LE_WORKING_DIR/http.header"
HTTP_HEADER="$LE_CONFIG_HOME/http.header"
fi fi
_OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key"
@ -1727,7 +1733,7 @@ _initpath() {
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
fi fi
_DEFAULT_CERT_HOME="$LE_WORKING_DIR"
_DEFAULT_CERT_HOME="$LE_CONFIG_HOME"
if [ -z "$CERT_HOME" ]; then if [ -z "$CERT_HOME" ]; then
CERT_HOME="$_DEFAULT_CERT_HOME" CERT_HOME="$_DEFAULT_CERT_HOME"
fi fi
@ -3354,7 +3360,9 @@ _installcert() {
} }
#confighome
installcronjob() { installcronjob() {
_c_home="$1"
_initpath _initpath
if ! _exists "crontab"; then if ! _exists "crontab"; then
_err "crontab doesn't exist, so, we can not install cron jobs." _err "crontab doesn't exist, so, we can not install cron jobs."
@ -3372,17 +3380,20 @@ installcronjob() {
return 1 return 1
fi fi
if [ "$_c_home" ]; then
_c_entry="--config-home \"$_c_home\" "
fi
_t=$(_time) _t=$(_time)
random_minute=$(_math $_t % 60) random_minute=$(_math $_t % 60)
if _exists uname && uname -a | grep SunOS >/dev/null; then if _exists uname && uname -a | grep SunOS >/dev/null; then
crontab -l | { crontab -l | {
cat cat
echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null"
} | crontab -- } | crontab --
else else
crontab -l | { crontab -l | {
cat cat
echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null"
} | crontab - } | crontab -
fi fi
fi fi
@ -3408,6 +3419,10 @@ uninstallcronjob() {
fi fi
LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')" LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')"
_info LE_WORKING_DIR "$LE_WORKING_DIR" _info LE_WORKING_DIR "$LE_WORKING_DIR"
if _contains "$cr" "--config-home"; then
LE_CONFIG_HOME="$(echo "$cr" | cut -d ' ' -f 11 | tr -d '"')"
_debug LE_CONFIG_HOME "$LE_CONFIG_HOME"
fi
fi fi
_initpath _initpath
@ -3671,7 +3686,9 @@ _setShebang() {
rm -f "$_file.tmp" rm -f "$_file.tmp"
} }
#confighome
_installalias() { _installalias() {
_c_home="$1"
_initpath _initpath
_envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env" _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env"
@ -3681,8 +3698,15 @@ _installalias() {
echo "$(cat "$_envfile")" | sed "s|^alias le.sh.*$||" >"$_envfile" echo "$(cat "$_envfile")" | sed "s|^alias le.sh.*$||" >"$_envfile"
fi fi
if [ "$_c_home" ]; then
_c_entry="--config-home '$_c_home'"
fi
_setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\""
_setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
if [ "$_c_home" ]; then
_setopt "$_envfile" "export LE_CONFIG_HOME" "=" "\"$LE_CONFIG_HOME\""
fi
_setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
_profile="$(_detect_profile)" _profile="$(_detect_profile)"
if [ "$_profile" ]; then if [ "$_profile" ]; then
@ -3700,7 +3724,10 @@ _installalias() {
if [ -f "$_csh_profile" ]; then if [ -f "$_csh_profile" ]; then
_info "Installing alias to '$_csh_profile'" _info "Installing alias to '$_csh_profile'"
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
if [ "$_c_home" ]; then
_setopt "$_cshfile" "setenv LE_CONFIG_HOME" " " "\"$LE_CONFIG_HOME\""
fi
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
_setopt "$_csh_profile" "source \"$_cshfile\"" _setopt "$_csh_profile" "source \"$_cshfile\""
fi fi
@ -3709,13 +3736,16 @@ _installalias() {
if [ -f "$_tcsh_profile" ]; then if [ -f "$_tcsh_profile" ]; then
_info "Installing alias to '$_tcsh_profile'" _info "Installing alias to '$_tcsh_profile'"
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
if [ "$_c_home" ]; then
_setopt "$_cshfile" "setenv LE_CONFIG_HOME" " " "\"$LE_CONFIG_HOME\""
fi
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY $_c_entry\""
_setopt "$_tcsh_profile" "source \"$_cshfile\"" _setopt "$_tcsh_profile" "source \"$_cshfile\""
fi fi
} }
# nocron
# nocron confighome
install() { install() {
if [ -z "$LE_WORKING_DIR" ]; then if [ -z "$LE_WORKING_DIR" ]; then
@ -3723,6 +3753,7 @@ install() {
fi fi
_nocron="$1" _nocron="$1"
_c_home="$2"
if ! _initpath; then if ! _initpath; then
_err "Install failed." _err "Install failed."
return 1 return 1
@ -3761,6 +3792,13 @@ install() {
chmod 700 "$LE_WORKING_DIR" chmod 700 "$LE_WORKING_DIR"
if ! mkdir -p "$LE_CONFIG_HOME"; then
_err "Can not create config dir: $LE_CONFIG_HOME"
return 1
fi
chmod 700 "$LE_CONFIG_HOME"
cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY"
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
@ -3770,7 +3808,7 @@ install() {
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY" _info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
_installalias
_installalias "$_c_home"
for subf in $_SUB_FOLDERS; do for subf in $_SUB_FOLDERS; do
if [ -d "$subf" ]; then if [ -d "$subf" ]; then
@ -3796,7 +3834,7 @@ install() {
fi fi
if [ -z "$_nocron" ]; then if [ -z "$_nocron" ]; then
installcronjob
installcronjob "$_c_home"
fi fi
if [ -z "$NO_DETECT_SH" ]; then if [ -z "$NO_DETECT_SH" ]; then
@ -3829,7 +3867,7 @@ uninstall() {
_uninstallalias _uninstallalias
rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY" rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY"
_info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself."
