|
|
|
@ -1281,7 +1281,7 @@ createDomainKey() { |
|
|
|
|
|
|
|
_initpath "$domain" "$_cdl" |
|
|
|
|
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then |
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ] ; then |
|
|
|
if _createkey "$_cdl" "$CERT_KEY_PATH"; then |
|
|
|
_savedomainconf Le_Keylength "$_cdl" |
|
|
|
_info "The domain key is here: $(__green $CERT_KEY_PATH)" |
|
|
|
@ -3148,7 +3148,7 @@ _regAccount() { |
|
|
|
return 1 |
|
|
|
fi |
|
|
|
if [ "$code" = '202' ]; then |
|
|
|
_info "Update success." |
|
|
|
_info "Update account tos info success." |
|
|
|
|
|
|
|
CA_KEY_HASH="$(__calcAccountKeyHash)" |
|
|
|
_debug "Calc CA_KEY_HASH" "$CA_KEY_HASH" |
|
|
|
@ -3355,7 +3355,7 @@ issue() { |
|
|
|
else |
|
|
|
_key=$(_readdomainconf Le_Keylength) |
|
|
|
_debug "Read key length:$_key" |
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ]; then |
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then |
|
|
|
if ! createDomainKey "$_main_domain" "$_key_length"; then |
|
|
|
_err "Create domain key error." |
|
|
|
_clearup |
|
|
|
@ -3885,6 +3885,12 @@ issue() { |
|
|
|
_cleardomainconf Le_Listen_V4 |
|
|
|
fi |
|
|
|
|
|
|
|
if [ "$Le_ForceNewDomainKey" = "1" ]; then |
|
|
|
_savedomainconf "Le_ForceNewDomainKey" "$Le_ForceNewDomainKey" |
|
|
|
else |
|
|
|
_cleardomainconf Le_ForceNewDomainKey |
|
|
|
fi |
|
|
|
|
|
|
|
Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60) |
|
|
|
|
|
|
|
Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") |
|
|
|
@ -5026,6 +5032,7 @@ Parameters: |
|
|
|
--renew-hook Command to be run once for each successfully renewed certificate. |
|
|
|
--deploy-hook The hook file to deploy cert |
|
|
|
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension. |
|
|
|
--always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default. |
|
|
|
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. |
|
|
|
--listen-v4 Force standalone/tls server to listen at ipv4. |
|
|
|
--listen-v6 Force standalone/tls server to listen at ipv6. |
|
|
|
@ -5506,6 +5513,14 @@ _process() { |
|
|
|
--ocsp-must-staple | --ocsp) |
|
|
|
Le_OCSP_Staple="1" |
|
|
|
;; |
|
|
|
--always-force-new-domain-key) |
|
|
|
if [ -z "$2" ] || _startswith "$2" "-"; then |
|
|
|
Le_ForceNewDomainKey=1 |
|
|
|
else |
|
|
|
Le_ForceNewDomainKey="$2" |
|
|
|
shift |
|
|
|
fi |
|
|
|
;; |
|
|
|
--log | --logfile) |
|
|
|
_log="1" |
|
|
|
_logfile="$2" |
|
|
|
|
neilpang
8 years ago