From 998783eb9d9b4124c2cf884c2d2735ef9feba76c Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 27 Oct 2016 00:06:03 +0800 Subject: [PATCH 001/100] Support ECC account key. fix https://github.com/Neilpang/acme.sh/issues/76 https://tools.ietf.org/html/rfc3278#section-8.2 http://bitcoin.stackexchange.com/questions/2376/ecdsa-r-s-encoding-as-a-signature http://davidederosa.com/basic-blockchain-programming/elliptic-curve-digital-signatures/ --- acme.sh | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index ce12579..23abbef 100755 --- a/acme.sh +++ b/acme.sh @@ -419,13 +419,29 @@ _sign() { return 1 fi + _sign_openssl="openssl dgst -sign $keyfile " if [ "$alg" = "sha256" ] ; then - openssl dgst -sha256 -sign "$keyfile" | _base64 + _sign_openssl="$_sign_openssl -$alg" else _err "$alg is not supported yet" return 1 fi + if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + $_sign_openssl | _base64 + elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" + _debug3 "_signedECText" "$_signedECText" + _ec_r="$(echo "$_signedECText" | _head_n 2 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")" + _debug3 "_ec_r" "$_ec_r" + _ec_s="$(echo "$_signedECText" | _head_n 3 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")" + _debug3 "_ec_s" "$_ec_s" + printf "%s" "$_ec_r$_ec_s" | _h2b | _base64 + else + _err "Unknown key file format." + return 1 + fi + } #keylength @@ -695,9 +711,6 @@ createAccountKey() { fi length=$1 - if _isEccKey "$length" ; then - length=2048 - fi if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then _debug "Use default length 2048" @@ -852,7 +865,7 @@ _calcjwk() { _debug3 pubi "$pubi" pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" - pubj=$(_math $pubj + 1) + pubj=$(_math $pubj - 1) _debug3 pubj "$pubj" pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" @@ -862,7 +875,7 @@ _calcjwk() { xlen=$(_math $xlen / 4) _debug3 xlen "$xlen" - xend=$(_math "$xend" + 1) + xend=$(_math "$xlen" + 1) x="$(printf $pubtext | cut -d : -f 2-$xend)" _debug3 x "$x" From 3afa4b210db4ec9a42edf3e332a8a768c8791c20 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 27 Oct 2016 20:07:20 +0800 Subject: [PATCH 002/100] add retry for temp authz request error --- acme.sh | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 23abbef..e9e6152 100755 --- a/acme.sh +++ b/acme.sh @@ -2282,11 +2282,27 @@ issue() { _info "Getting new-authz for domain" $d - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$d")\"}}" ; then - _err "Can not get domain token." - _clearup - _on_issue_err - return 1 + _Max_new_authz_retry_times=5 + _authz_i=0 + while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ] ; do + _info "Try new-authz for the $_authz_i time." + if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$d")\"}}" ; then + _err "Can not get domain token." + _clearup + _on_issue_err + return 1 + fi + if ! _contains "$response" "An error occurred while processing your request" ; then + _info "The new-authz request is ok." + break + fi + _authz_i="$(_math "$_authz_i" + 1)" + _info "Sleep $_authz_i to retry." + _sleep "$_authz_i" + done; + + if [ "$_authz_i" = "$_Max_new_authz_retry_times" ] ; then + _debug "new-authz retry reach the max $_Max_new_authz_retry_times times." fi if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then From f940b2a58ee109a26a0367312155c20ccfb502b5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 27 Oct 2016 22:10:58 +0800 Subject: [PATCH 003/100] add retry to deactivate command --- acme.sh | 67 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 29 deletions(-) diff --git a/acme.sh b/acme.sh index e9e6152..675b1d5 100755 --- a/acme.sh +++ b/acme.sh @@ -2140,6 +2140,39 @@ _findHook() { printf "%s" "$d_api" } +#domain +__get_domain_new_authz() { + _gdnd="$1" + _info "Getting new-authz for domain" "$_gdnd" + + _Max_new_authz_retry_times=5 + _authz_i=0 + while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ] ; do + _info "Try new-authz for the $_authz_i time." + if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}" ; then + _err "Can not get domain new authz." + return 1 + fi + if ! _contains "$response" "An error occurred while processing your request" ; then + _info "The new-authz request is ok." + break + fi + _authz_i="$(_math "$_authz_i" + 1)" + _info "Sleep $_authz_i to retry." + _sleep "$_authz_i" + done; + + if [ "$_authz_i" = "$_Max_new_authz_retry_times" ] ; then + _debug "new-authz retry reach the max $_Max_new_authz_retry_times times." + fi + + if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then + _err "new-authz error: $response" + return 1 + fi + +} + #webroot, domain domainlist keylength issue() { if [ -z "$2" ] ; then @@ -2280,33 +2313,7 @@ issue() { vtype="$VTYPE_TLS" fi - _info "Getting new-authz for domain" $d - - _Max_new_authz_retry_times=5 - _authz_i=0 - while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ] ; do - _info "Try new-authz for the $_authz_i time." - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$d")\"}}" ; then - _err "Can not get domain token." - _clearup - _on_issue_err - return 1 - fi - if ! _contains "$response" "An error occurred while processing your request" ; then - _info "The new-authz request is ok." - break - fi - _authz_i="$(_math "$_authz_i" + 1)" - _info "Sleep $_authz_i to retry." - _sleep "$_authz_i" - done; - - if [ "$_authz_i" = "$_Max_new_authz_retry_times" ] ; then - _debug "new-authz retry reach the max $_Max_new_authz_retry_times times." - fi - - if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then - _err "new-authz error: $response" + if ! __get_domain_new_authz "$d" ; then _clearup _on_issue_err return 1 @@ -3227,8 +3234,10 @@ _deactivate() { do _info "Deactivate: $_d_domain" _d_i="$(_math $_d_i + 1)" - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_d_domain")\"}}" ; then - _err "Can not get domain token." + + + if ! __get_domain_new_authz "$_d_domain" ; then + _err "Can not get domain new authz token." return 1 fi From 9e45ac939bad20916091b7eec7060808643649e6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 27 Oct 2016 22:47:19 +0800 Subject: [PATCH 004/100] minor, add message --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 675b1d5..a09b115 100755 --- a/acme.sh +++ b/acme.sh @@ -2158,7 +2158,7 @@ __get_domain_new_authz() { break fi _authz_i="$(_math "$_authz_i" + 1)" - _info "Sleep $_authz_i to retry." + _info "The server is busy, Sleep $_authz_i to retry." _sleep "$_authz_i" done; From 5982f4bcf03807afff020eb4581e1ba9a73daec1 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Oct 2016 18:07:04 +0800 Subject: [PATCH 005/100] rename JWK_HEADER --- acme.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index a09b115..bd4da52 100755 --- a/acme.sh +++ b/acme.sh @@ -851,9 +851,9 @@ _calcjwk() { jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' _debug3 jwk "$jwk" - HEADER='{"alg": "RS256", "jwk": '$jwk'}' - HEADERPLACE_PART1='{"nonce": "' - HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' + JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' + JWK_HEADERPLACE_PART1='{"nonce": "' + JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "EC key" EC_SIGN="1" @@ -892,15 +892,15 @@ _calcjwk() { jwk='{"kty": "EC", "crv": "'$crv'", "x": "'$x64'", "y": "'$y64'"}' _debug3 jwk "$jwk" - HEADER='{"alg": "ES256", "jwk": '$jwk'}' - HEADERPLACE_PART1='{"nonce": "' - HEADERPLACE_PART2='", "alg": "ES256", "jwk": '$jwk'}' + JWK_HEADER='{"alg": "ES256", "jwk": '$jwk'}' + JWK_HEADERPLACE_PART1='{"nonce": "' + JWK_HEADERPLACE_PART2='", "alg": "ES256", "jwk": '$jwk'}' else _err "Only RSA or EC key is supported." return 1 fi - _debug3 HEADER "$HEADER" + _debug3 JWK_HEADER "$JWK_HEADER" } _time() { @@ -1129,7 +1129,7 @@ _send_signed_request() { _debug3 nonce "$nonce" - protected="$HEADERPLACE_PART1$nonce$HEADERPLACE_PART2" + protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" protected64="$(printf "$protected" | _base64 | _urlencode)" @@ -1138,7 +1138,7 @@ _send_signed_request() { sig=$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256" | _urlencode) _debug3 sig "$sig" - body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" + body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug3 body "$body" From 1befee5aca2d6adb388ded34d169cdbb4a14757d Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 28 Oct 2016 20:56:18 +0800 Subject: [PATCH 006/100] fix performance --- acme.sh | 87 +++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 54 insertions(+), 33 deletions(-) diff --git a/acme.sh b/acme.sh index bd4da52..389377a 100755 --- a/acme.sh +++ b/acme.sh @@ -833,6 +833,13 @@ _calcjwk() { _usage "Usage: _calcjwk keyfile" return 1 fi + + if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then + _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" + return 0 + fi + + EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "RSA key" @@ -901,6 +908,7 @@ _calcjwk() { fi _debug3 JWK_HEADER "$JWK_HEADER" + __CACHED_JWK_KEY_FILE="$keyfile" } _time() { @@ -929,35 +937,44 @@ _inithttp() { HTTP_HEADER="$(_mktemp)" _debug2 HTTP_HEADER "$HTTP_HEADER" fi - - if [ -z "$CURL" ] ; then - CURL="curl -L --silent --dump-header $HTTP_HEADER " + + if [ "$__HTTP_INITIALIZED" ] ; then + if [ "$_ACME_CURL$_ACME_WGET" ] ; then + _debug2 "Http already initialized." + return 0 + fi + fi + + if [ -z "$_ACME_CURL" ] && _exists "curl" ; then + _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER " if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then _CURL_DUMP="$(_mktemp)" - CURL="$CURL --trace-ascii $_CURL_DUMP " + _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi if [ "$CA_BUNDLE" ] ; then - CURL="$CURL --cacert $CA_BUNDLE " + _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " fi if [ "$HTTPS_INSECURE" ] ; then - CURL="$CURL --insecure " + _ACME_CURL="$_ACME_CURL --insecure " fi fi - if [ -z "$WGET" ] ; then - WGET="wget -q" + if [ -z "$_ACME_WGET" ] && _exists "wget"; then + _ACME_WGET="wget -q" if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - WGET="$WGET -d " + _ACME_WGET="$_ACME_WGET -d " fi if [ "$CA_BUNDLE" ] ; then - WGET="$WGET --ca-certificate $CA_BUNDLE " + _ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " fi if [ "$HTTPS_INSECURE" ] ; then - WGET="$WGET --no-check-certificate " + _ACME_WGET="$_ACME_WGET --no-check-certificate " fi fi + + __HTTP_INITIALIZED=1 } @@ -978,8 +995,8 @@ _post() { _inithttp - if _exists "curl" ; then - _CURL="$CURL" + if [ "$_ACME_CURL" ] ; then + _CURL="$_ACME_CURL" _debug "_CURL" "$_CURL" if [ "$needbase64" ] ; then response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" | _base64)" @@ -994,19 +1011,19 @@ _post() { _err "$(cat "$_CURL_DUMP")" fi fi - elif _exists "wget" ; then - _debug "WGET" "$WGET" + elif [ "$_ACME_WGET" ] ; then + _debug "_ACME_WGET" "$_ACME_WGET" if [ "$needbase64" ] ; then if [ "$httpmethod" = "POST" ] ; then - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" else - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" fi else if [ "$httpmethod" = "POST" ] ; then - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" else - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" fi fi _ret="$?" @@ -1039,8 +1056,8 @@ _get() { _inithttp - if _exists "curl" ; then - _CURL="$CURL" + if [ "$_ACME_CURL" ] ; then + _CURL="$_ACME_CURL" if [ "$t" ] ; then _CURL="$_CURL --connect-timeout $t" fi @@ -1058,8 +1075,8 @@ _get() { _err "$(cat "$_CURL_DUMP")" fi fi - elif _exists "wget" ; then - _WGET="$WGET" + elif [ "$_ACME_WGET" ] ; then + _WGET="$_ACME_WGET" if [ "$t" ] ; then _WGET="$_WGET --timeout=$t" fi @@ -3194,19 +3211,23 @@ revoke() { data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" uri="$API/acme/revoke-cert" - _info "Try domain key first." - if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then - if [ -z "$response" ] ; then - _info "Revoke success." - rm -f $CERT_PATH - return 0 - else - _err "Revoke error by domain key." - _err "$response" + if [ -f "$CERT_KEY_PATH" ] ; then + _info "Try domain key first." + if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then + if [ -z "$response" ] ; then + _info "Revoke success." + rm -f $CERT_PATH + return 0 + else + _err "Revoke error by domain key." + _err "$response" + fi fi + else + _info "Domain key file doesn't exists." fi - _info "Then try account key." + _info "Try account key." if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH" ; then if [ -z "$response" ] ; then From 00bcbd367f6e14929b0b1a8c8d822ffe92b3e22c Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 28 Oct 2016 21:30:40 +0800 Subject: [PATCH 007/100] fix performance, use cached nonce --- acme.sh | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/acme.sh b/acme.sh index 389377a..a6dc30c 100755 --- a/acme.sh +++ b/acme.sh @@ -1132,18 +1132,23 @@ _send_signed_request() { payload64=$(printf "%s" "$payload" | _base64 | _urlencode) _debug3 payload64 $payload64 - nonceurl="$API/directory" - _headers="$(_get $nonceurl "onlyheader")" - - if [ "$?" != "0" ] ; then - _err "Can not connect to $nonceurl to get nonce." - return 1 + if [ -z "$_CACHED_NONCE" ] ; then + _debug2 "Get nonce." + nonceurl="$API/directory" + _headers="$(_get $nonceurl "onlyheader")" + + if [ "$?" != "0" ] ; then + _err "Can not connect to $nonceurl to get nonce." + return 1 + fi + + _debug3 _headers "$_headers" + + _CACHED_NONCE="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + else + _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" fi - - _debug3 _headers "$_headers" - - nonce="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" - + nonce="$_CACHED_NONCE" _debug3 nonce "$nonce" protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" @@ -1160,6 +1165,7 @@ _send_signed_request() { response="$(_post "$body" $url "$needbase64")" + _CACHED_NONCE="" if [ "$?" != "0" ] ; then _err "Can not post to $url" return 1 @@ -1168,12 +1174,14 @@ _send_signed_request() { response="$( echo "$response" | _normalizeJson )" - responseHeaders="$(cat $HTTP_HEADER)" + responseHeaders="$(cat "$HTTP_HEADER")" _debug2 responseHeaders "$responseHeaders" _debug2 response "$response" code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n" )" _debug code $code + + _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" } From 8a29fbc850b49c76ad6da65a9f81344e609ef1c4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 28 Oct 2016 22:45:19 +0800 Subject: [PATCH 008/100] do not register account if already registered --- acme.sh | 111 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 74 insertions(+), 37 deletions(-) diff --git a/acme.sh b/acme.sh index a6dc30c..9b37b2e 100755 --- a/acme.sh +++ b/acme.sh @@ -1223,60 +1223,85 @@ _setopt() { _debug2 "$(grep -n "^$__opt$__sep" $__conf)" } -#_savedomainconf key value -#save to domain.conf -_savedomainconf() { - _sdkey="$1" - _sdvalue="$2" - if [ "$DOMAIN_CONF" ] ; then - _setopt "$DOMAIN_CONF" "$_sdkey" "=" "\"$_sdvalue\"" + +#_save_conf file key value +#save to conf +_save_conf() { + _s_c_f="$1" + _sdkey="$2" + _sdvalue="$3" + if [ "$_s_c_f" ] ; then + _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" else - _err "DOMAIN_CONF is empty, can not save $_sdkey=$_sdvalue" + _err "config file is empty, can not save $_sdkey=$_sdvalue" fi } -#_cleardomainconf key -_cleardomainconf() { - _sdkey="$1" - if [ "$DOMAIN_CONF" ] ; then - _sed_i "s/^$_sdkey.*$//" "$DOMAIN_CONF" +#_clear_conf file key +_clear_conf() { + _c_c_f="$1" + _sdkey="$2" + if [ "$_c_c_f" ] ; then + _sed_i "s/^$_sdkey.*$//" "$_c_c_f" else - _err "DOMAIN_CONF is empty, can not save $_sdkey=$value" + _err "config file is empty, can not clear" fi } -#_readdomainconf key -_readdomainconf() { - _sdkey="$1" - if [ "$DOMAIN_CONF" ] ; then +#_read_conf file key +_read_conf() { + _r_c_f="$1" + _sdkey="$2" + if [ -f "$_r_c_f" ] ; then ( - eval $(grep "^$_sdkey *=" "$DOMAIN_CONF") + eval $(grep "^$_sdkey *=" "$_r_c_f") eval "printf \"%s\" \"\$$_sdkey\"" ) else - _err "DOMAIN_CONF is empty, can not read $_sdkey" + _err "config file is empty, can not read $_sdkey" fi } + +#_savedomainconf key value +#save to domain.conf +_savedomainconf() { + _save_conf "$DOMAIN_CONF" "$1" "$2" +} + +#_cleardomainconf key +_cleardomainconf() { + _clear_conf "$DOMAIN_CONF" "$1" +} + +#_readdomainconf key +_readdomainconf() { + _read_conf "$DOMAIN_CONF" "$1" +} + #_saveaccountconf key value _saveaccountconf() { - _sckey="$1" - _scvalue="$2" - if [ "$ACCOUNT_CONF_PATH" ] ; then - _setopt "$ACCOUNT_CONF_PATH" "$_sckey" "=" "'$_scvalue'" - else - _err "ACCOUNT_CONF_PATH is empty, can not save $_sckey=$_scvalue" - fi + _save_conf "$ACCOUNT_CONF_PATH" "$1" "$2" } #_clearaccountconf key _clearaccountconf() { - _scvalue="$1" - if [ "$ACCOUNT_CONF_PATH" ] ; then - _sed_i "s/^$_scvalue.*$//" "$ACCOUNT_CONF_PATH" - else - _err "ACCOUNT_CONF_PATH is empty, can not clear $_scvalue" - fi + _clear_conf "$ACCOUNT_CONF_PATH" "$1" +} + +#_savecaconf key value +_savecaconf() { + _save_conf "$CA_CONF" "$1" "$2" +} + +#_readcaconf key +_readcaconf() { + _read_conf "$CA_CONF" "$1" +} + +#_clearaccountconf key +_clearcaconf() { + _clear_conf "$CA_CONF" "$1" } # content localaddress @@ -2047,6 +2072,10 @@ registeraccount() { _regAccount } +__calcAccountKeyHash() { + cat "$ACCOUNT_KEY_PATH" | _digest sha256 +} + _regAccount() { _initpath @@ -2131,6 +2160,10 @@ _regAccount() { fi if [ "$code" = '202' ] ; then _info "Update success." + + CA_KEY_HASH="$(__calcAccountKeyHash)" + _debug "Calc CA_KEY_HASH" "$CA_KEY_HASH" + _savecaconf CA_KEY_HASH "$CA_KEY_HASH" else _err "Update account error." return 1 @@ -2280,11 +2313,15 @@ issue() { return 1 fi - if ! _regAccount ; then - _on_issue_err - return 1 - fi + _saved_account_key_hash="$(_readcaconf "CA_KEY_HASH")" + _debug2 _saved_account_key_hash "$_saved_account_key_hash" + if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then + if ! _regAccount ; then + _on_issue_err + return 1 + fi + fi if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then _info "Signing from existing CSR." From cae203be71d7ffe2cd2d37ffc328b0b941e46d50 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 28 Oct 2016 23:30:32 +0800 Subject: [PATCH 009/100] fix thumbprint --- acme.