_info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\", you can remove them by yourself."
} }
@ -3902,18 +3940,18 @@ Commands:
--issue Issue a cert. --issue Issue a cert.
--signcsr Issue a cert from an existing csr. --signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server. --deploy Deploy the cert to your server.
--installcert Install the issued cert to apache/nginx or any other server.
--install-cert Install the issued cert to apache/nginx or any other server.
--renew, -r Renew a cert. --renew, -r Renew a cert.
--renewAll Renew all the certs.
--renew-all Renew all the certs.
--revoke Revoke a cert. --revoke Revoke a cert.
--list List all the certs. --list List all the certs.
--showcsr Show the content of a csr. --showcsr Show the content of a csr.
--installcronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
--uninstallcronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
--uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--cron Run cron job to renew all the certs. --cron Run cron job to renew all the certs.
--toPkcs Export the certificate and key to a pfx file. --toPkcs Export the certificate and key to a pfx file.
--updateaccount Update account info.
--registeraccount Register account key.
--update-account Update account info.
--register-account Register account key.
--createAccountKey, -cak Create an account private key, professional use. --createAccountKey, -cak Create an account private key, professional use.
--createDomainKey, -cdk Create an domain private key, professional use. --createDomainKey, -cdk Create an domain private key, professional use.
--createCSR, -ccsr Create CSR , professional use. --createCSR, -ccsr Create CSR , professional use.
@ -3948,7 +3986,8 @@ Parameters:
--accountconf Specifies a customized account config file. --accountconf Specifies a customized account config file.
--home Specifies the home dir for $PROJECT_NAME . --home Specifies the home dir for $PROJECT_NAME .
--certhome Specifies the home dir to save all the certs, only valid for '--install' command.
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too. --useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email for registering, Only valid for the '--install' command. --accountemail Specifies the account email for registering, Only valid for the '--install' command.
--accountkey Specifies the account key path, Only valid for the '--install' command. --accountkey Specifies the account key path, Only valid for the '--install' command.
@ -3957,11 +3996,11 @@ Parameters:
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. --tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. --local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format. --listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate. --ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
--ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
--csr Specifies the input csr. --csr Specifies the input csr.
--pre-hook Command to be run before obtaining any certificates. --pre-hook Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
@ -4070,6 +4109,7 @@ _process() {
_accountemail="" _accountemail=""
_accountkey="" _accountkey=""
_certhome="" _certhome=""
_confighome=""
_httpport="" _httpport=""
_tlsport="" _tlsport=""
_dnssleep="" _dnssleep=""
@ -4124,13 +4164,13 @@ _process() {
--showcsr) --showcsr)
_CMD="showcsr" _CMD="showcsr"
;; ;;
--installcert | -i)
--installcert | -i | --install-cert)
_CMD="installcert" _CMD="installcert"
;; ;;
--renew | -r) --renew | -r)
_CMD="renew" _CMD="renew"
;; ;;
--renewAll | --renewall)
--renewAll | --renewall | --renew-all)
_CMD="renewAll" _CMD="renewAll"
;; ;;
--revoke) --revoke)
@ -4139,10 +4179,10 @@ _process() {
--list) --list)
_CMD="list" _CMD="list"
;; ;;
--installcronjob)
--installcronjob | --install-cronjob)
_CMD="installcronjob" _CMD="installcronjob"
;; ;;
--uninstallcronjob)
--uninstallcronjob | --uninstall-cronjob)
_CMD="uninstallcronjob" _CMD="uninstallcronjob"
;; ;;
--cron) --cron)
@ -4163,10 +4203,10 @@ _process() {
--deactivate) --deactivate)
_CMD="deactivate" _CMD="deactivate"
;; ;;
--updateaccount)
--updateaccount | --update-account)
_CMD="updateaccount" _CMD="updateaccount"
;; ;;
--registeraccount)
--registeraccount | --register-account)
_CMD="registeraccount" _CMD="registeraccount"
;; ;;
--domain | -d) --domain | -d)
@ -4308,11 +4348,16 @@ _process() {
LE_WORKING_DIR="$2" LE_WORKING_DIR="$2"
shift shift
;; ;;
--certhome)
--certhome | --cert-home)
_certhome="$2" _certhome="$2"
CERT_HOME="$_certhome" CERT_HOME="$_certhome"
shift shift
;; ;;
--config-home)
_confighome="$2"
LE_CONFIG_HOME="$_confighome"
shift
;;
--useragent) --useragent)
_useragent="$2" _useragent="$2"
USER_AGENT="$_useragent" USER_AGENT="$_useragent"
@ -4463,7 +4508,7 @@ _process() {
fi fi
case "${_CMD}" in case "${_CMD}" in
install) install "$_nocron" ;;
install) install "$_nocron" "$_confighome" ;;
uninstall) uninstall "$_nocron" ;; uninstall) uninstall "$_nocron" ;;
upgrade) upgrade ;; upgrade) upgrade ;;
issue) issue)
@ -4502,7 +4547,7 @@ _process() {
list) list)
list "$_listraw" list "$_listraw"
;; ;;
installcronjob) installcronjob ;;
installcronjob) installcronjob "$_confighome" ;;
uninstallcronjob) uninstallcronjob ;; uninstallcronjob) uninstallcronjob ;;
cron) cron ;; cron) cron ;;
toPkcs) toPkcs)
@ -4519,7 +4564,9 @@ _process() {
;; ;;
*) *)
if [ "$_CMD" ]; then
_err "Invalid command: $_CMD" _err "Invalid command: $_CMD"
fi
showhelp showhelp
return 1 return 1
;; ;;

Loading…
Cancel
Save