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index 9b37b2e..858a57d 100755 --- a/acme.sh +++ b/acme.sh @@ -2109,8 +2109,6 @@ _regAccount() { while true ; do _debug AGREEMENT "$AGREEMENT" - accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) - thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}' @@ -2348,8 +2346,8 @@ issue() { _savedomainconf "Le_Keylength" "$Le_Keylength" vlist="$Le_Vlist" - # verify each domain - _info "Verify each domain" + + _info "Getting domain auth token for each domain" sep='#' if [ -z "$vlist" ] ; then alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) @@ -2380,7 +2378,12 @@ issue() { _on_issue_err return 1 fi - + + if [ -z "$thumbprint" ] ; then + accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) + thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) + fi + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ] ; then @@ -2394,7 +2397,7 @@ issue() { uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" _debug uri $uri - + keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" From d7c6679d7002f0e4f1d2f55707cddd662f3af958 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 28 Oct 2016 23:58:01 +0800 Subject: [PATCH 010/100] fix issue performance. Reduce the time cost from about 20 seconds down to 8 seconds (#348) * rename JWK_HEADER * fix performance * fix performance, use cached nonce * do not register account if already registered * fix thumbprint --- acme.sh | 263 +++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 166 insertions(+), 97 deletions(-) diff --git a/acme.sh b/acme.sh index a09b115..858a57d 100755 --- a/acme.sh +++ b/acme.sh @@ -833,6 +833,13 @@ _calcjwk() { _usage "Usage: _calcjwk keyfile" return 1 fi + + if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then + _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" + return 0 + fi + + EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "RSA key" @@ -851,9 +858,9 @@ _calcjwk() { jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' _debug3 jwk "$jwk" - HEADER='{"alg": "RS256", "jwk": '$jwk'}' - HEADERPLACE_PART1='{"nonce": "' - HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' + JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' + JWK_HEADERPLACE_PART1='{"nonce": "' + JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "EC key" EC_SIGN="1" @@ -892,15 +899,16 @@ _calcjwk() { jwk='{"kty": "EC", "crv": "'$crv'", "x": "'$x64'", "y": "'$y64'"}' _debug3 jwk "$jwk" - HEADER='{"alg": "ES256", "jwk": '$jwk'}' - HEADERPLACE_PART1='{"nonce": "' - HEADERPLACE_PART2='", "alg": "ES256", "jwk": '$jwk'}' + JWK_HEADER='{"alg": "ES256", "jwk": '$jwk'}' + JWK_HEADERPLACE_PART1='{"nonce": "' + JWK_HEADERPLACE_PART2='", "alg": "ES256", "jwk": '$jwk'}' else _err "Only RSA or EC key is supported." return 1 fi - _debug3 HEADER "$HEADER" + _debug3 JWK_HEADER "$JWK_HEADER" + __CACHED_JWK_KEY_FILE="$keyfile" } _time() { @@ -929,35 +937,44 @@ _inithttp() { HTTP_HEADER="$(_mktemp)" _debug2 HTTP_HEADER "$HTTP_HEADER" fi - - if [ -z "$CURL" ] ; then - CURL="curl -L --silent --dump-header $HTTP_HEADER " + + if [ "$__HTTP_INITIALIZED" ] ; then + if [ "$_ACME_CURL$_ACME_WGET" ] ; then + _debug2 "Http already initialized." + return 0 + fi + fi + + if [ -z "$_ACME_CURL" ] && _exists "curl" ; then + _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER " if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then _CURL_DUMP="$(_mktemp)" - CURL="$CURL --trace-ascii $_CURL_DUMP " + _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi if [ "$CA_BUNDLE" ] ; then - CURL="$CURL --cacert $CA_BUNDLE " + _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " fi if [ "$HTTPS_INSECURE" ] ; then - CURL="$CURL --insecure " + _ACME_CURL="$_ACME_CURL --insecure " fi fi - if [ -z "$WGET" ] ; then - WGET="wget -q" + if [ -z "$_ACME_WGET" ] && _exists "wget"; then + _ACME_WGET="wget -q" if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - WGET="$WGET -d " + _ACME_WGET="$_ACME_WGET -d " fi if [ "$CA_BUNDLE" ] ; then - WGET="$WGET --ca-certificate $CA_BUNDLE " + _ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " fi if [ "$HTTPS_INSECURE" ] ; then - WGET="$WGET --no-check-certificate " + _ACME_WGET="$_ACME_WGET --no-check-certificate " fi fi + + __HTTP_INITIALIZED=1 } @@ -978,8 +995,8 @@ _post() { _inithttp - if _exists "curl" ; then - _CURL="$CURL" + if [ "$_ACME_CURL" ] ; then + _CURL="$_ACME_CURL" _debug "_CURL" "$_CURL" if [ "$needbase64" ] ; then response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" | _base64)" @@ -994,19 +1011,19 @@ _post() { _err "$(cat "$_CURL_DUMP")" fi fi - elif _exists "wget" ; then - _debug "WGET" "$WGET" + elif [ "$_ACME_WGET" ] ; then + _debug "_ACME_WGET" "$_ACME_WGET" if [ "$needbase64" ] ; then if [ "$httpmethod" = "POST" ] ; then - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" else - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" fi else if [ "$httpmethod" = "POST" ] ; then - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" else - response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" + response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" fi fi _ret="$?" @@ -1039,8 +1056,8 @@ _get() { _inithttp - if _exists "curl" ; then - _CURL="$CURL" + if [ "$_ACME_CURL" ] ; then + _CURL="$_ACME_CURL" if [ "$t" ] ; then _CURL="$_CURL --connect-timeout $t" fi @@ -1058,8 +1075,8 @@ _get() { _err "$(cat "$_CURL_DUMP")" fi fi - elif _exists "wget" ; then - _WGET="$WGET" + elif [ "$_ACME_WGET" ] ; then + _WGET="$_ACME_WGET" if [ "$t" ] ; then _WGET="$_WGET --timeout=$t" fi @@ -1115,21 +1132,26 @@ _send_signed_request() { payload64=$(printf "%s" "$payload" | _base64 | _urlencode) _debug3 payload64 $payload64 - nonceurl="$API/directory" - _headers="$(_get $nonceurl "onlyheader")" - - if [ "$?" != "0" ] ; then - _err "Can not connect to $nonceurl to get nonce." - return 1 + if [ -z "$_CACHED_NONCE" ] ; then + _debug2 "Get nonce." + nonceurl="$API/directory" + _headers="$(_get $nonceurl "onlyheader")" + + if [ "$?" != "0" ] ; then + _err "Can not connect to $nonceurl to get nonce." + return 1 + fi + + _debug3 _headers "$_headers" + + _CACHED_NONCE="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + else + _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" fi - - _debug3 _headers "$_headers" - - nonce="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" - + nonce="$_CACHED_NONCE" _debug3 nonce "$nonce" - protected="$HEADERPLACE_PART1$nonce$HEADERPLACE_PART2" + protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" protected64="$(printf "$protected" | _base64 | _urlencode)" @@ -1138,11 +1160,12 @@ _send_signed_request() { sig=$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256" | _urlencode) _debug3 sig "$sig" - body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" + body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug3 body "$body" response="$(_post "$body" $url "$needbase64")" + _CACHED_NONCE="" if [ "$?" != "0" ] ; then _err "Can not post to $url" return 1 @@ -1151,12 +1174,14 @@ _send_signed_request() { response="$( echo "$response" | _normalizeJson )" - responseHeaders="$(cat $HTTP_HEADER)" + responseHeaders="$(cat "$HTTP_HEADER")" _debug2 responseHeaders "$responseHeaders" _debug2 response "$response" code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n" )" _debug code $code + + _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" } @@ -1198,60 +1223,85 @@ _setopt() { _debug2 "$(grep -n "^$__opt$__sep" $__conf)" } -#_savedomainconf key value -#save to domain.conf -_savedomainconf() { - _sdkey="$1" - _sdvalue="$2" - if [ "$DOMAIN_CONF" ] ; then - _setopt "$DOMAIN_CONF" "$_sdkey" "=" "\"$_sdvalue\"" + +#_save_conf file key value +#save to conf +_save_conf() { + _s_c_f="$1" + _sdkey="$2" + _sdvalue="$3" + if [ "$_s_c_f" ] ; then + _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" else - _err "DOMAIN_CONF is empty, can not save $_sdkey=$_sdvalue" + _err "config file is empty, can not save $_sdkey=$_sdvalue" fi } -#_cleardomainconf key -_cleardomainconf() { - _sdkey="$1" - if [ "$DOMAIN_CONF" ] ; then - _sed_i "s/^$_sdkey.*$//" "$DOMAIN_CONF" +#_clear_conf file key +_clear_conf() { + _c_c_f="$1" + _sdkey="$2" + if [ "$_c_c_f" ] ; then + _sed_i "s/^$_sdkey.*$//" "$_c_c_f" else - _err "DOMAIN_CONF is empty, can not save $_sdkey=$value" + _err "config file is empty, can not clear" fi } -#_readdomainconf key -_readdomainconf() { - _sdkey="$1" - if [ "$DOMAIN_CONF" ] ; then +#_read_conf file key +_read_conf() { + _r_c_f="$1" + _sdkey="$2" + if [ -f "$_r_c_f" ] ; then ( - eval $(grep "^$_sdkey *=" "$DOMAIN_CONF") + eval $(grep "^$_sdkey *=" "$_r_c_f") eval "printf \"%s\" \"\$$_sdkey\"" ) else - _err "DOMAIN_CONF is empty, can not read $_sdkey" + _err "config file is empty, can not read $_sdkey" fi } + +#_savedomainconf key value +#save to domain.conf +_savedomainconf() { + _save_conf "$DOMAIN_CONF" "$1" "$2" +} + +#_cleardomainconf key +_cleardomainconf() { + _clear_conf "$DOMAIN_CONF" "$1" +} + +#_readdomainconf key +_readdomainconf() { + _read_conf "$DOMAIN_CONF" "$1" +} + #_saveaccountconf key value _saveaccountconf() { - _sckey="$1" - _scvalue="$2" - if [ "$ACCOUNT_CONF_PATH" ] ; then - _setopt "$ACCOUNT_CONF_PATH" "$_sckey" "=" "'$_scvalue'" - else - _err "ACCOUNT_CONF_PATH is empty, can not save $_sckey=$_scvalue" - fi + _save_conf "$ACCOUNT_CONF_PATH" "$1" "$2" } #_clearaccountconf key _clearaccountconf() { - _scvalue="$1" - if [ "$ACCOUNT_CONF_PATH" ] ; then - _sed_i "s/^$_scvalue.*$//" "$ACCOUNT_CONF_PATH" - else - _err "ACCOUNT_CONF_PATH is empty, can not clear $_scvalue" - fi + _clear_conf "$ACCOUNT_CONF_PATH" "$1" +} + +#_savecaconf key value +_savecaconf() { + _save_conf "$CA_CONF" "$1" "$2" +} + +#_readcaconf key +_readcaconf() { + _read_conf "$CA_CONF" "$1" +} + +#_clearaccountconf key +_clearcaconf() { + _clear_conf "$CA_CONF" "$1" } # content localaddress @@ -2022,6 +2072,10 @@ registeraccount() { _regAccount } +__calcAccountKeyHash() { + cat "$ACCOUNT_KEY_PATH" | _digest sha256 +} + _regAccount() { _initpath @@ -2055,8 +2109,6 @@ _regAccount() { while true ; do _debug AGREEMENT "$AGREEMENT" - accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) - thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}' @@ -2106,6 +2158,10 @@ _regAccount() { fi if [ "$code" = '202' ] ; then _info "Update success." + + CA_KEY_HASH="$(__calcAccountKeyHash)" + _debug "Calc CA_KEY_HASH" "$CA_KEY_HASH" + _savecaconf CA_KEY_HASH "$CA_KEY_HASH" else _err "Update account error." return 1 @@ -2255,11 +2311,15 @@ issue() { return 1 fi - if ! _regAccount ; then - _on_issue_err - return 1 - fi + _saved_account_key_hash="$(_readcaconf "CA_KEY_HASH")" + _debug2 _saved_account_key_hash "$_saved_account_key_hash" + if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then + if ! _regAccount ; then + _on_issue_err + return 1 + fi + fi if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then _info "Signing from existing CSR." @@ -2286,8 +2346,8 @@ issue() { _savedomainconf "Le_Keylength" "$Le_Keylength" vlist="$Le_Vlist" - # verify each domain - _info "Verify each domain" + + _info "Getting domain auth token for each domain" sep='#' if [ -z "$vlist" ] ; then alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) @@ -2318,7 +2378,12 @@ issue() { _on_issue_err return 1 fi - + + if [ -z "$thumbprint" ] ; then + accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) + thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) + fi + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ] ; then @@ -2332,7 +2397,7 @@ issue() { uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" _debug uri $uri - + keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" @@ -3194,19 +3259,23 @@ revoke() { data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" uri="$API/acme/revoke-cert" - _info "Try domain key first." - if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then - if [ -z "$response" ] ; then - _info "Revoke success." - rm -f $CERT_PATH - return 0 - else - _err "Revoke error by domain key." - _err "$response" + if [ -f "$CERT_KEY_PATH" ] ; then + _info "Try domain key first." + if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then + if [ -z "$response" ] ; then + _info "Revoke success." + rm -f $CERT_PATH + return 0 + else + _err "Revoke error by domain key." + _err "$response" + fi fi + else + _info "Domain key file doesn't exists." fi - _info "Then try account key." + _info "Try account key." if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH" ; then if [ -z "$response" ] ; then From 5dbf664a6bd02e72f581bbf77412c477de49a336 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 29 Oct 2016 10:53:45 +0800 Subject: [PATCH 011/100] minor, reduce the sleep time. --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 858a57d..4b7bedf 100755 --- a/acme.sh +++ b/acme.sh @@ -1476,7 +1476,7 @@ _starttlsserver() { fi serverproc="$!" - sleep 2 + sleep 1 _debug serverproc $serverproc } @@ -2541,7 +2541,7 @@ issue() { return 1 fi serverproc="$!" - sleep 2 + sleep 1 _debug serverproc $serverproc else @@ -2641,8 +2641,8 @@ issue() { return 1 fi - _debug "sleep 5 secs to verify" - sleep 5 + _debug "sleep 2 secs to verify" + sleep 2 _debug "checking" response="$(_get $uri)" if [ "$?" != "0" ] ; then From f345cc66cf2f4eb34c55440e685480a1dc3cc4b9 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Oct 2016 10:55:16 +0800 Subject: [PATCH 012/100] Dev (#349) * rename JWK_HEADER * fix performance * fix performance, use cached nonce * do not register account if already registered * fix thumbprint * minor, reduce the sleep time. --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 858a57d..4b7bedf 100755 --- a/acme.sh +++ b/acme.sh @@ -1476,7 +1476,7 @@ _starttlsserver() { fi serverproc="$!" - sleep 2 + sleep 1 _debug serverproc $serverproc } @@ -2541,7 +2541,7 @@ issue() { return 1 fi serverproc="$!" - sleep 2 + sleep 1 _debug serverproc $serverproc else @@ -2641,8 +2641,8 @@ issue() { return 1 fi - _debug "sleep 5 secs to verify" - sleep 5 + _debug "sleep 2 secs to verify" + sleep 2 _debug "checking" response="$(_get $uri)" if [ "$?" != "0" ] ; then From 18256c49231bd5be7ee71f42a0e9c0640da22b30 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 29 Oct 2016 11:08:18 +0800 Subject: [PATCH 013/100] fix issue cache jwk for ecc key only --- acme.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 4b7bedf..0410585 100755 --- a/acme.sh +++ b/acme.sh @@ -834,15 +834,18 @@ _calcjwk() { return 1 fi - if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then - _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" - return 0 - fi + EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "RSA key" + + if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then + _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" + return 0 + fi + pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:"| cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) if [ "${#pub_exp}" = "5" ] ; then pub_exp=0$pub_exp @@ -861,6 +864,7 @@ _calcjwk() { JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' + __CACHED_JWK_KEY_FILE="$keyfile" elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "EC key" EC_SIGN="1" @@ -908,7 +912,7 @@ _calcjwk() { fi _debug3 JWK_HEADER "$JWK_HEADER" - __CACHED_JWK_KEY_FILE="$keyfile" + } _time() { From 8c76b8bc36003b1e5488d0cd71ca9758c34a8b29 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 29 Oct 2016 11:15:45 +0800 Subject: [PATCH 014/100] do not cache thumbprint for issues for ecc account key --- acme.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/acme.sh b/acme.sh index 0410585..19c2c1f 100755 --- a/acme.sh +++ b/acme.sh @@ -833,10 +833,7 @@ _calcjwk() { _usage "Usage: _calcjwk keyfile" return 1 fi - - - EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "RSA key" @@ -2383,11 +2380,10 @@ issue() { return 1 fi - if [ -z "$thumbprint" ] ; then - accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) - thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) - fi - + + accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) + thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ] ; then From ae2db62f1cddfe96cff9c79ac74236edd69c8c2c Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 29 Oct 2016 12:14:48 +0800 Subject: [PATCH 015/100] fix issues for ECC account key. --- acme.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/acme.sh b/acme.sh index 19c2c1f..d6fb1c4 100755 --- a/acme.sh +++ b/acme.sh @@ -833,16 +833,16 @@ _calcjwk() { _usage "Usage: _calcjwk keyfile" return 1 fi - + + if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then + _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" + return 0 + fi + + EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "RSA key" - - if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then - _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" - return 0 - fi - pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:"| cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) if [ "${#pub_exp}" = "5" ] ; then pub_exp=0$pub_exp @@ -861,7 +861,6 @@ _calcjwk() { JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' - __CACHED_JWK_KEY_FILE="$keyfile" elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then _debug "EC key" EC_SIGN="1" @@ -897,7 +896,7 @@ _calcjwk() { y64="$(printf $y | tr -d : | _h2b | _base64 | _urlencode)" _debug3 y64 "$y64" - jwk='{"kty": "EC", "crv": "'$crv'", "x": "'$x64'", "y": "'$y64'"}' + jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' _debug3 jwk "$jwk" JWK_HEADER='{"alg": "ES256", "jwk": '$jwk'}' @@ -909,7 +908,7 @@ _calcjwk() { fi _debug3 JWK_HEADER "$JWK_HEADER" - + __CACHED_JWK_KEY_FILE="$keyfile" } _time() { @@ -2380,10 +2379,11 @@ issue() { return 1 fi - - accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) - thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) - + if [ -z "$thumbprint" ] ; then + accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) + thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) + fi + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ] ; then From 72518d4827c3609b64311dc2d9716d48eac16a1a Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 29 Oct 2016 17:43:38 +0800 Subject: [PATCH 016/100] fix performance --- acme.sh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index d6fb1c4..eaecba1 100755 --- a/acme.sh +++ b/acme.sh @@ -2292,8 +2292,12 @@ issue() { _savedomainconf "Le_PreHook" "$Le_PreHook" _savedomainconf "Le_PostHook" "$Le_PostHook" _savedomainconf "Le_RenewHook" "$Le_RenewHook" - _savedomainconf "Le_LocalAddress" "$Le_LocalAddress" + if [ "$Le_LocalAddress" ] ; then + _savedomainconf "Le_LocalAddress" "$Le_LocalAddress" + else + _cleardomainconf "Le_LocalAddress" + fi Le_API="$API" _savedomainconf "Le_API" "$Le_API" @@ -2719,9 +2723,14 @@ issue() { if [ "$Le_LinkCert" ] ; then echo "$BEGIN_CERT" > "$CERT_PATH" - if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then - _debug "Get cert failed. Let's try last response." - printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" + #if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then + # _debug "Get cert failed. Let's try last response." + # printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" + #fi + + if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" ; then + _debug "Try cert link." + _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" fi echo "$END_CERT" >> "$CERT_PATH" From 0d2c26735e98d71261fbeff836fb176c791920bd Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 29 Oct 2016 21:33:34 +0800 Subject: [PATCH 017/100] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index eaecba1..0575e0b 100755 --- a/acme.sh +++ b/acme.sh @@ -2073,7 +2073,7 @@ registeraccount() { } __calcAccountKeyHash() { - cat "$ACCOUNT_KEY_PATH" | _digest sha256 + [ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 } _regAccount() { From fb3be8509de0c196bd83cad97c2a9c2370cba864 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 Oct 2016 22:59:53 +0800 Subject: [PATCH 018/100] Add gentoo linux --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e86392e..684ec39 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ Wiki: https://github.com/Neilpang/acme.sh/wiki |16|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/mageia.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Mageia |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT) |18|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris +|18|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux For all build statuses, check our [daily build project](https://github.com/Neilpang/acmetest): From 5961d443393ccc4c716b2ca270109436b4ccd130 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 30 Oct 2016 17:26:00 +0800 Subject: [PATCH 019/100] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 684ec39..bd0cbd2 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ Wiki: https://github.com/Neilpang/acme.sh/wiki |16|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/mageia.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Mageia |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT) |18|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris -|18|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux +|19|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux For all build statuses, check our [daily build project](https://github.com/Neilpang/acmetest): From 02d54a783a5844de89b5afc4d45ae9906d9b54c2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 31 Oct 2016 21:12:11 +0800 Subject: [PATCH 020/100] fix for idn on solaris --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 0575e0b..d4e7580 100755 --- a/acme.sh +++ b/acme.sh @@ -504,7 +504,7 @@ _createkey() { _is_idn() { _is_idn_d="$1" _debug2 _is_idn_d "$_is_idn_d" - _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d "[0-9a-zA-Z.,-]") + _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '[0-9]' | tr -d '[a-z]' | tr -d 'A-Z' | tr -d '.,-') _debug2 _idn_temp "$_idn_temp" [ "$_idn_temp" ] } From 2a1e06f8a9d070b8e7d5a14a6a1e058bd4dd4280 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 31 Oct 2016 21:22:04 +0800 Subject: [PATCH 021/100] add --quiet for idn --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d4e7580..bb77324 100755 --- a/acme.sh +++ b/acme.sh @@ -528,7 +528,7 @@ _idn() { else _i_first="" fi - idn "$f" | tr -d "\r\n" + idn --quiet "$f" | tr -d "\r\n" done else idn "$__idn_d" | tr -d "\r\n" From 93fc48a2dbbe6cc0d07737b8d8c4b756162536fe Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 1 Nov 2016 19:14:33 +0800 Subject: [PATCH 022/100] add more error check --- acme.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index bb77324..e1b1cf4 100755 --- a/acme.sh +++ b/acme.sh @@ -1846,7 +1846,7 @@ _clearup() { _clearupdns() { _debug "_clearupdns" if [ "$dnsadded" != 1 ] || [ -z "$vlist" ] ; then - _info "Dns not added, skip." + _debug "Dns not added, skip." return fi @@ -2567,7 +2567,15 @@ issue() { _debug "writing token:$token to $wellknown_path/$token" mkdir -p "$wellknown_path" - printf "%s" "$keyauthorization" > "$wellknown_path/$token" + + if ! printf "%s" "$keyauthorization" > "$wellknown_path/$token" ; then + _err "$d:Can not write token to file : $wellknown_path/$token" + _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearup + _on_issue_err + return 1 + fi + if [ ! "$usingApache" ] ; then if webroot_owner=$(_stat $_currentRoot) ; then _debug "Changing owner/group of .well-known to $webroot_owner" From 7e512bad969b1dbc64ac6fae4bd9711b259cba6c Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 1 Nov 2016 19:31:20 +0800 Subject: [PATCH 023/100] fix apache mode --- acme.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index e1b1cf4..c2956ce 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.2 +VER=2.6.3 PROJECT_NAME="acme.sh" @@ -1937,9 +1937,6 @@ _on_before_issue() { _err "Please install netcat(nc) tools first." return 1 fi - elif ! _hasfield "$Le_Webroot" "$W_TLS" ; then - #no need to check anymore - return 0 fi _debug Le_LocalAddress "$Le_LocalAddress" From 610e0f21d62843166955dea03610a33af80fd533 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 1 Nov 2016 20:29:58 +0800 Subject: [PATCH 024/100] fix apache error checks --- acme.sh | 54 +++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index c2956ce..888de5e 100755 --- a/acme.sh +++ b/acme.sh @@ -918,15 +918,18 @@ _time() { _mktemp() { if _exists mktemp ; then if mktemp 2>/dev/null ; then - return + return 0 elif _contains "$(mktemp 2>&1)" "-t prefix" && mktemp -t "$PROJECT_NAME" 2>/dev/null ; then #for Mac osx - return + return 0 fi fi if [ -d "/tmp" ] ; then echo "/tmp/${PROJECT_NAME}wefADf24sf.$(_time).tmp" return 0 + elif [ "$LE_TEMP_DIR" ] && mkdir -p "$LE_TEMP_DIR" ; then + echo "/$LE_TEMP_DIR/wefADf24sf.$(_time).tmp" + return 0 fi _err "Can not create temp file." } @@ -1540,6 +1543,10 @@ __initHome() { DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log" DEFAULT_CA_HOME="$LE_WORKING_DIR/ca" + + if [ -z "$LE_TEMP_DIR" ] ; then + LE_TEMP_DIR="$LE_WORKING_DIR/tmp" + fi } #[domain] [keylength] @@ -1693,6 +1700,21 @@ _initpath() { } +_exec() { + if [ -z "$_EXEC_TEMP_ERR" ] ; then + _EXEC_TEMP_ERR="$(_mktemp)" + fi + + if [ "$_EXEC_TEMP_ERR" ] ; then + "$@" 2>"$_EXEC_TEMP_ERR" + else + "$@" + fi +} + +_exec_err() { + [ "$_EXEC_TEMP_ERR" ] && _err "$(cat "$_EXEC_TEMP_ERR")" +} _apachePath() { _APACHECTL="apachectl" @@ -1705,8 +1727,20 @@ _apachePath() { return 1 fi fi + + if ! _exec $_APACHECTL -V ; then + _exec_err + return 1 + fi + httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )" _debug httpdconfname "$httpdconfname" + + if [ -z "$httpdconfname" ] ; then + _err "Can not read apache config file." + return 1 + fi + if _startswith "$httpdconfname" '/' ; then httpdconf="$httpdconfname" httpdconfname="$(basename $httpdconfname)" @@ -1741,7 +1775,8 @@ _restoreApache() { cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" > "$httpdconf" _debug "Restored: $httpdconf." - if ! $_APACHECTL -t >/dev/null 2>&1 ; then + if ! _exec $_APACHECTL -t ; then + _exec_err _err "Sorry, restore apache config error, please contact me." return 1; fi @@ -1758,11 +1793,11 @@ _setApache() { #test the conf first _info "Checking if there is an error in the apache config file before starting." - _msg="$($_APACHECTL -t 2>&1 )" - if [ "$?" != "0" ] ; then - _err "Sorry, apache config file has error, please fix it first, then try again." + + if ! _exec $_APACHECTL -t >/dev/null ; then + _exec_err + _err "The apache config file has error, please fix it first, then try again." _err "Don't worry, there is nothing changed to your system." - _err "$_msg" return 1; else _info "OK" @@ -1821,8 +1856,9 @@ Allow from all chmod 755 "$ACME_DIR" fi - if ! $_APACHECTL graceful ; then - _err "Sorry, $_APACHECTL graceful error, please contact me." + if ! _exec $_APACHECTL graceful ; then + _exec_err + _err "$_APACHECTL graceful error, please contact me." _restoreApache return 1; fi From e7d4352292c082b60f1914297b66383ab4d58547 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 1 Nov 2016 20:38:00 +0800 Subject: [PATCH 025/100] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 888de5e..2a11ba2 100755 --- a/acme.sh +++ b/acme.sh @@ -1728,7 +1728,7 @@ _apachePath() { fi fi - if ! _exec $_APACHECTL -V ; then + if ! _exec $_APACHECTL -V >/dev/null ; then _exec_err return 1 fi From c243829234b334846327dd88d16ffcd3492f64eb Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 2 Nov 2016 23:02:42 +0800 Subject: [PATCH 026/100] add issue template --- .github/ISSUE_TEMPLATE.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..4abbb7a --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,25 @@ + + +Steps to reproduce +------------------ + + +Debug log +----------------- + +``` +acme.sh --issue ..... --debug 2 +``` + + From 1cbf416b10def006e9727e1e624c25d49121f629 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 2 Nov 2016 23:22:36 +0800 Subject: [PATCH 027/100] minor, add more log --- acme.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 2a11ba2..28d80b1 100755 --- a/acme.sh +++ b/acme.sh @@ -1145,14 +1145,15 @@ _send_signed_request() { return 1 fi - _debug3 _headers "$_headers" + _debug2 _headers "$_headers" _CACHED_NONCE="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + _debug2 _CACHED_NONCE "$_CACHED_NONCE" else _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" fi nonce="$_CACHED_NONCE" - _debug3 nonce "$nonce" + _debug2 nonce "$nonce" protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" From 3c33cdfa3da68000a40b85304821705f0deea951 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 3 Nov 2016 19:19:51 +0800 Subject: [PATCH 028/100] Update README.md --- README.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bd0cbd2..b762268 100644 --- a/README.md +++ b/README.md @@ -138,15 +138,24 @@ More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert # 3. Install the issued cert to apache/nginx etc. -After you issue a cert, you probably want to install/copy the cert to your nginx/apache or other servers you may be using. +After you issue a cert, you probably want to install/copy the cert to your nginx/apache or other servers. +You **MUST** use this command to copy the certs to the target files, **Do NOT** use the certs files in **.acme.sh/** folder, they are for internal use only, the folder structure may change in future. +**nginx** example ```bash acme.sh --installcert -d example.com \ ---certpath /path/to/certfile/in/apache/nginx \ ---keypath /path/to/keyfile/in/apache/nginx \ ---capath /path/to/ca/certfile/apache/nginx \ ---fullchainpath path/to/fullchain/certfile/apache/nginx \ ---reloadcmd "service apache2|nginx reload" +--keypath /path/to/keyfile/in/nginx/key.pem \ +--fullchainpath path/to/fullchain/nginx/cert.pem \ +--reloadcmd "service nginx restart" +``` + +**apache** example +```bash +acme.sh --installcert -d example.com \ +--certpath /path/to/certfile/in/apache/cert.pem \ +--keypath /path/to/keyfile/in/apache/key.pem \ +--fullchainpath path/to/fullchain/certfile/apache/fullchain.pem \ +--reloadcmd "service apache2 restart" ``` Only the domain is required, all the other parameters are optional. From 9d548d81ac22f1613b4fe83b5e3b06a283fd2294 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:03:41 +0800 Subject: [PATCH 029/100] add more debug info --- acme.sh | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 28d80b1..3f4fbeb 100755 --- a/acme.sh +++ b/acme.sh @@ -91,6 +91,30 @@ _printargs() { printf "\n" } +_dlg_versions() { + echo "Diagnosis versions: " + echo "openssl:" + if _exists openssl ; then + openssl version 2>&1 + else + echo "openssl doesn't exists." + fi + + echo "apache:" + if [ "$_APACHECTL" ] && _exists "$_APACHECTL" ; then + _APACHECTL -V 2>&1 + else + echo "apache doesn't exists." + fi + + echo "nc:" + if _exists "nc" ; then + nc -h 2>&1 + else + _debug "nc doesn't exists." + fi +} + _log() { [ -z "$LOG_FILE" ] && return @@ -2058,6 +2082,10 @@ _on_issue_err() { _err "See: $_DEBUG_WIKI" fi + if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ] ; then + _debug "$(_dlg_versions)" + fi + #run the post hook if [ "$Le_PostHook" ] ; then _info "Run post hook:'$Le_PostHook'" @@ -4358,7 +4386,9 @@ _process() { _processAccountConf fi - + + _debug2 LE_WORKING_DIR "$LE_WORKING_DIR" + if [ "$DEBUG" ] ; then version fi From 29b751095713fbd1f7a22242e652aa84ef2b380b Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:22:01 +0800 Subject: [PATCH 030/100] add sign error check. --- acme.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3f4fbeb..18453b6 100755 --- a/acme.sh +++ b/acme.sh @@ -1185,7 +1185,13 @@ _send_signed_request() { protected64="$(printf "$protected" | _base64 | _urlencode)" _debug3 protected64 "$protected64" - sig=$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256" | _urlencode) + if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")" ; then + _err "Sign request failed." + return 1 + fi + _debug3 _sig_t "$_sig_t" + + sig="$(printf "%s" "$_sig_t" | _urlencode)" _debug3 sig "$sig" body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" From d22b7938dae42e92d0af60f060c56ea4354f851c Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:45:50 +0800 Subject: [PATCH 031/100] fix old version openssl issue for ecc key --- acme.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/acme.sh b/acme.sh index 18453b6..b1703ec 100755 --- a/acme.sh +++ b/acme.sh @@ -891,6 +891,26 @@ _calcjwk() { crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" + if [ -z "$crv" ] ; then + _debug "Let's try ASN1 OID" + crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + case "${crv_oid}" in + "prime256v1") + crv="P-256" + ;; + "secp384r1") + crv="P-384" + ;; + "secp521r1") + crv="P-521" + ;; + *) + _err "ECC oid : $crv_oid" + return 1 + ;; + _debug3 crv "$crv" + fi + pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi" From 067d586c1c2f17360d05ff79cae747f8bd7bc5a6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:47:45 +0800 Subject: [PATCH 032/100] typo --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index b1703ec..2c1aacf 100755 --- a/acme.sh +++ b/acme.sh @@ -908,6 +908,7 @@ _calcjwk() { _err "ECC oid : $crv_oid" return 1 ;; + esac _debug3 crv "$crv" fi From cae9cee295ccedeb5dda0f84042bcf9ed462f3d1 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 22:53:33 +0800 Subject: [PATCH 033/100] add debug info --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index 2c1aacf..8e86b03 100755 --- a/acme.sh +++ b/acme.sh @@ -894,6 +894,7 @@ _calcjwk() { if [ -z "$crv" ] ; then _debug "Let's try ASN1 OID" crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + _debug3 crv_oid "$crv_oid" case "${crv_oid}" in "prime256v1") crv="P-256" From 67184d7b20e9622b91ea23a2640de10105f84213 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 23:34:06 +0800 Subject: [PATCH 034/100] add more error check --- acme.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 8e86b03..653dd04 100755 --- a/acme.sh +++ b/acme.sh @@ -454,7 +454,12 @@ _sign() { if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then $_sign_openssl | _base64 elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then - _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" + if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" ; then + _err "Sign failed: $_sign_openssl" + _err "Key file: $keyfile" + _err "Key content:$(cat "$keyfile")" + return 1 + fi _debug3 "_signedECText" "$_signedECText" _ec_r="$(echo "$_signedECText" | _head_n 2 | _tail_n 1 | cut -d : -f 4 | tr -d "\r\n")" _debug3 "_ec_r" "$_ec_r" From d018be5d36e83428ab43ef51c67104f675f96f5a Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Nov 2016 23:45:08 +0800 Subject: [PATCH 035/100] hide private key from the log --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 653dd04..83bca1d 100755 --- a/acme.sh +++ b/acme.sh @@ -457,7 +457,7 @@ _sign() { if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" ; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" - _err "Key content:$(cat "$keyfile")" + _err "Key content:$(cat "$keyfile" | wc -l) lises" return 1 fi _debug3 "_signedECText" "$_signedECText" From f06c1e6c78911fc56125fb9499e4a03fb03a0b57 Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 12:37:13 +0100 Subject: [PATCH 036/100] luadns bash script --- dnsapi/dns_lua.sh | 147 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) create mode 100644 dnsapi/dns_lua.sh diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh new file mode 100644 index 0000000..fc0bb8b --- /dev/null +++ b/dnsapi/dns_lua.sh @@ -0,0 +1,147 @@ +#!/usr/bin/env bash + + +# +#LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# +#LUA_Email="xxxx%40sss.com" + +LUA_Api="https://api.luadns.com/v1" +LUA_auth=$(printf $LUA_Email:$LUA_Key | base64) +# _ACME_CURL="curl -L --silent -u $LUA_Email:$LUA_Key " + +#printf $LUA_Api +#exit +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_lua_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ] ; then + _err "You don't specify luadns api key and email yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf LUA_Key "$LUA_Key" + _saveaccountconf LUA_Email "$LUA_Email" + + _debug "First detect the root zone" + if ! _get_root $fulldomain ; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _LUA_rest GET "zones/${_domain_id}/records" + + if ! printf "$response" | grep \"id\": > /dev/null ; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o \"name\":\"$fulldomain\" | wc -l) + _debug count "$count" + if [ "$count" = "0" ] ; then + _info "Adding record" + if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep $fulldomain > /dev/null ; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2|cut -d, -f1 ) + _debug "record_id" $record_id + + _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" + if [ "$?" = "0" ]; then + _info "Updated!" + #todo: check if the record takes effect + return 0; + fi + _err "Update error" + return 1 + fi + +} + + +#fulldomain +dns_lua_rm() { + fulldomain=$1 + +} + + +#################### Private functions bellow ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! _LUA_rest GET "zones" ; then + return 1 + fi + while [ '1' ] ; do + h=$(printf $domain | cut -d . -f $i-100) + if [ -z "$h" ] ; then + #not valid + return 1; + fi + + if printf $response | grep \"name\":\"$h\" >/dev/null ; then + _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$h\" | cut -d : -f 2 | cut -d , -f 1) + if [ "$_domain_id" ] ; then + _sub_domain=$(printf $domain | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(expr $i + 1) + done + return 1 +} + +_LUA_rest() { + m=$1 + ep="$2" + data="$3" + _debug $ep + + _H1="Accept: application/json" + _H2="Authorization: Basic $LUA_auth" + if [ "$data" ] ; then + _debug data "$data" + response="$(_post "$data" "$LUA_Api/$ep" "" $m)" + else + response="$(_get "$LUA_Api/$ep")" + fi + + if [ "$?" != "0" ] ; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} + + From a43d6972251b30ee183cae13cbc54a4f3605f51a Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 12:42:27 +0100 Subject: [PATCH 037/100] cleanup --- dnsapi/dns_lua.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index fc0bb8b..3e14b38 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -4,14 +4,11 @@ # #LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" # -#LUA_Email="xxxx%40sss.com" +#LUA_Email="user@luadns.net" LUA_Api="https://api.luadns.com/v1" LUA_auth=$(printf $LUA_Email:$LUA_Key | base64) -# _ACME_CURL="curl -L --silent -u $LUA_Email:$LUA_Key " -#printf $LUA_Api -#exit ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" From 2be4a5e4861477465e5249b9b996c69ffc990c3f Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 14:39:22 +0100 Subject: [PATCH 038/100] use _base64 --- dnsapi/dns_lua.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index 3e14b38..dfc10af 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -7,7 +7,7 @@ #LUA_Email="user@luadns.net" LUA_Api="https://api.luadns.com/v1" -LUA_auth=$(printf $LUA_Email:$LUA_Key | base64) +LUA_auth=$(printf $LUA_Email:$LUA_Key | _base64) ######## Public functions ##################### From 662df85e548045e70e89c392150709bd92b60e99 Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 15:09:08 +0100 Subject: [PATCH 039/100] s/bash/sh/ --- dnsapi/dns_lua.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index dfc10af..acc796f 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh # From 56e0269e5e90ac6fe535404e786af7f7921308b1 Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 15:12:25 +0100 Subject: [PATCH 040/100] email contact added --- dnsapi/dns_lua.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index acc796f..09265ce 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -1,5 +1,6 @@ #!/usr/bin/env sh +# bug reports to justmwa@users.noreply.github.com # #LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" From 1d9f76e2c80cd0be134926421284d1b0ffbc7a5a Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 15:24:23 +0100 Subject: [PATCH 041/100] working email contact added --- dnsapi/dns_lua.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index 09265ce..a59e0d0 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -# bug reports to justmwa@users.noreply.github.com +# bug reports to dev@1e.ca # #LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" From 57e58ce76cce210992e05db818d9066bbe7e6226 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 6 Nov 2016 23:08:45 +0800 Subject: [PATCH 042/100] set default account key to 2048. Some old platforms doesn't support ecc signing. --- acme.sh | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/acme.sh b/acme.sh index 83bca1d..1bea19d 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.3 +VER=2.6.4 PROJECT_NAME="acme.sh" @@ -19,6 +19,9 @@ DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016. DEFAULT_USER_AGENT="$PROJECT_ENTRY client v$VER : $PROJECT" DEFAULT_ACCOUNT_EMAIL="" +DEFAULT_ACCOUNT_KEY_LENGTH=2048 +DEFAULT_DOMAIN_KEY_LENGTH=2048 + STAGE_CA="https://acme-staging.api.letsencrypt.org" VTYPE_HTTP="http-01" @@ -739,15 +742,24 @@ createAccountKey() { return fi + length=$1 + _create_account_key "$length" + +} + +_create_account_key() { + length=$1 if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then - _debug "Use default length 2048" - length=2048 + _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH" + length="$DEFAULT_ACCOUNT_KEY_LENGTH" fi + _debug length "$length" _initpath + mkdir -p "$CA_DIR" if [ -f "$ACCOUNT_KEY_PATH" ] ; then _info "Account key exists, skip" return @@ -769,6 +781,11 @@ createDomainKey() { domain=$1 length=$2 + if [ -z "$length" ] ; then + _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" + length="$DEFAULT_DOMAIN_KEY_LENGTH" + fi + _initpath $domain "$length" if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then @@ -1319,7 +1336,7 @@ _read_conf() { eval "printf \"%s\" \"\$$_sdkey\"" ) else - _err "config file is empty, can not read $_sdkey" + _debug "config file is empty, can not read $_sdkey" fi } @@ -2163,16 +2180,21 @@ updateaccount() { } registeraccount() { + _reg_length="$1" _initpath - _regAccount + _regAccount "$_reg_length" } __calcAccountKeyHash() { [ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 } + +#keylength _regAccount() { _initpath + _reg_length="$1" + if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" @@ -2185,11 +2207,7 @@ _regAccount() { fi if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then - _acck="no" - if [ "$Le_Keylength" ] ; then - _acck="$Le_Keylength" - fi - if ! createAccountKey "$_acck" ; then + if ! _create_account_key "$_reg_length" ; then _err "Create account key error." return 1 fi @@ -2414,10 +2432,12 @@ issue() { _debug2 _saved_account_key_hash "$_saved_account_key_hash" if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then - if ! _regAccount ; then + if ! _regAccount "$_accountkeylength"; then _on_issue_err return 1 fi + else + _debug "_saved_account_key_hash is not changed, skip register account." fi if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then @@ -4232,9 +4252,6 @@ _process() { --keylength|-k) _keylength="$2" - if [ "$_accountkeylength" = "$NO_VALUE" ] ; then - _accountkeylength="$2" - fi shift ;; --accountkeylength|-ak) @@ -4458,7 +4475,7 @@ _process() { deactivate "$_domain,$_altdomains" ;; registeraccount) - registeraccount + registeraccount "$_accountkeylength" ;; updateaccount) updateaccount From 5be1449db5a2870cae7eeea0b5cf78a4694b1459 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 6 Nov 2016 23:26:38 +0800 Subject: [PATCH 043/100] add APACHE_HTTPD_CONF https://github.com/Neilpang/acme.sh/issues/363 --- acme.sh | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/acme.sh b/acme.sh index 1bea19d..b07b1dc 100755 --- a/acme.sh +++ b/acme.sh @@ -1808,22 +1808,28 @@ _apachePath() { return 1 fi - httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )" - _debug httpdconfname "$httpdconfname" - - if [ -z "$httpdconfname" ] ; then - _err "Can not read apache config file." - return 1 - fi - - if _startswith "$httpdconfname" '/' ; then - httpdconf="$httpdconfname" + if [ "$APACHE_HTTPD_CONF" ] ; then + _saveaccountconf APACHE_HTTPD_CONF "$APACHE_HTTPD_CONF" + httpdconf="$APACHE_HTTPD_CONF" httpdconfname="$(basename $httpdconfname)" else - httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )" - _debug httpdroot "$httpdroot" - httpdconf="$httpdroot/$httpdconfname" - httpdconfname="$(basename $httpdconfname)" + httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )" + _debug httpdconfname "$httpdconfname" + + if [ -z "$httpdconfname" ] ; then + _err "Can not read apache config file." + return 1 + fi + + if _startswith "$httpdconfname" '/' ; then + httpdconf="$httpdconfname" + httpdconfname="$(basename $httpdconfname)" + else + httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )" + _debug httpdroot "$httpdroot" + httpdconf="$httpdroot/$httpdconfname" + httpdconfname="$(basename $httpdconfname)" + fi fi _debug httpdconf "$httpdconf" _debug httpdconfname "$httpdconfname" From f58e83ee8764c4faa1736e608621166d35bebe2d Mon Sep 17 00:00:00 2001 From: nytral Date: Sun, 6 Nov 2016 16:52:43 +0100 Subject: [PATCH 044/100] READMEs edit --- README.md | 1 + dnsapi/README.md | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/README.md b/README.md index b762268..79b5a52 100644 --- a/README.md +++ b/README.md @@ -254,6 +254,7 @@ You don't have do anything manually! 7. PowerDNS API 8. lexicon dns api: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api (DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) +9. LuaDNS.com API ##### More APIs are coming soon... diff --git a/dnsapi/README.md b/dnsapi/README.md index 9460315..1976911 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -136,4 +136,22 @@ For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh) https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api +## Use LuaDNS domain API + +Get your API token at https://api.luadns.com/settings + +``` +export LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" + +export LUA_Email="xxxx@sss.com" + +``` + +To issue a cert: +``` +acme.sh --issue --dns dns_lua --dnssleep 3 -d example.com -d www.example.com +``` + +The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. + From 20a6ab3d1a8b4ee0d2bf58388cf8d5a1d473cb41 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 7 Nov 2016 20:59:10 +0800 Subject: [PATCH 045/100] find hook file in current dir first --- acme.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index b07b1dc..e077d2e 100755 --- a/acme.sh +++ b/acme.sh @@ -2297,8 +2297,12 @@ _findHook() { _hookdomain="$1" _hookcat="$2" _hookname="$3" - - if [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ] ; then + + if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ] ; then + d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname" + elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ] ; then + d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" + elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ] ; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname" elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ] ; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" From b001840dee20d31423a7fb29e18ac9177b7f9a4c Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 8 Nov 2016 21:27:39 +0800 Subject: [PATCH 046/100] minor: add _hmac function --- acme.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/acme.sh b/acme.sh index e077d2e..c52ce70 100755 --- a/acme.sh +++ b/acme.sh @@ -436,6 +436,31 @@ _digest() { } +#Usage: hashalg secret [outputhex] +#Output Base64-encoded hmac +_hmac() { + alg="$1" + hmac_sec="$2" + outputhex="$3" + + if [ -z "$hmac_sec" ] ; then + _usage "Usage: _hmac hashalg secret [outputhex]" + return 1 + fi + + if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then + if [ "$outputhex" ] ; then + openssl dgst -$alg -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' + else + openssl dgst -$alg -hmac "$hmac_sec" -binary | _base64 + fi + else + _err "$alg is not supported yet" + return 1 + fi + +} + #Usage: keyfile hashalg #Output: Base64-encoded signature value _sign() { From 4c2a384159a94ac01976326d6458e171bcddb319 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 19:30:39 +0800 Subject: [PATCH 047/100] Add shfmt to format source code --- .travis.yml | 11 + acme.sh | 2390 ++++++++++++++++++++--------------------- deploy/myapi.sh | 9 +- dnsapi/dns_cf.sh | 68 +- dnsapi/dns_cx.sh | 100 +- dnsapi/dns_dp.sh | 16 +- dnsapi/dns_gd.sh | 51 +- dnsapi/dns_lexicon.sh | 38 +- dnsapi/dns_lua.sh | 64 +- dnsapi/dns_myapi.sh | 15 +- dnsapi/dns_ovh.sh | 185 ++-- dnsapi/dns_pdns.sh | 36 +- 12 files changed, 1439 insertions(+), 1544 deletions(-) create mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..6b71b4b --- /dev/null +++ b/.travis.yml @@ -0,0 +1,11 @@ +language: bash + +env: + global: + - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64 + +script: + - curl -sSL $SHFMT_URL -o ~/shfmt + - chmod +x ~/shfmt + - ~/shfmt -l -w -i 2 . + - git diff --exit-code || echo "Run shfmt to fix the formatting issues" diff --git a/acme.sh b/acme.sh index c52ce70..47a4f6d 100755 --- a/acme.sh +++ b/acme.sh @@ -60,33 +60,32 @@ DEFAULT_LOG_LEVEL="$LOG_LEVEL_1" _DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh" __INTERACTIVE="" -if [ -t 1 ] ; then +if [ -t 1 ]; then __INTERACTIVE="1" fi __green() { - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[1;31;32m' fi printf -- "$1" - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[0m' fi } __red() { - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[1;31;40m' fi printf -- "$1" - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then printf '\033[0m' fi } - _printargs() { - if [ -z "$2" ] ; then + if [ -z "$2" ]; then printf -- "[$(date)] $1" else printf -- "[$(date)] $1='$2'" @@ -97,31 +96,30 @@ _printargs() { _dlg_versions() { echo "Diagnosis versions: " echo "openssl:" - if _exists openssl ; then + if _exists openssl; then openssl version 2>&1 else echo "openssl doesn't exists." fi - + echo "apache:" - if [ "$_APACHECTL" ] && _exists "$_APACHECTL" ; then + if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then _APACHECTL -V 2>&1 else echo "apache doesn't exists." fi - + echo "nc:" - if _exists "nc" ; then + if _exists "nc"; then nc -h 2>&1 else _debug "nc doesn't exists." fi } - _log() { [ -z "$LOG_FILE" ] && return - _printargs "$@" >> $LOG_FILE + _printargs "$@" >>$LOG_FILE } _info() { @@ -129,11 +127,10 @@ _info() { _printargs "$@" } - _err() { _log "$@" printf -- "[$(date)] " >&2 - if [ -z "$2" ] ; then + if [ -z "$2" ]; then __red "$1" >&2 else __red "$1='$2'" >&2 @@ -143,52 +140,51 @@ _err() { } _usage() { - __red "$@" >&2 + __red "$@" >&2 printf "\n" >&2 } - _debug() { - if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ] ; then + if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then _log "$@" fi - if [ -z "$DEBUG" ] ; then + if [ -z "$DEBUG" ]; then return fi _printargs "$@" >&2 } _debug2() { - if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ] ; then + if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then _log "$@" fi - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _debug "$@" fi } _debug3() { - if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ] ; then + if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then _log "$@" fi - if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then _debug "$@" fi } -_startswith(){ +_startswith() { _str="$1" _sub="$2" echo "$_str" | grep "^$_sub" >/dev/null 2>&1 } -_endswith(){ +_endswith() { _str="$1" _sub="$2" echo "$_str" | grep -- "$_sub\$" >/dev/null 2>&1 } -_contains(){ +_contains() { _str="$1" _sub="$2" echo "$_str" | grep -- "$_sub" >/dev/null 2>&1 @@ -198,17 +194,17 @@ _hasfield() { _str="$1" _field="$2" _sep="$3" - if [ -z "$_field" ] ; then + if [ -z "$_field" ]; then _usage "Usage: str field [sep]" return 1 fi - - if [ -z "$_sep" ] ; then + + if [ -z "$_sep" ]; then _sep="," fi - - for f in $(echo "$_str" | tr ',' ' ') ; do - if [ "$f" = "$_field" ] ; then + + for f in $(echo "$_str" | tr ',' ' '); do + if [ "$f" = "$_field" ]; then _debug2 "'$_str' contains '$_field'" return 0 #contains ok fi @@ -217,42 +213,41 @@ _hasfield() { return 1 #not contains } -_getfield(){ +_getfield() { _str="$1" _findex="$2" _sep="$3" - - if [ -z "$_findex" ] ; then + + if [ -z "$_findex" ]; then _usage "Usage: str field [sep]" return 1 fi - - if [ -z "$_sep" ] ; then + + if [ -z "$_sep" ]; then _sep="," fi _ffi=$_findex - while [ "$_ffi" -gt "0" ] - do - _fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" - if [ "$_fv" ] ; then + while [ "$_ffi" -gt "0" ]; do + _fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" + if [ "$_fv" ]; then printf -- "%s" "$_fv" return 0 fi _ffi="$(_math $_ffi - 1)" done - + printf -- "%s" "$_str" } -_exists(){ +_exists() { cmd="$1" - if [ -z "$cmd" ] ; then + if [ -z "$cmd" ]; then _usage "Usage: _exists cmd" return 1 fi - if type command >/dev/null 2>&1 ; then + if type command >/dev/null 2>&1; then command -v "$cmd" >/dev/null 2>&1 else type "$cmd" >/dev/null 2>&1 @@ -263,41 +258,40 @@ _exists(){ } #a + b -_math(){ +_math() { expr "$@" } _h_char_2_dec() { _ch=$1 case "${_ch}" in - a|A) + a | A) printf "10" - ;; - b|B) + ;; + b | B) printf "11" - ;; - c|C) + ;; + c | C) printf "12" - ;; - d|D) + ;; + d | D) printf "13" - ;; - e|E) + ;; + e | E) printf "14" - ;; - f|F) + ;; + f | F) printf "15" - ;; + ;; *) printf "%s" "$_ch" - ;; + ;; esac } - _URGLY_PRINTF="" -if [ "$(printf '\x41')" != 'A' ] ; then +if [ "$(printf '\x41')" != 'A' ]; then _URGLY_PRINTF=1 fi @@ -305,35 +299,35 @@ _h2b() { hex=$(cat) i=1 j=2 - if _exists let ; then + if _exists let; then uselet="1" fi _debug3 uselet "$uselet" _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" - while true ; do - if [ -z "$_URGLY_PRINTF" ] ; then + while true; do + if [ -z "$_URGLY_PRINTF" ]; then h="$(printf $hex | cut -c $i-$j)" - if [ -z "$h" ] ; then - break; + if [ -z "$h" ]; then + break fi printf "\x$h" else ic="$(printf $hex | cut -c $i)" jc="$(printf $hex | cut -c $j)" - if [ -z "$ic$jc" ] ; then - break; + if [ -z "$ic$jc" ]; then + break fi ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" printf '\'"$(printf %o "$(_math $ic \* 16 + $jc)")" fi - if [ "$uselet" ] ; then + if [ "$uselet" ]; then let "i+=2" >/dev/null let "j+=2" >/dev/null else i="$(_math $i + 2)" j="$(_math $j + 2)" - fi + fi done } @@ -341,7 +335,7 @@ _h2b() { _sed_i() { options="$1" filename="$2" - if [ -z "$filename" ] ; then + if [ -z "$filename" ]; then _usage "Usage:_sed_i options filename" return 1 fi @@ -352,12 +346,12 @@ _sed_i() { else _debug "No -i support in sed" text="$(cat "$filename")" - echo "$text" | sed "$options" > "$filename" + echo "$text" | sed "$options" >"$filename" fi } _egrep_o() { - if _contains "$(egrep -o 2>&1)" "egrep: illegal option -- o" ; then + if _contains "$(egrep -o 2>&1)" "egrep: illegal option -- o"; then sed -n 's/.*\('"$1"'\).*/\1/p' else egrep -o "$1" @@ -369,34 +363,34 @@ _getfile() { filename="$1" startline="$2" endline="$3" - if [ -z "$endline" ] ; then + if [ -z "$endline" ]; then _usage "Usage: file startline endline" return 1 fi - - i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)" - if [ -z "$i" ] ; then + + i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)" + if [ -z "$i" ]; then _err "Can not find start line: $startline" return 1 fi i="$(_math "$i" + 1)" _debug i "$i" - - j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)" - if [ -z "$j" ] ; then + + j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)" + if [ -z "$j" ]; then _err "Can not find end line: $endline" return 1 fi j="$(_math "$j" - 1)" _debug j "$j" - - sed -n "$i,${j}p" "$filename" + + sed -n "$i,${j}p" "$filename" } #Usage: multiline _base64() { - if [ "$1" ] ; then + if [ "$1" ]; then openssl base64 -e else openssl base64 -e | tr -d '\r\n' @@ -405,7 +399,7 @@ _base64() { #Usage: multiline _dbase64() { - if [ "$1" ] ; then + if [ "$1" ]; then openssl base64 -d -A else openssl base64 -d @@ -416,15 +410,15 @@ _dbase64() { #Output Base64-encoded digest _digest() { alg="$1" - if [ -z "$alg" ] ; then + if [ -z "$alg" ]; then _usage "Usage: _digest hashalg" return 1 fi - + outputhex="$2" - + if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then - if [ "$outputhex" ] ; then + if [ "$outputhex" ]; then openssl dgst -$alg -hex | cut -d = -f 2 | tr -d ' ' else openssl dgst -$alg -binary | _base64 @@ -442,14 +436,14 @@ _hmac() { alg="$1" hmac_sec="$2" outputhex="$3" - - if [ -z "$hmac_sec" ] ; then - _usage "Usage: _hmac hashalg secret [outputhex]" + + if [ -z "$hmac_sec" ]; then + _usage "Usage: _hmac hashalg secret [outputhex]" return 1 fi if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then - if [ "$outputhex" ] ; then + if [ "$outputhex" ]; then openssl dgst -$alg -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' else openssl dgst -$alg -hmac "$hmac_sec" -binary | _base64 @@ -466,23 +460,23 @@ _hmac() { _sign() { keyfile="$1" alg="$2" - if [ -z "$alg" ] ; then + if [ -z "$alg" ]; then _usage "Usage: _sign keyfile hashalg" return 1 fi - + _sign_openssl="openssl dgst -sign $keyfile " - if [ "$alg" = "sha256" ] ; then + if [ "$alg" = "sha256" ]; then _sign_openssl="$_sign_openssl -$alg" else _err "$alg is not supported yet" return 1 fi - - if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + + if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then $_sign_openssl | _base64 - elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then - if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)" ; then + elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then + if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" _err "Key content:$(cat "$keyfile" | wc -l) lises" @@ -498,22 +492,22 @@ _sign() { _err "Unknown key file format." return 1 fi - + } #keylength _isEccKey() { _length="$1" - if [ -z "$_length" ] ;then + if [ -z "$_length" ]; then return 1 fi [ "$_length" != "1024" ] \ - && [ "$_length" != "2048" ] \ - && [ "$_length" != "3072" ] \ - && [ "$_length" != "4096" ] \ - && [ "$_length" != "8192" ] + && [ "$_length" != "2048" ] \ + && [ "$_length" != "3072" ] \ + && [ "$_length" != "4096" ] \ + && [ "$_length" != "8192" ] } # _createkey 2048|ec-256 file @@ -521,42 +515,41 @@ _createkey() { length="$1" f="$2" eccname="$length" - if _startswith "$length" "ec-" ; then + if _startswith "$length" "ec-"; then length=$(printf $length | cut -d '-' -f 2-100) - if [ "$length" = "256" ] ; then + if [ "$length" = "256" ]; then eccname="prime256v1" fi - if [ "$length" = "384" ] ; then + if [ "$length" = "384" ]; then eccname="secp384r1" fi - if [ "$length" = "521" ] ; then + if [ "$length" = "521" ]; then eccname="secp521r1" fi fi - if [ -z "$length" ] ; then - length=2048 + if [ -z "$length" ]; then + length=2048 fi - + _debug "Use length $length" - if _isEccKey "$length" ; then + if _isEccKey "$length"; then _debug "Using ec name: $eccname" - openssl ecparam -name $eccname -genkey 2>/dev/null > "$f" + openssl ecparam -name $eccname -genkey 2>/dev/null >"$f" else _debug "Using RSA: $length" - openssl genrsa $length 2>/dev/null > "$f" + openssl genrsa $length 2>/dev/null >"$f" fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Create key error." return 1 fi } - #domain _is_idn() { _is_idn_d="$1" @@ -570,17 +563,17 @@ _is_idn() { #aa.com,bb.com,cc.com _idn() { __idn_d="$1" - if ! _is_idn "$__idn_d" ; then + if ! _is_idn "$__idn_d"; then printf "%s" "$__idn_d" return 0 fi - - if _exists idn ; then - if _contains "$__idn_d" ',' ; then + + if _exists idn; then + if _contains "$__idn_d" ','; then _i_first="1" - for f in $(echo "$__idn_d" | tr ',' ' ') ; do + for f in $(echo "$__idn_d" | tr ',' ' '); do [ -z "$f" ] && continue - if [ -z "$_i_first" ] ; then + if [ -z "$_i_first" ]; then printf "%s" "," else _i_first="" @@ -608,29 +601,29 @@ _createcsr() { _debug2 csrkey "$csrkey" _debug2 csr "$csr" _debug2 csrconf "$csrconf" - - printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" > "$csrconf" - + + printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf" + if [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then #single domain _info "Single domain" "$domain" else domainlist="$(_idn $domainlist)" _debug2 domainlist "$domainlist" - if _contains "$domainlist" "," ; then + if _contains "$domainlist" ","; then alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" else alt="DNS:$domainlist" fi #multi _info "Multi domain" "$alt" - printf -- "\nsubjectAltName=$alt" >> "$csrconf" + printf -- "\nsubjectAltName=$alt" >>"$csrconf" fi - if [ "$Le_OCSP_Stable" ] ; then + if [ "$Le_OCSP_Stable" ]; then _savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable" - printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf" + printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >>"$csrconf" fi - + _csr_cn="$(_idn "$domain")" _debug2 _csr_cn "$_csr_cn" openssl req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" @@ -643,8 +636,8 @@ _signcsr() { conf="$3" cert="$4" _debug "_signcsr" - - _msg="$(openssl x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)" + + _msg="$(openssl x509 -req -days 365 -in "$csr" -signkey "$key" -extensions v3_req -extfile "$conf" -out "$cert" 2>&1)" _ret="$?" _debug "$_msg" return $_ret @@ -653,48 +646,48 @@ _signcsr() { #_csrfile _readSubjectFromCSR() { _csrfile="$1" - if [ -z "$_csrfile" ] ; then + if [ -z "$_csrfile" ]; then _usage "_readSubjectFromCSR mycsr.csr" return 1 fi - openssl req -noout -in "$_csrfile" -subject | _egrep_o "CN=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n' + openssl req -noout -in "$_csrfile" -subject | _egrep_o "CN=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n' } #_csrfile #echo comma separated domain list _readSubjectAltNamesFromCSR() { _csrfile="$1" - if [ -z "$_csrfile" ] ; then + if [ -z "$_csrfile" ]; then _usage "_readSubjectAltNamesFromCSR mycsr.csr" return 1 fi - + _csrsubj="$(_readSubjectFromCSR "$_csrfile")" _debug _csrsubj "$_csrsubj" - - _dnsAltnames="$(openssl req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" + + _dnsAltnames="$(openssl req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" _debug _dnsAltnames "$_dnsAltnames" - - if _contains "$_dnsAltnames," "DNS:$_csrsubj," ; then + + if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then _debug "AltNames contains subject" _dnsAltnames="$(printf "%s" "$_dnsAltnames," | sed "s/DNS:$_csrsubj,//g")" else _debug "AltNames doesn't contain subject" fi - + printf "%s" "$_dnsAltnames" | sed "s/DNS://g" } #_csrfile _readKeyLengthFromCSR() { _csrfile="$1" - if [ -z "$_csrfile" ] ; then + if [ -z "$_csrfile" ]; then _usage "_readKeyLengthFromCSR mycsr.csr" return 1 fi - - _outcsr="$(openssl req -noout -text -in "$_csrfile")" - if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey" ; then + + _outcsr="$(openssl req -noout -text -in "$_csrfile")" + if _contains "$_outcsr" "Public Key Algorithm: id-ecPublicKey"; then _debug "ECC CSR" echo "$_outcsr" | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' ' else @@ -703,25 +696,24 @@ _readKeyLengthFromCSR() { fi } - _ss() { _port="$1" - - if _exists "ss" ; then + + if _exists "ss"; then _debug "Using: ss" ss -ntpl | grep ":$_port " return 0 fi - if _exists "netstat" ; then + if _exists "netstat"; then _debug "Using: netstat" - if netstat -h 2>&1 | grep "\-p proto" >/dev/null ; then + if netstat -h 2>&1 | grep "\-p proto" >/dev/null; then #for windows version netstat tool netstat -an -p tcp | grep "LISTENING" | grep ":$_port " else - if netstat -help 2>&1 | grep "\-p protocol" >/dev/null ; then + if netstat -help 2>&1 | grep "\-p protocol" >/dev/null; then netstat -an -p tcp | grep LISTEN | grep ":$_port " - elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null ; then + elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null; then #for solaris netstat -an -P tcp | grep "\.$_port " | grep "LISTEN" else @@ -738,22 +730,22 @@ _ss() { toPkcs() { domain="$1" pfxPassword="$2" - if [ -z "$domain" ] ; then + if [ -z "$domain" ]; then _usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]" return 1 fi _isEcc="$3" - + _initpath "$domain" "$_isEcc" - if [ "$pfxPassword" ] ; then + if [ "$pfxPassword" ]; then openssl pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" -password "pass:$pfxPassword" else openssl pkcs12 -export -out "$CERT_PFX_PATH" -inkey "$CERT_KEY_PATH" -in "$CERT_PATH" -certfile "$CA_CERT_PATH" fi - - if [ "$?" = "0" ] ; then + + if [ "$?" = "0" ]; then _info "Success, Pfx is exported to: $CERT_PFX_PATH" fi @@ -762,11 +754,11 @@ toPkcs() { #[2048] createAccountKey() { _info "Creating account key" - if [ -z "$1" ] ; then + if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --createAccountKey --accountkeylength 2048" return fi - + length=$1 _create_account_key "$length" @@ -775,17 +767,17 @@ createAccountKey() { _create_account_key() { length=$1 - - if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ] ; then + + if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ]; then _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH" length="$DEFAULT_ACCOUNT_KEY_LENGTH" fi - + _debug length "$length" _initpath mkdir -p "$CA_DIR" - if [ -f "$ACCOUNT_KEY_PATH" ] ; then + if [ -f "$ACCOUNT_KEY_PATH" ]; then _info "Account key exists, skip" return else @@ -798,25 +790,25 @@ _create_account_key() { #domain [length] createDomainKey() { _info "Creating domain key" - if [ -z "$1" ] ; then + if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]" return fi - + domain=$1 length=$2 - - if [ -z "$length" ] ; then + + if [ -z "$length" ]; then _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" length="$DEFAULT_DOMAIN_KEY_LENGTH" fi - - _initpath $domain "$length" - if [ ! -f "$CERT_KEY_PATH" ] || ( [ "$FORCE" ] && ! [ "$IS_RENEW" ] ); then + _initpath $domain "$length" + + if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then _createkey "$length" "$CERT_KEY_PATH" else - if [ "$IS_RENEW" ] ; then + if [ "$IS_RENEW" ]; then _info "Domain key exists, skip" return 0 else @@ -831,29 +823,29 @@ createDomainKey() { # domain domainlist isEcc createCSR() { _info "Creating csr" - if [ -z "$1" ] ; then + if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]" return fi - + domain="$1" domainlist="$2" _isEcc="$3" - + _initpath "$domain" "$_isEcc" - - if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then + + if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then _info "CSR exists, skip" return fi - - if [ ! -f "$CERT_KEY_PATH" ] ; then + + if [ ! -f "$CERT_KEY_PATH" ]; then _err "The key file is not found: $CERT_KEY_PATH" _err "Please create the key file first." return 1 fi _createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" - + } _urlencode() { @@ -863,20 +855,20 @@ _urlencode() { _time2str() { #BSD - if date -u -d@$1 2>/dev/null ; then + if date -u -d@$1 2>/dev/null; then return fi - + #Linux - if date -u -r $1 2>/dev/null ; then + if date -u -r $1 2>/dev/null; then return fi - + #Soaris - if _exists adb ; then + if _exists adb; then echo $(echo "0t${1}=Y" | adb) fi - + } _normalizeJson() { @@ -885,92 +877,91 @@ _normalizeJson() { _stat() { #Linux - if stat -c '%U:%G' "$1" 2>/dev/null ; then + if stat -c '%U:%G' "$1" 2>/dev/null; then return fi - + #BSD - if stat -f '%Su:%Sg' "$1" 2>/dev/null ; then + if stat -f '%Su:%Sg' "$1" 2>/dev/null; then return fi - - return 1; #error, 'stat' not found + + return 1 #error, 'stat' not found } #keyfile _calcjwk() { keyfile="$1" - if [ -z "$keyfile" ] ; then + if [ -z "$keyfile" ]; then _usage "Usage: _calcjwk keyfile" return 1 fi - - if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ] ; then + + if [ "$JWK_HEADER" ] && [ "$__CACHED_JWK_KEY_FILE" = "$keyfile" ]; then _debug2 "Use cached jwk for file: $__CACHED_JWK_KEY_FILE" return 0 fi - - + EC_SIGN="" - if grep "BEGIN RSA PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "RSA key" - pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:"| cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) - if [ "${#pub_exp}" = "5" ] ; then + pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) + if [ "${#pub_exp}" = "5" ]; then pub_exp=0$pub_exp fi _debug3 pub_exp "$pub_exp" - + e=$(echo $pub_exp | _h2b | _base64) _debug3 e "$e" - - modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2 ) + + modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2) _debug3 modulus "$modulus" - n="$(printf "%s" "$modulus"| _h2b | _base64 | _urlencode )" + n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)" jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' _debug3 jwk "$jwk" - + JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' - elif grep "BEGIN EC PRIVATE KEY" "$keyfile" > /dev/null 2>&1 ; then + elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "EC key" EC_SIGN="1" - crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" - - if [ -z "$crv" ] ; then + + if [ -z "$crv" ]; then _debug "Let's try ASN1 OID" - crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv_oid "$crv_oid" case "${crv_oid}" in "prime256v1") - crv="P-256" - ;; + crv="P-256" + ;; "secp384r1") - crv="P-384" - ;; + crv="P-384" + ;; "secp521r1") - crv="P-521" - ;; + crv="P-521" + ;; *) - _err "ECC oid : $crv_oid" - return 1 - ;; + _err "ECC oid : $crv_oid" + return 1 + ;; esac _debug3 crv "$crv" fi - - pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" + + pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi" - - pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" + + pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" pubj=$(_math $pubj - 1) _debug3 pubj "$pubj" - - pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" + + pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" - + xlen="$(printf "$pubtext" | tr -d ':' | wc -c)" xlen=$(_math $xlen / 4) _debug3 xlen "$xlen" @@ -978,20 +969,20 @@ _calcjwk() { xend=$(_math "$xlen" + 1) x="$(printf $pubtext | cut -d : -f 2-$xend)" _debug3 x "$x" - + x64="$(printf $x | tr -d : | _h2b | _base64 | _urlencode)" _debug3 x64 "$x64" xend=$(_math "$xend" + 1) y="$(printf $pubtext | cut -d : -f $xend-10000)" _debug3 y "$y" - + y64="$(printf $y | tr -d : | _h2b | _base64 | _urlencode)" _debug3 y64 "$y64" - + jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' _debug3 jwk "$jwk" - + JWK_HEADER='{"alg": "ES256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "ES256", "jwk": '$jwk'}' @@ -1009,18 +1000,18 @@ _time() { } _mktemp() { - if _exists mktemp ; then - if mktemp 2>/dev/null ; then + if _exists mktemp; then + if mktemp 2>/dev/null; then return 0 - elif _contains "$(mktemp 2>&1)" "-t prefix" && mktemp -t "$PROJECT_NAME" 2>/dev/null ; then + elif _contains "$(mktemp 2>&1)" "-t prefix" && mktemp -t "$PROJECT_NAME" 2>/dev/null; then #for Mac osx return 0 fi fi - if [ -d "/tmp" ] ; then + if [ -d "/tmp" ]; then echo "/tmp/${PROJECT_NAME}wefADf24sf.$(_time).tmp" return 0 - elif [ "$LE_TEMP_DIR" ] && mkdir -p "$LE_TEMP_DIR" ; then + elif [ "$LE_TEMP_DIR" ] && mkdir -p "$LE_TEMP_DIR"; then echo "/$LE_TEMP_DIR/wefADf24sf.$(_time).tmp" return 0 fi @@ -1029,52 +1020,51 @@ _mktemp() { _inithttp() { - if [ -z "$HTTP_HEADER" ] || ! touch "$HTTP_HEADER" ; then + if [ -z "$HTTP_HEADER" ] || ! touch "$HTTP_HEADER"; then HTTP_HEADER="$(_mktemp)" _debug2 HTTP_HEADER "$HTTP_HEADER" fi - - if [ "$__HTTP_INITIALIZED" ] ; then - if [ "$_ACME_CURL$_ACME_WGET" ] ; then + + if [ "$__HTTP_INITIALIZED" ]; then + if [ "$_ACME_CURL$_ACME_WGET" ]; then _debug2 "Http already initialized." return 0 fi fi - - if [ -z "$_ACME_CURL" ] && _exists "curl" ; then + + if [ -z "$_ACME_CURL" ] && _exists "curl"; then _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER " - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _CURL_DUMP="$(_mktemp)" _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi - if [ "$CA_BUNDLE" ] ; then + if [ "$CA_BUNDLE" ]; then _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " fi - if [ "$HTTPS_INSECURE" ] ; then + if [ "$HTTPS_INSECURE" ]; then _ACME_CURL="$_ACME_CURL --insecure " fi fi - + if [ -z "$_ACME_WGET" ] && _exists "wget"; then _ACME_WGET="wget -q" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _ACME_WGET="$_ACME_WGET -d " fi - if [ "$CA_BUNDLE" ] ; then + if [ "$CA_BUNDLE" ]; then _ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " fi - if [ "$HTTPS_INSECURE" ] ; then + if [ "$HTTPS_INSECURE" ]; then _ACME_WGET="$_ACME_WGET --no-check-certificate " fi fi - + __HTTP_INITIALIZED=1 } - # body url [needbase64] [POST|PUT] _post() { body="$1" @@ -1082,53 +1072,53 @@ _post() { needbase64="$3" httpmethod="$4" - if [ -z "$httpmethod" ] ; then + if [ -z "$httpmethod" ]; then httpmethod="POST" fi _debug $httpmethod _debug "url" "$url" _debug2 "body" "$body" - + _inithttp - - if [ "$_ACME_CURL" ] ; then + + if [ "$_ACME_CURL" ]; then _CURL="$_ACME_CURL" _debug "_CURL" "$_CURL" - if [ "$needbase64" ] ; then + if [ "$needbase64" ]; then response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" | _base64)" else - response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url" )" + response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$url")" fi _ret="$?" - if [ "$_ret" != "0" ] ; then + if [ "$_ret" != "0" ]; then _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" fi fi - elif [ "$_ACME_WGET" ] ; then + elif [ "$_ACME_WGET" ]; then _debug "_ACME_WGET" "$_ACME_WGET" - if [ "$needbase64" ] ; then - if [ "$httpmethod" = "POST" ] ; then + if [ "$needbase64" ]; then + if [ "$httpmethod" = "POST" ]; then response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" else response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" fi else - if [ "$httpmethod" = "POST" ] ; then + if [ "$httpmethod" = "POST" ]; then response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" else response="$($_ACME_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" fi fi _ret="$?" - if [ "$_ret" = "8" ] ; then + if [ "$_ret" = "8" ]; then _ret=0 _debug "wget returns 8, the server returns a 'Bad request' respons, lets process the response later." fi - if [ "$_ret" != "0" ] ; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" + if [ "$_ret" != "0" ]; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" fi _sed_i "s/^ *//g" "$HTTP_HEADER" else @@ -1140,7 +1130,6 @@ _post() { return $_ret } - # url getheader timeout _get() { _debug GET @@ -1152,43 +1141,43 @@ _get() { _inithttp - if [ "$_ACME_CURL" ] ; then + if [ "$_ACME_CURL" ]; then _CURL="$_ACME_CURL" - if [ "$t" ] ; then + if [ "$t" ]; then _CURL="$_CURL --connect-timeout $t" fi _debug "_CURL" "$_CURL" - if [ "$onlyheader" ] ; then + if [ "$onlyheader" ]; then $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url else - $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url + $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url fi ret=$? - if [ "$ret" != "0" ] ; then + if [ "$ret" != "0" ]; then _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" fi fi - elif [ "$_ACME_WGET" ] ; then + elif [ "$_ACME_WGET" ]; then _WGET="$_ACME_WGET" - if [ "$t" ] ; then + if [ "$t" ]; then _WGET="$_WGET --timeout=$t" fi _debug "_WGET" "$_WGET" - if [ "$onlyheader" ] ; then + if [ "$onlyheader" ]; then $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null $url 2>&1 | sed 's/^[ ]*//g' else - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url fi ret=$? - if [ "$_ret" = "8" ] ; then + if [ "$_ret" = "8" ]; then _ret=0 _debug "wget returns 8, the server returns a 'Bad request' respons, lets process the response later." fi - if [ "$ret" != "0" ] ; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" + if [ "$ret" != "0" ]; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" fi else ret=$? @@ -1203,7 +1192,7 @@ _head_n() { } _tail_n() { - if ! tail -n $1 2>/dev/null ; then + if ! tail -n $1 2>/dev/null; then #fix for solaris tail -$1 fi @@ -1215,80 +1204,78 @@ _send_signed_request() { payload=$2 needbase64=$3 keyfile=$4 - if [ -z "$keyfile" ] ; then + if [ -z "$keyfile" ]; then keyfile="$ACCOUNT_KEY_PATH" fi _debug url $url _debug payload "$payload" - - if ! _calcjwk "$keyfile" ; then + + if ! _calcjwk "$keyfile"; then return 1 fi payload64=$(printf "%s" "$payload" | _base64 | _urlencode) _debug3 payload64 $payload64 - - if [ -z "$_CACHED_NONCE" ] ; then + + if [ -z "$_CACHED_NONCE" ]; then _debug2 "Get nonce." nonceurl="$API/directory" _headers="$(_get $nonceurl "onlyheader")" - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "Can not connect to $nonceurl to get nonce." return 1 fi - + _debug2 _headers "$_headers" - - _CACHED_NONCE="$( echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + + _CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" _debug2 _CACHED_NONCE "$_CACHED_NONCE" else _debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE" fi nonce="$_CACHED_NONCE" _debug2 nonce "$nonce" - + protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" - + protected64="$(printf "$protected" | _base64 | _urlencode)" _debug3 protected64 "$protected64" - if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")" ; then + if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then _err "Sign request failed." return 1 fi _debug3 _sig_t "$_sig_t" - + sig="$(printf "%s" "$_sig_t" | _urlencode)" _debug3 sig "$sig" - + body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug3 body "$body" - response="$(_post "$body" $url "$needbase64")" _CACHED_NONCE="" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not post to $url" return 1 fi _debug2 original "$response" - - response="$( echo "$response" | _normalizeJson )" + + response="$(echo "$response" | _normalizeJson)" responseHeaders="$(cat "$HTTP_HEADER")" - + _debug2 responseHeaders "$responseHeaders" - _debug2 response "$response" - code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n" )" + _debug2 response "$response" + code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")" _debug code $code - + _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" } - #setopt "file" "opt" "=" "value" [";"] _setopt() { __conf="$1" @@ -1296,44 +1283,43 @@ _setopt() { __sep="$3" __val="$4" __end="$5" - if [ -z "$__opt" ] ; then - _usage usage: _setopt '"file" "opt" "=" "value" [";"]' + if [ -z "$__opt" ]; then + _usage usage: _setopt '"file" "opt" "=" "value" [";"]' return fi - if [ ! -f "$__conf" ] ; then + if [ ! -f "$__conf" ]; then touch "$__conf" fi - if grep -n "^$__opt$__sep" "$__conf" > /dev/null ; then + if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then _debug3 OK - if _contains "$__val" "&" ; then + if _contains "$__val" "&"; then __val="$(echo $__val | sed 's/&/\\&/g')" fi text="$(cat $__conf)" - echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" + echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf" - elif grep -n "^#$__opt$__sep" "$__conf" > /dev/null ; then - if _contains "$__val" "&" ; then + elif grep -n "^#$__opt$__sep" "$__conf" >/dev/null; then + if _contains "$__val" "&"; then __val="$(echo $__val | sed 's/&/\\&/g')" fi text="$(cat $__conf)" - echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" + echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf" else _debug3 APP - echo "$__opt$__sep$__val$__end" >> "$__conf" + echo "$__opt$__sep$__val$__end" >>"$__conf" fi _debug2 "$(grep -n "^$__opt$__sep" $__conf)" } - #_save_conf file key value #save to conf _save_conf() { _s_c_f="$1" _sdkey="$2" _sdvalue="$3" - if [ "$_s_c_f" ] ; then + if [ "$_s_c_f" ]; then _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" else _err "config file is empty, can not save $_sdkey=$_sdvalue" @@ -1344,8 +1330,8 @@ _save_conf() { _clear_conf() { _c_c_f="$1" _sdkey="$2" - if [ "$_c_c_f" ] ; then - _sed_i "s/^$_sdkey.*$//" "$_c_c_f" + if [ "$_c_c_f" ]; then + _sed_i "s/^$_sdkey.*$//" "$_c_c_f" else _err "config file is empty, can not clear" fi @@ -1355,17 +1341,16 @@ _clear_conf() { _read_conf() { _r_c_f="$1" _sdkey="$2" - if [ -f "$_r_c_f" ] ; then - ( - eval $(grep "^$_sdkey *=" "$_r_c_f") - eval "printf \"%s\" \"\$$_sdkey\"" - ) + if [ -f "$_r_c_f" ]; then + ( + eval $(grep "^$_sdkey *=" "$_r_c_f") + eval "printf \"%s\" \"\$$_sdkey\"" + ) else _debug "config file is empty, can not read $_sdkey" fi } - #_savedomainconf key value #save to domain.conf _savedomainconf() { @@ -1415,84 +1400,83 @@ _startserver() { _debug "startserver: $$" nchelp="$(nc -h 2>&1)" - + _debug Le_HTTPPort "$Le_HTTPPort" _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" _NC="nc" - - if [ "$Le_Listen_V4" ] ; then + + if [ "$Le_Listen_V4" ]; then _NC="$_NC -4" - elif [ "$Le_Listen_V6" ] ; then + elif [ "$Le_Listen_V6" ]; then _NC="$_NC -6" fi - - if echo "$nchelp" | grep "\-q[ ,]" >/dev/null ; then + + if echo "$nchelp" | grep "\-q[ ,]" >/dev/null; then _NC="$_NC -q 1 -l $ncaddr" else - if echo "$nchelp" | grep "GNU netcat" >/dev/null && echo "$nchelp" | grep "\-c, \-\-close" >/dev/null ; then + if echo "$nchelp" | grep "GNU netcat" >/dev/null && echo "$nchelp" | grep "\-c, \-\-close" >/dev/null; then _NC="$_NC -c -l $ncaddr" - elif echo "$nchelp" | grep "\-N" |grep "Shutdown the network socket after EOF on stdin" >/dev/null ; then + elif echo "$nchelp" | grep "\-N" | grep "Shutdown the network socket after EOF on stdin" >/dev/null; then _NC="$_NC -N -l $ncaddr" else _NC="$_NC -l $ncaddr" fi fi - _debug "_NC" "$_NC" #for centos ncat - if _contains "$nchelp" "nmap.org" ; then + if _contains "$nchelp" "nmap.org"; then _debug "Using ncat: nmap.org" - if [ "$DEBUG" ] ; then - if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; then + if [ "$DEBUG" ]; then + if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort; then return fi - else - if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1; then + else + if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort >/dev/null 2>&1; then return fi fi _err "ncat listen error." fi - -# while true ; do - if [ "$DEBUG" ] ; then - if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ; then - printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; - fi - else - if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort > /dev/null 2>&1; then - printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1 - fi + + # while true ; do + if [ "$DEBUG" ]; then + if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort; then + printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort fi - if [ "$?" != "0" ] ; then - _err "nc listen error." - exit 1 + else + if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then + printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort >/dev/null 2>&1 fi -# done + fi + if [ "$?" != "0" ]; then + _err "nc listen error." + exit 1 + fi + # done } -_stopserver(){ +_stopserver() { pid="$1" _debug "pid" "$pid" - if [ -z "$pid" ] ; then + if [ -z "$pid" ]; then return fi _debug2 "Le_HTTPPort" "$Le_HTTPPort" - if [ "$Le_HTTPPort" ] ; then - if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ] ; then + if [ "$Le_HTTPPort" ]; then + if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then _get "http://localhost:$Le_HTTPPort" "" 1 else _get "http://localhost:$Le_HTTPPort" "" 1 >/dev/null 2>&1 fi fi - + _debug2 "Le_TLSPort" "$Le_TLSPort" - if [ "$Le_TLSPort" ] ; then - if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ] ; then + if [ "$Le_TLSPort" ]; then + if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then _get "https://localhost:$Le_TLSPort" "" 1 _get "https://localhost:$Le_TLSPort" "" 1 else @@ -1505,10 +1489,9 @@ _stopserver(){ # sleep sec _sleep() { _sleep_sec="$1" - if [ "$__INTERACTIVE" ] ; then + if [ "$__INTERACTIVE" ]; then _sleep_c="$_sleep_sec" - while [ "$_sleep_c" -ge "0" ] ; - do + while [ "$_sleep_c" -ge "0" ]; do printf "\r \r" __green "$_sleep_c" _sleep_c="$(_math $_sleep_c - 1)" @@ -1528,35 +1511,35 @@ _starttlsserver() { port="$3" content="$4" opaddr="$5" - + _debug san_a "$san_a" _debug san_b "$san_b" _debug port "$port" - + #create key TLS_KEY - if ! _createkey "2048" "$TLS_KEY" ; then + if ! _createkey "2048" "$TLS_KEY"; then _err "Create tls validation key error." return 1 fi - + #create csr alt="$san_a" - if [ "$san_b" ] ; then + if [ "$san_b" ]; then alt="$alt,$san_b" fi - if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" ; then + if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF"; then _err "Create tls validation csr error." return 1 fi - + #self signed - if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT" ; then + if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT"; then _err "Create tls validation cert error." return 1 fi - + __S_OPENSSL="openssl s_server -cert $TLS_CERT -key $TLS_KEY " - if [ "$opaddr" ] ; then + if [ "$opaddr" ]; then __S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" else __S_OPENSSL="$__S_OPENSSL -accept $port" @@ -1564,18 +1547,18 @@ _starttlsserver() { _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" - if [ "$Le_Listen_V4" ] ; then + if [ "$Le_Listen_V4" ]; then __S_OPENSSL="$__S_OPENSSL -4" - elif [ "$Le_Listen_V6" ] ; then + elif [ "$Le_Listen_V6" ]; then __S_OPENSSL="$__S_OPENSSL -6" fi - + #start openssl _debug "$__S_OPENSSL" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL -tlsextdebug ) & + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then + (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL -tlsextdebug) & else - (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL >/dev/null 2>&1) & + (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL >/dev/null 2>&1) & fi serverproc="$!" @@ -1587,24 +1570,24 @@ _starttlsserver() { _readlink() { _rf="$1" if ! readlink -f "$_rf" 2>/dev/null; then - if _startswith "$_rf" "\./$PROJECT_ENTRY" ; then + if _startswith "$_rf" "\./$PROJECT_ENTRY"; then printf -- "%s" "$(pwd)/$PROJECT_ENTRY" return 0 fi - readlink "$_rf" + readlink "$_rf" fi } __initHome() { - if [ -z "$_SCRIPT_HOME" ] ; then - if _exists readlink && _exists dirname ; then + if [ -z "$_SCRIPT_HOME" ]; then + if _exists readlink && _exists dirname; then _debug "Lets find script dir." _debug "_SCRIPT_" "$_SCRIPT_" _script="$(_readlink "$_SCRIPT_")" _debug "_script" "$_script" _script_home="$(dirname "$_script")" _debug "_script_home" "$_script_home" - if [ -d "$_script_home" ] ; then + if [ -d "$_script_home" ]; then _SCRIPT_HOME="$_script_home" else _err "It seems the script home is not correct:$_script_home" @@ -1612,17 +1595,16 @@ __initHome() { fi fi - - if [ -z "$LE_WORKING_DIR" ] ; then - if [ -f "$DEFAULT_INSTALL_HOME/account.conf" ] ; then + if [ -z "$LE_WORKING_DIR" ]; then + if [ -f "$DEFAULT_INSTALL_HOME/account.conf" ]; then _debug "It seems that $PROJECT_NAME is already installed in $DEFAULT_INSTALL_HOME" LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" else LE_WORKING_DIR="$_SCRIPT_HOME" fi fi - - if [ -z "$LE_WORKING_DIR" ] ; then + + if [ -z "$LE_WORKING_DIR" ]; then _debug "Using default home:$DEFAULT_INSTALL_HOME" LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" fi @@ -1630,21 +1612,21 @@ __initHome() { _DEFAULT_ACCOUNT_CONF_PATH="$LE_WORKING_DIR/account.conf" - if [ -z "$ACCOUNT_CONF_PATH" ] ; then - if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ] ; then + if [ -z "$ACCOUNT_CONF_PATH" ]; then + if [ -f "$_DEFAULT_ACCOUNT_CONF_PATH" ]; then . "$_DEFAULT_ACCOUNT_CONF_PATH" fi fi - - if [ -z "$ACCOUNT_CONF_PATH" ] ; then + + if [ -z "$ACCOUNT_CONF_PATH" ]; then ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH" fi - + DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log" - + DEFAULT_CA_HOME="$LE_WORKING_DIR/ca" - - if [ -z "$LE_TEMP_DIR" ] ; then + + if [ -z "$LE_TEMP_DIR" ]; then LE_TEMP_DIR="$LE_WORKING_DIR/tmp" fi } @@ -1654,161 +1636,160 @@ _initpath() { __initHome - if [ -f "$ACCOUNT_CONF_PATH" ] ; then + if [ -f "$ACCOUNT_CONF_PATH" ]; then . "$ACCOUNT_CONF_PATH" fi - if [ "$IN_CRON" ] ; then - if [ ! "$_USER_PATH_EXPORTED" ] ; then + if [ "$IN_CRON" ]; then + if [ ! "$_USER_PATH_EXPORTED" ]; then _USER_PATH_EXPORTED=1 export PATH="$USER_PATH:$PATH" fi fi - - if [ -z "$CA_HOME" ] ; then + + if [ -z "$CA_HOME" ]; then CA_HOME="$DEFAULT_CA_HOME" fi - if [ -z "$API" ] ; then - if [ -z "$STAGE" ] ; then + if [ -z "$API" ]; then + if [ -z "$STAGE" ]; then API="$DEFAULT_CA" else API="$STAGE_CA" _info "Using stage api:$API" - fi + fi fi - + _API_HOST="$(echo "$API" | cut -d : -f 2 | tr -d '/')" CA_DIR="$CA_HOME/$_API_HOST" - + _DEFAULT_CA_CONF="$CA_DIR/ca.conf" - - if [ -z "$CA_CONF" ] ; then + + if [ -z "$CA_CONF" ]; then CA_CONF="$_DEFAULT_CA_CONF" fi - - if [ -f "$CA_CONF" ] ; then + + if [ -f "$CA_CONF" ]; then . "$CA_CONF" fi - if [ -z "$ACME_DIR" ] ; then + if [ -z "$ACME_DIR" ]; then ACME_DIR="/home/.acme" fi - - if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then + + if [ -z "$APACHE_CONF_BACKUP_DIR" ]; then APACHE_CONF_BACKUP_DIR="$LE_WORKING_DIR" fi - - if [ -z "$USER_AGENT" ] ; then + + if [ -z "$USER_AGENT" ]; then USER_AGENT="$DEFAULT_USER_AGENT" fi - - if [ -z "$HTTP_HEADER" ] ; then + + if [ -z "$HTTP_HEADER" ]; then HTTP_HEADER="$LE_WORKING_DIR/http.header" fi _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" _OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json" - + _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key" _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json" - if [ -z "$ACCOUNT_KEY_PATH" ] ; then + if [ -z "$ACCOUNT_KEY_PATH" ]; then ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH" fi - - if [ -z "$ACCOUNT_JSON_PATH" ] ; then + + if [ -z "$ACCOUNT_JSON_PATH" ]; then ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" fi - - + _DEFAULT_CERT_HOME="$LE_WORKING_DIR" - if [ -z "$CERT_HOME" ] ; then + if [ -z "$CERT_HOME" ]; then CERT_HOME="$_DEFAULT_CERT_HOME" fi - if [ -z "$1" ] ; then + if [ -z "$1" ]; then return 0 fi - + mkdir -p "$CA_DIR" - + domain="$1" _ilength="$2" - if [ -z "$DOMAIN_PATH" ] ; then + if [ -z "$DOMAIN_PATH" ]; then domainhome="$CERT_HOME/$domain" domainhomeecc="$CERT_HOME/$domain$ECC_SUFFIX" - + DOMAIN_PATH="$domainhome" - - if _isEccKey "$_ilength" ; then + + if _isEccKey "$_ilength"; then DOMAIN_PATH="$domainhomeecc" else - if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ] ; then + if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ]; then _info "The domain '$domain' seems to have a ECC cert already, please add '$(__red "--ecc")' parameter if you want to use that cert." fi fi _debug DOMAIN_PATH "$DOMAIN_PATH" fi - - if [ ! -d "$DOMAIN_PATH" ] ; then - if ! mkdir -p "$DOMAIN_PATH" ; then + + if [ ! -d "$DOMAIN_PATH" ]; then + if ! mkdir -p "$DOMAIN_PATH"; then _err "Can not create domain path: $DOMAIN_PATH" return 1 fi fi - - if [ -z "$DOMAIN_CONF" ] ; then + + if [ -z "$DOMAIN_CONF" ]; then DOMAIN_CONF="$DOMAIN_PATH/$domain.conf" fi - - if [ -z "$DOMAIN_SSL_CONF" ] ; then + + if [ -z "$DOMAIN_SSL_CONF" ]; then DOMAIN_SSL_CONF="$DOMAIN_PATH/$domain.csr.conf" fi - - if [ -z "$CSR_PATH" ] ; then + + if [ -z "$CSR_PATH" ]; then CSR_PATH="$DOMAIN_PATH/$domain.csr" fi - if [ -z "$CERT_KEY_PATH" ] ; then + if [ -z "$CERT_KEY_PATH" ]; then CERT_KEY_PATH="$DOMAIN_PATH/$domain.key" fi - if [ -z "$CERT_PATH" ] ; then + if [ -z "$CERT_PATH" ]; then CERT_PATH="$DOMAIN_PATH/$domain.cer" fi - if [ -z "$CA_CERT_PATH" ] ; then + if [ -z "$CA_CERT_PATH" ]; then CA_CERT_PATH="$DOMAIN_PATH/ca.cer" fi - if [ -z "$CERT_FULLCHAIN_PATH" ] ; then + if [ -z "$CERT_FULLCHAIN_PATH" ]; then CERT_FULLCHAIN_PATH="$DOMAIN_PATH/fullchain.cer" fi - if [ -z "$CERT_PFX_PATH" ] ; then + if [ -z "$CERT_PFX_PATH" ]; then CERT_PFX_PATH="$DOMAIN_PATH/$domain.pfx" fi - - if [ -z "$TLS_CONF" ] ; then + + if [ -z "$TLS_CONF" ]; then TLS_CONF="$DOMAIN_PATH/tls.valdation.conf" fi - if [ -z "$TLS_CERT" ] ; then + if [ -z "$TLS_CERT" ]; then TLS_CERT="$DOMAIN_PATH/tls.valdation.cert" fi - if [ -z "$TLS_KEY" ] ; then + if [ -z "$TLS_KEY" ]; then TLS_KEY="$DOMAIN_PATH/tls.valdation.key" fi - if [ -z "$TLS_CSR" ] ; then + if [ -z "$TLS_CSR" ]; then TLS_CSR="$DOMAIN_PATH/tls.valdation.csr" fi - + } _exec() { - if [ -z "$_EXEC_TEMP_ERR" ] ; then + if [ -z "$_EXEC_TEMP_ERR" ]; then _EXEC_TEMP_ERR="$(_mktemp)" fi - if [ "$_EXEC_TEMP_ERR" ] ; then + if [ "$_EXEC_TEMP_ERR" ]; then "$@" 2>"$_EXEC_TEMP_ERR" else - "$@" + "$@" fi } @@ -1818,39 +1799,39 @@ _exec_err() { _apachePath() { _APACHECTL="apachectl" - if ! _exists apachectl ; then - if _exists apache2ctl ; then - _APACHECTL="apache2ctl" + if ! _exists apachectl; then + if _exists apache2ctl; then + _APACHECTL="apache2ctl" else _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'" _err "Please use webroot mode to try again." return 1 fi fi - - if ! _exec $_APACHECTL -V >/dev/null ; then + + if ! _exec $_APACHECTL -V >/dev/null; then _exec_err return 1 fi - - if [ "$APACHE_HTTPD_CONF" ] ; then + + if [ "$APACHE_HTTPD_CONF" ]; then _saveaccountconf APACHE_HTTPD_CONF "$APACHE_HTTPD_CONF" httpdconf="$APACHE_HTTPD_CONF" httpdconfname="$(basename $httpdconfname)" else - httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"' )" + httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"')" _debug httpdconfname "$httpdconfname" - - if [ -z "$httpdconfname" ] ; then + + if [ -z "$httpdconfname" ]; then _err "Can not read apache config file." return 1 fi - - if _startswith "$httpdconfname" '/' ; then + + if _startswith "$httpdconfname" '/'; then httpdconf="$httpdconfname" httpdconfname="$(basename $httpdconfname)" else - httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"' )" + httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"')" _debug httpdroot "$httpdroot" httpdconf="$httpdroot/$httpdconfname" httpdconfname="$(basename $httpdconfname)" @@ -1858,7 +1839,7 @@ _apachePath() { fi _debug httpdconf "$httpdconf" _debug httpdconfname "$httpdconfname" - if [ ! -f "$httpdconf" ] ; then + if [ ! -f "$httpdconf" ]; then _err "Apache Config file not found" "$httpdconf" return 1 fi @@ -1866,52 +1847,52 @@ _apachePath() { } _restoreApache() { - if [ -z "$usingApache" ] ; then + if [ -z "$usingApache" ]; then return 0 fi _initpath - if ! _apachePath ; then + if ! _apachePath; then return 1 fi - - if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then + + if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ]; then _debug "No config file to restore." return 0 fi - - cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" > "$httpdconf" + + cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf" _debug "Restored: $httpdconf." - if ! _exec $_APACHECTL -t ; then + if ! _exec $_APACHECTL -t; then _exec_err _err "Sorry, restore apache config error, please contact me." - return 1; + return 1 fi _debug "Restored successfully." rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" - return 0 + return 0 } _setApache() { _initpath - if ! _apachePath ; then + if ! _apachePath; then return 1 fi #test the conf first _info "Checking if there is an error in the apache config file before starting." - - if ! _exec $_APACHECTL -t >/dev/null ; then + + if ! _exec $_APACHECTL -t >/dev/null; then _exec_err _err "The apache config file has error, please fix it first, then try again." _err "Don't worry, there is nothing changed to your system." - return 1; + return 1 else _info "OK" fi - + #backup the conf _debug "Backup apache config file" "$httpdconf" - if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/" ; then + if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." _err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT" return 1 @@ -1919,22 +1900,22 @@ _setApache() { _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" _info "In case there is an error that can not be restored automatically, you may try restore it yourself." _info "The backup file will be deleted on sucess, just forget it." - + #add alias - - apacheVer="$($_APACHECTL -V | grep "Server version:" | cut -d : -f 2 | cut -d " " -f 2 | cut -d '/' -f 2 )" + + apacheVer="$($_APACHECTL -V | grep "Server version:" | cut -d : -f 2 | cut -d " " -f 2 | cut -d '/' -f 2)" _debug "apacheVer" "$apacheVer" apacheMajer="$(echo "$apacheVer" | cut -d . -f 1)" apacheMinor="$(echo "$apacheVer" | cut -d . -f 2)" - if [ "$apacheVer" ] && [ "$apacheMajer$apacheMinor" -ge "24" ] ; then + if [ "$apacheVer" ] && [ "$apacheMajer$apacheMinor" -ge "24" ]; then echo " Alias /.well-known/acme-challenge $ACME_DIR Require all granted - " >> "$httpdconf" + " >>"$httpdconf" else echo " Alias /.well-known/acme-challenge $ACME_DIR @@ -1943,30 +1924,30 @@ Alias /.well-known/acme-challenge $ACME_DIR Order allow,deny Allow from all - " >> "$httpdconf" + " >>"$httpdconf" fi - _msg="$($_APACHECTL -t 2>&1 )" - if [ "$?" != "0" ] ; then + _msg="$($_APACHECTL -t 2>&1)" + if [ "$?" != "0" ]; then _err "Sorry, apache config error" - if _restoreApache ; then + if _restoreApache; then _err "The apache config file is restored." else _err "Sorry, The apache config file can not be restored, please report bug." fi - return 1; + return 1 fi - - if [ ! -d "$ACME_DIR" ] ; then + + if [ ! -d "$ACME_DIR" ]; then mkdir -p "$ACME_DIR" chmod 755 "$ACME_DIR" fi - - if ! _exec $_APACHECTL graceful ; then - _exec_err + + if ! _exec $_APACHECTL graceful; then + _exec_err _err "$_APACHECTL graceful error, please contact me." _restoreApache - return 1; + return 1 fi usingApache="1" return 0 @@ -1977,7 +1958,7 @@ _clearup() { serverproc="" _restoreApache _clearupdns - if [ -z "$DEBUG" ] ; then + if [ -z "$DEBUG" ]; then rm -f "$TLS_CONF" rm -f "$TLS_CERT" rm -f "$TLS_KEY" @@ -1987,154 +1968,152 @@ _clearup() { _clearupdns() { _debug "_clearupdns" - if [ "$dnsadded" != 1 ] || [ -z "$vlist" ] ; then + if [ "$dnsadded" != 1 ] || [ -z "$vlist" ]; then _debug "Dns not added, skip." return fi - ventries=$(echo "$vlist" | tr ',' ' ' ) - for ventry in $ventries - do + ventries=$(echo "$vlist" | tr ',' ' ') + for ventry in $ventries; do d=$(echo $ventry | cut -d $sep -f 1) keyauthorization=$(echo $ventry | cut -d $sep -f 2) vtype=$(echo $ventry | cut -d $sep -f 4) _currentRoot=$(echo $ventry | cut -d $sep -f 5) - if [ "$keyauthorization" = "$STATE_VERIFIED" ] ; then + if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." continue fi - if [ "$vtype" != "$VTYPE_DNS" ] ; then + if [ "$vtype" != "$VTYPE_DNS" ]; then _info "Skip $d for $vtype" continue fi - + d_api="$(_findHook $d dnsapi $_currentRoot)" _debug d_api "$d_api" - - if [ -z "$d_api" ] ; then + + if [ -z "$d_api" ]; then _info "Not Found domain api file: $d_api" continue fi - + ( - if ! . $d_api ; then + if ! . $d_api; then _err "Load file $d_api error. Please check your api file and try again." return 1 fi - + rmcommand="${_currentRoot}_rm" - if ! _exists $rmcommand ; then + if ! _exists $rmcommand; then _err "It seems that your api file doesn't define $rmcommand" return 1 fi - + txtdomain="_acme-challenge.$d" - - if ! $rmcommand $txtdomain ; then + + if ! $rmcommand $txtdomain; then _err "Error removing txt for domain:$txtdomain" return 1 fi ) - + done } # webroot removelevel tokenfile _clearupwebbroot() { __webroot="$1" - if [ -z "$__webroot" ] ; then + if [ -z "$__webroot" ]; then _debug "no webroot specified, skip" return 0 fi - + _rmpath="" - if [ "$2" = '1' ] ; then + if [ "$2" = '1' ]; then _rmpath="$__webroot/.well-known" - elif [ "$2" = '2' ] ; then + elif [ "$2" = '2' ]; then _rmpath="$__webroot/.well-known/acme-challenge" - elif [ "$2" = '3' ] ; then + elif [ "$2" = '3' ]; then _rmpath="$__webroot/.well-known/acme-challenge/$3" else _debug "Skip for removelevel:$2" fi - - if [ "$_rmpath" ] ; then - if [ "$DEBUG" ] ; then + + if [ "$_rmpath" ]; then + if [ "$DEBUG" ]; then _debug "Debugging, skip removing: $_rmpath" else rm -rf "$_rmpath" fi fi - + return 0 } _on_before_issue() { _debug _on_before_issue - if _hasfield "$Le_Webroot" "$NO_VALUE" ; then - if ! _exists "nc" ; then + if _hasfield "$Le_Webroot" "$NO_VALUE"; then + if ! _exists "nc"; then _err "Please install netcat(nc) tools first." return 1 fi fi _debug Le_LocalAddress "$Le_LocalAddress" - - alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) + + alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') _index=1 _currentRoot="" _addrIndex=1 - for d in $alldomains - do + for d in $alldomains; do _debug "Check for domain" $d _currentRoot="$(_getfield "$Le_Webroot" $_index)" _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) _checkport="" - if [ "$_currentRoot" = "$NO_VALUE" ] ; then + if [ "$_currentRoot" = "$NO_VALUE" ]; then _info "Standalone mode." - if [ -z "$Le_HTTPPort" ] ; then + if [ -z "$Le_HTTPPort" ]; then Le_HTTPPort=80 else - _savedomainconf "Le_HTTPPort" "$Le_HTTPPort" + _savedomainconf "Le_HTTPPort" "$Le_HTTPPort" fi _checkport="$Le_HTTPPort" - elif [ "$_currentRoot" = "$W_TLS" ] ; then + elif [ "$_currentRoot" = "$W_TLS" ]; then _info "Standalone tls mode." - if [ -z "$Le_TLSPort" ] ; then + if [ -z "$Le_TLSPort" ]; then Le_TLSPort=443 else - _savedomainconf "Le_TLSPort" "$Le_TLSPort" + _savedomainconf "Le_TLSPort" "$Le_TLSPort" fi _checkport="$Le_TLSPort" fi - - if [ "$_checkport" ] ; then + + if [ "$_checkport" ]; then _debug _checkport "$_checkport" _checkaddr="$(_getfield "$Le_LocalAddress" $_addrIndex)" _debug _checkaddr "$_checkaddr" - + _addrIndex="$(_math $_addrIndex + 1)" - + _netprc="$(_ss "$_checkport" | grep "$_checkport")" netprc="$(echo "$_netprc" | grep "$_checkaddr")" - if [ -z "$netprc" ] ; then + if [ -z "$netprc" ]; then netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS")" fi - if [ "$netprc" ] ; then + if [ "$netprc" ]; then _err "$netprc" - _err "tcp port $_checkport is already used by $(echo "$netprc" | cut -d : -f 4)" + _err "tcp port $_checkport is already used by $(echo "$netprc" | cut -d : -f 4)" _err "Please stop it first" return 1 fi fi done - if _hasfield "$Le_Webroot" "apache" ; then - if ! _setApache ; then + if _hasfield "$Le_Webroot" "apache"; then + if ! _setApache; then _err "set up apache error. Report error to me." return 1 fi @@ -2143,11 +2122,11 @@ _on_before_issue() { fi #run pre hook - if [ "$Le_PreHook" ] ; then + if [ "$Le_PreHook" ]; then _info "Run pre hook:'$Le_PreHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_PreHook" - ) ; then + ); then _err "Error when run pre hook." return 1 fi @@ -2156,23 +2135,23 @@ _on_before_issue() { _on_issue_err() { _debug _on_issue_err - if [ "$LOG_FILE" ] ; then + if [ "$LOG_FILE" ]; then _err "Please check log file for more details: $LOG_FILE" else _err "Please use add '--debug' or '--log' to check more details." _err "See: $_DEBUG_WIKI" fi - - if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ] ; then + + if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ]; then _debug "$(_dlg_versions)" fi - + #run the post hook - if [ "$Le_PostHook" ] ; then + if [ "$Le_PostHook" ]; then _info "Run post hook:'$Le_PostHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_PostHook" - ) ; then + ); then _err "Error when run post hook." return 1 fi @@ -2182,27 +2161,27 @@ _on_issue_err() { _on_issue_success() { _debug _on_issue_success #run the post hook - if [ "$Le_PostHook" ] ; then + if [ "$Le_PostHook" ]; then _info "Run post hook:'$Le_PostHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_PostHook" - ) ; then + ); then _err "Error when run post hook." return 1 fi fi - + #run renew hook - if [ "$IS_RENEW" ] && [ "$Le_RenewHook" ] ; then + if [ "$IS_RENEW" ] && [ "$Le_RenewHook" ]; then _info "Run renew hook:'$Le_RenewHook'" if ! ( cd "$DOMAIN_PATH" && eval "$Le_RenewHook" - ) ; then + ); then _err "Error when run renew hook." return 1 fi - fi - + fi + } updateaccount() { @@ -2220,70 +2199,67 @@ __calcAccountKeyHash() { [ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 } - #keylength _regAccount() { _initpath _reg_length="$1" - - + if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" fi - + if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH" mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" fi - - if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then - if ! _create_account_key "$_reg_length" ; then + + if [ ! -f "$ACCOUNT_KEY_PATH" ]; then + if ! _create_account_key "$_reg_length"; then _err "Create account key error." return 1 fi fi - - if ! _calcjwk "$ACCOUNT_KEY_PATH" ; then + + if ! _calcjwk "$ACCOUNT_KEY_PATH"; then return 1 fi _updateTos="" _reg_res="new-reg" - while true ; - do + while true; do _debug AGREEMENT "$AGREEMENT" - + regjson='{"resource": "'$_reg_res'", "agreement": "'$AGREEMENT'"}' - if [ "$ACCOUNT_EMAIL" ] ; then + if [ "$ACCOUNT_EMAIL" ]; then regjson='{"resource": "'$_reg_res'", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}' fi - if [ -z "$_updateTos" ] ; then + if [ -z "$_updateTos" ]; then _info "Registering account" - if ! _send_signed_request "$API/acme/new-reg" "$regjson" ; then + if ! _send_signed_request "$API/acme/new-reg" "$regjson"; then _err "Register account Error: $response" return 1 fi - if [ "$code" = "" ] || [ "$code" = '201' ] ; then - echo "$response" > $ACCOUNT_JSON_PATH + if [ "$code" = "" ] || [ "$code" = '201' ]; then + echo "$response" >$ACCOUNT_JSON_PATH _info "Registered" - elif [ "$code" = '409' ] ; then + elif [ "$code" = '409' ]; then _info "Already registered" else _err "Register account Error: $response" return 1 fi - _accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2| tr -d "\r\n")" + _accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")" _debug "_accUri" "$_accUri" _tos="$(echo "$responseHeaders" | grep "^Link:.*rel=\"terms-of-service\"" | _head_n 1 | _egrep_o "<.*>" | tr -d '<>')" _debug "_tos" "$_tos" - if [ -z "$_tos" ] ; then + if [ -z "$_tos" ]; then _debug "Use default tos: $DEFAULT_AGREEMENT" _tos="$DEFAULT_AGREEMENT" fi @@ -2293,16 +2269,16 @@ _regAccount() { _reg_res="reg" continue fi - + else _debug "Update tos: $_tos" - if ! _send_signed_request "$_accUri" "$regjson" ; then + if ! _send_signed_request "$_accUri" "$regjson"; then _err "Update tos error." return 1 fi - if [ "$code" = '202' ] ; then + if [ "$code" = '202' ]; then _info "Update success." - + CA_KEY_HASH="$(__calcAccountKeyHash)" _debug "Calc CA_KEY_HASH" "$CA_KEY_HASH" _savecaconf CA_KEY_HASH "$CA_KEY_HASH" @@ -2316,28 +2292,27 @@ _regAccount() { } - # domain folder file _findHook() { _hookdomain="$1" _hookcat="$2" _hookname="$3" - - if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ] ; then + + if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ]; then d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname" - elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ] ; then + elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ]; then d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" - elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname" - elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ]; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" - elif [ -f "$LE_WORKING_DIR/$_hookname" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookname" - elif [ -f "$LE_WORKING_DIR/$_hookname.sh" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookname.sh" ]; then d_api="$LE_WORKING_DIR/$_hookname.sh" - elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookcat/$_hookname" - elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname.sh" ] ; then + elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname.sh" ]; then d_api="$LE_WORKING_DIR/$_hookcat/$_hookname.sh" fi @@ -2348,29 +2323,29 @@ _findHook() { __get_domain_new_authz() { _gdnd="$1" _info "Getting new-authz for domain" "$_gdnd" - + _Max_new_authz_retry_times=5 _authz_i=0 - while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ] ; do + while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do _info "Try new-authz for the $_authz_i time." - if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}" ; then + if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then _err "Can not get domain new authz." return 1 fi - if ! _contains "$response" "An error occurred while processing your request" ; then + if ! _contains "$response" "An error occurred while processing your request"; then _info "The new-authz request is ok." break fi _authz_i="$(_math "$_authz_i" + 1)" _info "The server is busy, Sleep $_authz_i to retry." _sleep "$_authz_i" - done; + done - if [ "$_authz_i" = "$_Max_new_authz_retry_times" ] ; then + if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then _debug "new-authz retry reach the max $_Max_new_authz_retry_times times." fi - - if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then + + if [ ! -z "$code" ] && [ ! "$code" = '201' ]; then _err "new-authz error: $response" return 1 fi @@ -2379,7 +2354,7 @@ __get_domain_new_authz() { #webroot, domain domainlist keylength issue() { - if [ -z "$2" ] ; then + if [ -z "$2" ]; then _usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ " return 1 fi @@ -2396,36 +2371,36 @@ issue() { Le_PostHook="${11}" Le_RenewHook="${12}" Le_LocalAddress="${13}" - + #remove these later. - if [ "$Le_Webroot" = "dns-cf" ] ; then + if [ "$Le_Webroot" = "dns-cf" ]; then Le_Webroot="dns_cf" fi - if [ "$Le_Webroot" = "dns-dp" ] ; then + if [ "$Le_Webroot" = "dns-dp" ]; then Le_Webroot="dns_dp" fi - if [ "$Le_Webroot" = "dns-cx" ] ; then + if [ "$Le_Webroot" = "dns-cx" ]; then Le_Webroot="dns_cx" fi _debug "Using api: $API" - - if [ ! "$IS_RENEW" ] ; then + + if [ ! "$IS_RENEW" ]; then _initpath $Le_Domain "$Le_Keylength" mkdir -p "$DOMAIN_PATH" fi - if [ -f "$DOMAIN_CONF" ] ; then + if [ -f "$DOMAIN_CONF" ]; then Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) _debug Le_NextRenewTime "$Le_NextRenewTime" - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ $(_time) -lt $Le_NextRenewTime ] ; then + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ $(_time) -lt $Le_NextRenewTime ]; then _saved_domain=$(_readdomainconf Le_Domain) _debug _saved_domain "$_saved_domain" _saved_alt=$(_readdomainconf Le_Alt) _debug _saved_alt "$_saved_alt" - if [ "$_saved_domain,$_saved_alt" = "$Le_Domain,$Le_Alt" ] ; then + if [ "$_saved_domain,$_saved_alt" = "$Le_Domain,$Le_Alt" ]; then _info "Domains not changed." _info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" - _info "Add '$(__red '--force')' to force to renew." + _info "Add '$(__red '--force')' to force to renew." return $RENEW_SKIP else _info "Domains have changed." @@ -2433,40 +2408,40 @@ issue() { fi fi - _savedomainconf "Le_Domain" "$Le_Domain" - _savedomainconf "Le_Alt" "$Le_Alt" - _savedomainconf "Le_Webroot" "$Le_Webroot" - - _savedomainconf "Le_PreHook" "$Le_PreHook" - _savedomainconf "Le_PostHook" "$Le_PostHook" - _savedomainconf "Le_RenewHook" "$Le_RenewHook" - - if [ "$Le_LocalAddress" ] ; then - _savedomainconf "Le_LocalAddress" "$Le_LocalAddress" + _savedomainconf "Le_Domain" "$Le_Domain" + _savedomainconf "Le_Alt" "$Le_Alt" + _savedomainconf "Le_Webroot" "$Le_Webroot" + + _savedomainconf "Le_PreHook" "$Le_PreHook" + _savedomainconf "Le_PostHook" "$Le_PostHook" + _savedomainconf "Le_RenewHook" "$Le_RenewHook" + + if [ "$Le_LocalAddress" ]; then + _savedomainconf "Le_LocalAddress" "$Le_LocalAddress" else _cleardomainconf "Le_LocalAddress" fi Le_API="$API" _savedomainconf "Le_API" "$Le_API" - - if [ "$Le_Alt" = "$NO_VALUE" ] ; then + + if [ "$Le_Alt" = "$NO_VALUE" ]; then Le_Alt="" fi - - if [ "$Le_Keylength" = "$NO_VALUE" ] ; then + + if [ "$Le_Keylength" = "$NO_VALUE" ]; then Le_Keylength="" fi - - if ! _on_before_issue ; then + + if ! _on_before_issue; then _err "_on_before_issue." return 1 fi _saved_account_key_hash="$(_readcaconf "CA_KEY_HASH")" _debug2 _saved_account_key_hash "$_saved_account_key_hash" - - if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ] ; then + + if [ -z "$_saved_account_key_hash" ] || [ "$_saved_account_key_hash" != "$(__calcAccountKeyHash)" ]; then if ! _regAccount "$_accountkeylength"; then _on_issue_err return 1 @@ -2475,13 +2450,13 @@ issue() { _debug "_saved_account_key_hash is not changed, skip register account." fi - if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ] ; then + if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then _info "Signing from existing CSR." else _key=$(_readdomainconf Le_Keylength) _debug "Read key length:$_key" - if [ ! -f "$CERT_KEY_PATH" ] || [ "$Le_Keylength" != "$_key" ] ; then - if ! createDomainKey $Le_Domain $Le_Keylength ; then + if [ ! -f "$CERT_KEY_PATH" ] || [ "$Le_Keylength" != "$_key" ]; then + if ! createDomainKey $Le_Domain $Le_Keylength; then _err "Create domain key error." _clearup _on_issue_err @@ -2489,7 +2464,7 @@ issue() { fi fi - if ! _createcsr "$Le_Domain" "$Le_Alt" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" ; then + if ! _createcsr "$Le_Domain" "$Le_Alt" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then _err "Create CSR error." _clearup _on_issue_err @@ -2497,50 +2472,49 @@ issue() { fi fi - _savedomainconf "Le_Keylength" "$Le_Keylength" - + _savedomainconf "Le_Keylength" "$Le_Keylength" + vlist="$Le_Vlist" _info "Getting domain auth token for each domain" sep='#' - if [ -z "$vlist" ] ; then - alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ' ) + if [ -z "$vlist" ]; then + alldomains=$(echo "$Le_Domain,$Le_Alt" | tr ',' ' ') _index=1 _currentRoot="" - for d in $alldomains - do + for d in $alldomains; do _info "Getting webroot for domain" $d _w="$(echo $Le_Webroot | cut -d , -f $_index)" _info _w "$_w" - if [ "$_w" ] ; then + if [ "$_w" ]; then _currentRoot="$_w" fi _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) - + vtype="$VTYPE_HTTP" - if _startswith "$_currentRoot" "dns" ; then + if _startswith "$_currentRoot" "dns"; then vtype="$VTYPE_DNS" fi - - if [ "$_currentRoot" = "$W_TLS" ] ; then + + if [ "$_currentRoot" = "$W_TLS" ]; then vtype="$VTYPE_TLS" fi - - if ! __get_domain_new_authz "$d" ; then + + if ! __get_domain_new_authz "$d"; then _clearup _on_issue_err return 1 fi - - if [ -z "$thumbprint" ] ; then - accountkey_json=$(printf "%s" "$jwk" | tr -d ' ' ) + + if [ -z "$thumbprint" ]; then + accountkey_json=$(printf "%s" "$jwk" | tr -d ' ') thumbprint=$(printf "%s" "$accountkey_json" | _digest "sha256" | _urlencode) fi - - entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" + + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" - if [ -z "$entry" ] ; then + if [ -z "$entry" ]; then _err "Error, can not get domain token $d" _clearup _on_issue_err @@ -2548,44 +2522,41 @@ issue() { fi token="$(printf "%s\n" "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" _debug token $token - - uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" + + uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" _debug uri $uri keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" - - if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1 ; then + if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1; then _info "$d is already verified, skip." keyauthorization=$STATE_VERIFIED _debug keyauthorization "$keyauthorization" fi - dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" _debug dvlist "$dvlist" - + vlist="$vlist$dvlist," done #add entry dnsadded="" - ventries=$(echo "$vlist" | tr ',' ' ' ) - for ventry in $ventries - do + ventries=$(echo "$vlist" | tr ',' ' ') + for ventry in $ventries; do d=$(echo $ventry | cut -d $sep -f 1) keyauthorization=$(echo $ventry | cut -d $sep -f 2) vtype=$(echo $ventry | cut -d $sep -f 4) _currentRoot=$(echo $ventry | cut -d $sep -f 5) - if [ "$keyauthorization" = "$STATE_VERIFIED" ] ; then + if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." continue fi - if [ "$vtype" = "$VTYPE_DNS" ] ; then + if [ "$vtype" = "$VTYPE_DNS" ]; then dnsadded='0' txtdomain="_acme-challenge.$d" _debug txtdomain "$txtdomain" @@ -2595,8 +2566,8 @@ issue() { d_api="$(_findHook $d dnsapi $_currentRoot)" _debug d_api "$d_api" - - if [ "$d_api" ] ; then + + if [ "$d_api" ]; then _info "Found domain api file: $d_api" else _err "Add the following TXT record:" @@ -2606,26 +2577,26 @@ issue() { _err "so the resulting subdomain will be: $txtdomain" continue fi - + ( - if ! . $d_api ; then + if ! . $d_api; then _err "Load file $d_api error. Please check your api file and try again." return 1 fi - + addcommand="${_currentRoot}_add" - if ! _exists $addcommand ; then + if ! _exists $addcommand; then _err "It seems that your api file is not correct, it must have a function named: $addcommand" return 1 fi - - if ! $addcommand $txtdomain $txt ; then + + if ! $addcommand $txtdomain $txt; then _err "Error add txt for domain:$txtdomain" return 1 fi ) - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _clearup _on_issue_err return 1 @@ -2634,41 +2605,40 @@ issue() { fi done - if [ "$dnsadded" = '0' ] ; then - _savedomainconf "Le_Vlist" "$vlist" + if [ "$dnsadded" = '0' ]; then + _savedomainconf "Le_Vlist" "$vlist" _debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." _err "Please add the TXT records to the domains, and retry again." _clearup _on_issue_err return 1 fi - + fi - - if [ "$dnsadded" = '1' ] ; then - if [ -z "$Le_DNSSleep" ] ; then + + if [ "$dnsadded" = '1' ]; then + if [ -z "$Le_DNSSleep" ]; then Le_DNSSleep=$DEFAULT_DNS_SLEEP else - _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" + _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" fi _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect" _sleep $Le_DNSSleep fi - + _debug "ok, let's start to verify" _ncIndex=1 - ventries=$(echo "$vlist" | tr ',' ' ' ) - for ventry in $ventries - do + ventries=$(echo "$vlist" | tr ',' ' ') + for ventry in $ventries; do d=$(echo $ventry | cut -d $sep -f 1) keyauthorization=$(echo $ventry | cut -d $sep -f 2) uri=$(echo $ventry | cut -d $sep -f 3) vtype=$(echo $ventry | cut -d $sep -f 4) _currentRoot=$(echo $ventry | cut -d $sep -f 5) - if [ "$keyauthorization" = "$STATE_VERIFIED" ] ; then + if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." continue fi @@ -2682,14 +2652,13 @@ issue() { _debug "_currentRoot" "$_currentRoot" - - if [ "$vtype" = "$VTYPE_HTTP" ] ; then - if [ "$_currentRoot" = "$NO_VALUE" ] ; then + if [ "$vtype" = "$VTYPE_HTTP" ]; then + if [ "$_currentRoot" = "$NO_VALUE" ]; then _info "Standalone mode server" - _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex" )" + _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" _ncIndex="$(_math $_ncIndex + 1)" _startserver "$keyauthorization" "$_ncaddr" & - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _clearup _on_issue_err return 1 @@ -2699,13 +2668,13 @@ issue() { _debug serverproc $serverproc else - if [ "$_currentRoot" = "apache" ] ; then + if [ "$_currentRoot" = "apache" ]; then wellknown_path="$ACME_DIR" else wellknown_path="$_currentRoot/.well-known/acme-challenge" - if [ ! -d "$_currentRoot/.well-known" ] ; then + if [ ! -d "$_currentRoot/.well-known" ]; then removelevel='1' - elif [ ! -d "$_currentRoot/.well-known/acme-challenge" ] ; then + elif [ ! -d "$_currentRoot/.well-known/acme-challenge" ]; then removelevel='2' else removelevel='3' @@ -2718,7 +2687,7 @@ issue() { mkdir -p "$wellknown_path" - if ! printf "%s" "$keyauthorization" > "$wellknown_path/$token" ; then + if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then _err "$d:Can not write token to file : $wellknown_path/$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup @@ -2726,18 +2695,18 @@ issue() { return 1 fi - if [ ! "$usingApache" ] ; then - if webroot_owner=$(_stat $_currentRoot) ; then + if [ ! "$usingApache" ]; then + if webroot_owner=$(_stat $_currentRoot); then _debug "Changing owner/group of .well-known to $webroot_owner" chown -R $webroot_owner "$_currentRoot/.well-known" else - _debug "not chaning owner/group of webroot"; + _debug "not chaning owner/group of webroot" fi fi - + fi - - elif [ "$vtype" = "$VTYPE_TLS" ] ; then + + elif [ "$vtype" = "$VTYPE_TLS" ]; then #create A #_hash_A="$(printf "%s" $token | _digest "sha256" "hex" )" #_debug2 _hash_A "$_hash_A" @@ -2747,21 +2716,21 @@ issue() { #_debug2 _y "$_y" #_SAN_A="$_x.$_y.token.acme.invalid" #_debug2 _SAN_A "$_SAN_A" - + #create B - _hash_B="$(printf "%s" $keyauthorization | _digest "sha256" "hex" )" + _hash_B="$(printf "%s" $keyauthorization | _digest "sha256" "hex")" _debug2 _hash_B "$_hash_B" _x="$(echo $_hash_B | cut -c 1-32)" _debug2 _x "$_x" _y="$(echo $_hash_B | cut -c 33-64)" _debug2 _y "$_y" - + #_SAN_B="$_x.$_y.ka.acme.invalid" - + _SAN_B="$_x.$_y.acme.invalid" _debug2 _SAN_B "$_SAN_B" - - _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex" )" + + _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" _ncIndex="$(_math $_ncIndex + 1)" if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then _err "Start tls server error." @@ -2771,43 +2740,43 @@ issue() { return 1 fi fi - - if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}" ; then + + if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"; then _err "$d:Can not get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - - if [ ! -z "$code" ] && [ ! "$code" = '202' ] ; then + + if [ ! -z "$code" ] && [ ! "$code" = '202' ]; then _err "$d:Challenge error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - + waittimes=0 - if [ -z "$MAX_RETRY_TIMES" ] ; then + if [ -z "$MAX_RETRY_TIMES" ]; then MAX_RETRY_TIMES=30 fi - - while true ; do + + while true; do waittimes=$(_math $waittimes + 1) - if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ] ; then + if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ]; then _err "$d:Timeout" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - + _debug "sleep 2 secs to verify" sleep 2 _debug "checking" response="$(_get $uri)" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup @@ -2815,171 +2784,168 @@ issue() { return 1 fi _debug2 original "$response" - - response="$(echo "$response" | _normalizeJson )" + + response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" - - status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') - if [ "$status" = "valid" ] ; then + + status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') + if [ "$status" = "valid" ]; then _info "Success" _stopserver $serverproc serverproc="" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - break; + break fi - - if [ "$status" = "invalid" ] ; then - error="$(echo "$response" | tr -d "\r\n" | _egrep_o '"error":\{[^\}]*')" - _debug2 error "$error" - errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" - _debug2 errordetail "$errordetail" - if [ "$errordetail" ] ; then - _err "$d:Verify error:$errordetail" - else - _err "$d:Verify error:$error" - fi - if [ "$DEBUG" ] ; then - if [ "$vtype" = "$VTYPE_HTTP" ] ; then - _debug "Debug: get token url." - _get "http://$d/.well-known/acme-challenge/$token" "" 1 - fi - fi + + if [ "$status" = "invalid" ]; then + error="$(echo "$response" | tr -d "\r\n" | _egrep_o '"error":\{[^\}]*')" + _debug2 error "$error" + errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" + _debug2 errordetail "$errordetail" + if [ "$errordetail" ]; then + _err "$d:Verify error:$errordetail" + else + _err "$d:Verify error:$error" + fi + if [ "$DEBUG" ]; then + if [ "$vtype" = "$VTYPE_HTTP" ]; then + _debug "Debug: get token url." + _get "http://$d/.well-known/acme-challenge/$token" "" 1 + fi + fi _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err - return 1; + return 1 fi - - if [ "$status" = "pending" ] ; then + + if [ "$status" = "pending" ]; then _info "Pending" else - _err "$d:Verify error:$response" + _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err return 1 fi - + done - + done _clearup _info "Verify finished, start to sign." der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _urlencode)" - - if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64" ; then + + if ! _send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"; then _err "Sign failed." _on_issue_err return 1 fi - + _rcert="$response" Le_LinkCert="$(grep -i '^Location.*$' $HTTP_HEADER | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" - _savedomainconf "Le_LinkCert" "$Le_LinkCert" + _savedomainconf "Le_LinkCert" "$Le_LinkCert" + + if [ "$Le_LinkCert" ]; then + echo "$BEGIN_CERT" >"$CERT_PATH" - if [ "$Le_LinkCert" ] ; then - echo "$BEGIN_CERT" > "$CERT_PATH" - #if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then # _debug "Get cert failed. Let's try last response." # printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" #fi - - if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" ; then + + if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then _debug "Try cert link." - _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" + _get "$Le_LinkCert" | _base64 "multiline" >>"$CERT_PATH" fi - echo "$END_CERT" >> "$CERT_PATH" + echo "$END_CERT" >>"$CERT_PATH" _info "$(__green "Cert success.")" cat "$CERT_PATH" - - _info "Your cert is in $( __green " $CERT_PATH ")" - if [ -f "$CERT_KEY_PATH" ] ; then - _info "Your cert key is in $( __green " $CERT_KEY_PATH ")" + _info "Your cert is in $(__green " $CERT_PATH ")" + + if [ -f "$CERT_KEY_PATH" ]; then + _info "Your cert key is in $(__green " $CERT_KEY_PATH ")" fi cp "$CERT_PATH" "$CERT_FULLCHAIN_PATH" - if [ ! "$USER_PATH" ] || [ ! "$IN_CRON" ] ; then + if [ ! "$USER_PATH" ] || [ ! "$IN_CRON" ]; then USER_PATH="$PATH" _saveaccountconf "USER_PATH" "$USER_PATH" fi fi - - if [ -z "$Le_LinkCert" ] ; then - response="$(echo $response | _dbase64 "multiline" | _normalizeJson )" - _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" + if [ -z "$Le_LinkCert" ]; then + response="$(echo $response | _dbase64 "multiline" | _normalizeJson)" + _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" _on_issue_err return 1 fi - - _cleardomainconf "Le_Vlist" - - Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | _head_n 1 | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) - if ! _contains "$Le_LinkIssuer" ":" ; then + + _cleardomainconf "Le_Vlist" + + Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | _head_n 1 | cut -d " " -f 2 | cut -d ';' -f 1 | tr -d '<>') + if ! _contains "$Le_LinkIssuer" ":"; then Le_LinkIssuer="$API$Le_LinkIssuer" fi - - _savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" - - if [ "$Le_LinkIssuer" ] ; then - echo "$BEGIN_CERT" > "$CA_CERT_PATH" - _get "$Le_LinkIssuer" | _base64 "multiline" >> "$CA_CERT_PATH" - echo "$END_CERT" >> "$CA_CERT_PATH" - _info "The intermediate CA cert is in $( __green " $CA_CERT_PATH ")" - cat "$CA_CERT_PATH" >> "$CERT_FULLCHAIN_PATH" - _info "And the full chain certs is there: $( __green " $CERT_FULLCHAIN_PATH ")" + + _savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" + + if [ "$Le_LinkIssuer" ]; then + echo "$BEGIN_CERT" >"$CA_CERT_PATH" + _get "$Le_LinkIssuer" | _base64 "multiline" >>"$CA_CERT_PATH" + echo "$END_CERT" >>"$CA_CERT_PATH" + _info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")" + cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH" + _info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")" fi - + Le_CertCreateTime=$(_time) - _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" - - Le_CertCreateTimeStr=$(date -u ) - _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" - - if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ] ; then + _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" + + Le_CertCreateTimeStr=$(date -u) + _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" + + if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ]; then Le_RenewalDays=$MAX_RENEW else - _savedomainconf "Le_RenewalDays" "$Le_RenewalDays" + _savedomainconf "Le_RenewalDays" "$Le_RenewalDays" fi - - if [ "$CA_BUNDLE" ] ; then + + if [ "$CA_BUNDLE" ]; then _saveaccountconf CA_BUNDLE "$CA_BUNDLE" else _clearaccountconf "CA_BUNDLE" fi - if [ "$HTTPS_INSECURE" ] ; then + if [ "$HTTPS_INSECURE" ]; then _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" else - _clearaccountconf "HTTPS_INSECURE" + _clearaccountconf "HTTPS_INSECURE" fi - if [ "$Le_Listen_V4" ] ; then - _savedomainconf "Le_Listen_V4" "$Le_Listen_V4" + if [ "$Le_Listen_V4" ]; then + _savedomainconf "Le_Listen_V4" "$Le_Listen_V4" _cleardomainconf Le_Listen_V6 - elif [ "$Le_Listen_V6" ] ; then - _savedomainconf "Le_Listen_V6" "$Le_Listen_V6" + elif [ "$Le_Listen_V6" ]; then + _savedomainconf "Le_Listen_V6" "$Le_Listen_V6" _cleardomainconf Le_Listen_V4 fi - + Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) - - - Le_NextRenewTimeStr=$( _time2str $Le_NextRenewTime ) - _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" - + + Le_NextRenewTimeStr=$(_time2str $Le_NextRenewTime) + _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" + Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) - _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" + _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" - _on_issue_success - if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ] ; then + if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ]; then _installcert fi @@ -2988,7 +2954,7 @@ issue() { #domain [isEcc] renew() { Le_Domain="$1" - if [ -z "$Le_Domain" ] ; then + if [ -z "$Le_Domain" ]; then _usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]" return 1 fi @@ -2998,39 +2964,39 @@ renew() { _initpath $Le_Domain "$_isEcc" _info "$(__green "Renew: '$Le_Domain'")" - if [ ! -f "$DOMAIN_CONF" ] ; then + if [ ! -f "$DOMAIN_CONF" ]; then _info "'$Le_Domain' is not a issued domain, skip." - return 0; + return 0 fi - - if [ "$Le_RenewalDays" ] ; then + + if [ "$Le_RenewalDays" ]; then _savedomainconf Le_RenewalDays "$Le_RenewalDays" fi . "$DOMAIN_CONF" - - if [ "$Le_API" ] ; then + + if [ "$Le_API" ]; then API="$Le_API" fi - - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ] ; then + + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" _info "Add '$(__red '--force')' to force to renew." return $RENEW_SKIP fi - + IS_RENEW="1" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" res=$? - if [ "$res" != "0" ] ; then + if [ "$res" != "0" ]; then return $res fi - - if [ "$Le_DeployHook" ] ; then + + if [ "$Le_DeployHook" ]; then deploy $Le_Domain "$Le_DeployHook" "$Le_Keylength" res=$? fi - + IS_RENEW="" return $res @@ -3043,10 +3009,10 @@ renewAll() { _debug "_stopRenewOnError" "$_stopRenewOnError" _ret="0" - for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do + for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do d=$(echo $d | cut -d '/' -f 1) ( - if _endswith $d "$ECC_SUFFIX" ; then + if _endswith $d "$ECC_SUFFIX"; then _isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2) d=$(echo $d | cut -d "$ECC_SEP" -f 1) fi @@ -3054,10 +3020,10 @@ renewAll() { ) rc="$?" _debug "Return code: $rc" - if [ "$rc" != "0" ] ; then - if [ "$rc" = "$RENEW_SKIP" ] ; then + if [ "$rc" != "0" ]; then + if [ "$rc" = "$RENEW_SKIP" ]; then _info "Skipped $d" - elif [ "$_stopRenewOnError" ] ; then + elif [ "$_stopRenewOnError" ]; then _err "Error renew $d, stop now." return $rc else @@ -3069,9 +3035,8 @@ renewAll() { return $_ret } - #csr webroot -signcsr(){ +signcsr() { _csrfile="$1" _csrW="$2" if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then @@ -3082,50 +3047,49 @@ signcsr(){ _initpath _csrsubj=$(_readSubjectFromCSR "$_csrfile") - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi _debug _csrsubj "$_csrsubj" _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not read domain list from csr: $_csrfile" return 1 fi _debug "_csrdomainlist" "$_csrdomainlist" - - - if [ -z "$_csrsubj" ] ; then + + if [ -z "$_csrsubj" ]; then _csrsubj="$(_getfield "$_csrdomainlist" 1)" _debug _csrsubj "$_csrsubj" _csrdomainlist="$(echo "$_csrdomainlist" | cut -d , -f 2-)" _debug "_csrdomainlist" "$_csrdomainlist" fi - - if [ -z "$_csrsubj" ] ; then + + if [ -z "$_csrsubj" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi - + _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrkeylength" ] ; then + if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then _err "Can not read key length from csr: $_csrfile" return 1 fi - + _initpath "$_csrsubj" "$_csrkeylength" mkdir -p "$DOMAIN_PATH" - + _info "Copy csr to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" - + issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" - + } showcsr() { - _csrfile="$1" + _csrfile="$1" _csrd="$2" if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then _usage "Usage: $PROJECT_ENTRY --showcsr --csr mycsr.csr" @@ -3133,17 +3097,17 @@ showcsr() { fi _initpath - + _csrsubj=$(_readSubjectFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrsubj" ] ; then + if [ "$?" != "0" ] || [ -z "$_csrsubj" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi - + _info "Subject=$_csrsubj" _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Can not read domain list from csr: $_csrfile" return 1 fi @@ -3151,9 +3115,8 @@ showcsr() { _info "SubjectAltNames=$_csrdomainlist" - _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrkeylength" ] ; then + if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then _err "Can not read key length from csr: $_csrfile" return 1 fi @@ -3163,88 +3126,87 @@ showcsr() { list() { _raw="$1" _initpath - + _sep="|" - if [ "$_raw" ] ; then - printf "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew\n" - for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$ ) ; do + if [ "$_raw" ]; then + printf "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew\n" + for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do d=$(echo $d | cut -d '/' -f 1) ( - if _endswith $d "$ECC_SUFFIX" ; then + if _endswith $d "$ECC_SUFFIX"; then _isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2) d=$(echo $d | cut -d "$ECC_SEP" -f 1) fi _initpath $d "$_isEcc" - if [ -f "$DOMAIN_CONF" ] ; then + if [ -f "$DOMAIN_CONF" ]; then . "$DOMAIN_CONF" printf "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr\n" fi ) done else - if _exists column ; then + if _exists column; then list "raw" | column -t -s "$_sep" else list "raw" | tr "$_sep" '\t' fi fi - } deploy() { Le_Domain="$1" Le_DeployHook="$2" _isEcc="$3" - if [ -z "$Le_DeployHook" ] ; then + if [ -z "$Le_DeployHook" ]; then _usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] " return 1 fi _initpath $Le_Domain "$_isEcc" - if [ ! -d "$DOMAIN_PATH" ] ; then + if [ ! -d "$DOMAIN_PATH" ]; then _err "Domain is not valid:'$Le_Domain'" return 1 fi _deployApi="$(_findHook $Le_Domain deploy $Le_DeployHook)" - if [ -z "$_deployApi" ] ; then + if [ -z "$_deployApi" ]; then _err "The deploy hook $Le_DeployHook is not found." return 1 fi _debug _deployApi "$_deployApi" - + _savedomainconf Le_DeployHook "$Le_DeployHook" - + if ! ( - if ! . $_deployApi ; then + if ! . $_deployApi; then _err "Load file $_deployApi error. Please check your api file and try again." return 1 fi - + d_command="${Le_DeployHook}_deploy" - if ! _exists $d_command ; then + if ! _exists $d_command; then _err "It seems that your api file is not correct, it must have a function named: $d_command" return 1 fi - - if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH" ; then + + if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then _err "Error deploy for domain:$Le_Domain" _on_issue_err return 1 fi - ) ; then + ); then _err "Deploy error." return 1 else _info "$(__green Success)" fi - + } installcert() { Le_Domain="$1" - if [ -z "$Le_Domain" ] ; then + if [ -z "$Le_Domain" ]; then _usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]" return 1 fi @@ -3257,7 +3219,7 @@ installcert() { _isEcc="$7" _initpath $Le_Domain "$_isEcc" - if [ ! -d "$DOMAIN_PATH" ] ; then + if [ ! -d "$DOMAIN_PATH" ]; then _err "Domain is not valid:'$Le_Domain'" return 1 fi @@ -3265,90 +3227,87 @@ installcert() { _installcert } - _installcert() { - _savedomainconf "Le_RealCertPath" "$Le_RealCertPath" - _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" - _savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" - _savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd" - _savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath" - - if [ "$Le_RealCertPath" = "$NO_VALUE" ] ; then + _savedomainconf "Le_RealCertPath" "$Le_RealCertPath" + _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" + _savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" + _savedomainconf "Le_ReloadCmd" "$Le_ReloadCmd" + _savedomainconf "Le_RealFullChainPath" "$Le_RealFullChainPath" + + if [ "$Le_RealCertPath" = "$NO_VALUE" ]; then Le_RealCertPath="" fi - if [ "$Le_RealKeyPath" = "$NO_VALUE" ] ; then + if [ "$Le_RealKeyPath" = "$NO_VALUE" ]; then Le_RealKeyPath="" fi - if [ "$Le_RealCACertPath" = "$NO_VALUE" ] ; then + if [ "$Le_RealCACertPath" = "$NO_VALUE" ]; then Le_RealCACertPath="" fi - if [ "$Le_ReloadCmd" = "$NO_VALUE" ] ; then + if [ "$Le_ReloadCmd" = "$NO_VALUE" ]; then Le_ReloadCmd="" fi - if [ "$Le_RealFullChainPath" = "$NO_VALUE" ] ; then + if [ "$Le_RealFullChainPath" = "$NO_VALUE" ]; then Le_RealFullChainPath="" fi - + _installed="0" - if [ "$Le_RealCertPath" ] ; then + if [ "$Le_RealCertPath" ]; then _installed=1 _info "Installing cert to:$Le_RealCertPath" - if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealCertPath" "$Le_RealCertPath".bak fi - cat "$CERT_PATH" > "$Le_RealCertPath" + cat "$CERT_PATH" >"$Le_RealCertPath" fi - - if [ "$Le_RealCACertPath" ] ; then + + if [ "$Le_RealCACertPath" ]; then _installed=1 _info "Installing CA to:$Le_RealCACertPath" - if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ] ; then - echo "" >> "$Le_RealCACertPath" - cat "$CA_CERT_PATH" >> "$Le_RealCACertPath" + if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ]; then + echo "" >>"$Le_RealCACertPath" + cat "$CA_CERT_PATH" >>"$Le_RealCACertPath" else - if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealCACertPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealCACertPath" "$Le_RealCACertPath".bak fi - cat "$CA_CERT_PATH" > "$Le_RealCACertPath" + cat "$CA_CERT_PATH" >"$Le_RealCACertPath" fi fi - - if [ "$Le_RealKeyPath" ] ; then + if [ "$Le_RealKeyPath" ]; then _installed=1 _info "Installing key to:$Le_RealKeyPath" - if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak fi - cat "$CERT_KEY_PATH" > "$Le_RealKeyPath" + cat "$CERT_KEY_PATH" >"$Le_RealKeyPath" fi - - if [ "$Le_RealFullChainPath" ] ; then + + if [ "$Le_RealFullChainPath" ]; then _installed=1 _info "Installing full chain to:$Le_RealFullChainPath" - if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ] ; then + if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak fi - cat "$CERT_FULLCHAIN_PATH" > "$Le_RealFullChainPath" - fi + cat "$CERT_FULLCHAIN_PATH" >"$Le_RealFullChainPath" + fi - if [ "$Le_ReloadCmd" ] ; then + if [ "$Le_ReloadCmd" ]; then _installed=1 _info "Run Le_ReloadCmd: $Le_ReloadCmd" - if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") ; then + if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd"); then _info "$(__green "Reload success")" else _err "Reload error for :$Le_Domain" fi fi - } installcronjob() { _initpath - if ! _exists "crontab" ; then + if ! _exists "crontab"; then _err "crontab doesn't exist, so, we can not install cron jobs." _err "All your certs will not be renewed automatically." _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday." @@ -3356,20 +3315,26 @@ installcronjob() { fi _info "Installing cron job" - if ! crontab -l | grep "$PROJECT_ENTRY --cron" ; then - if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ] ; then + if ! crontab -l | grep "$PROJECT_ENTRY --cron"; then + if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY" else _err "Can not install cronjob, $PROJECT_ENTRY not found." return 1 fi - if _exists uname && uname -a | grep solaris >/dev/null ; then - crontab -l | { cat; echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"; } | crontab -- + if _exists uname && uname -a | grep solaris >/dev/null; then + crontab -l | { + cat + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" + } | crontab -- else - crontab -l | { cat; echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"; } | crontab - + crontab -l | { + cat + echo "0 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" + } | crontab - fi fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Install cron job failed. You need to manually renew your certs." _err "Or you can add cronjob by yourself:" _err "$lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" @@ -3378,78 +3343,78 @@ installcronjob() { } uninstallcronjob() { - if ! _exists "crontab" ; then + if ! _exists "crontab"; then return fi _info "Removing cron job" cr="$(crontab -l | grep "$PROJECT_ENTRY --cron")" - if [ "$cr" ] ; then - if _exists uname && uname -a | grep solaris >/dev/null ; then + if [ "$cr" ]; then + if _exists uname && uname -a | grep solaris >/dev/null; then crontab -l | sed "/$PROJECT_ENTRY --cron/d" | crontab -- else crontab -l | sed "/$PROJECT_ENTRY --cron/d" | crontab - fi LE_WORKING_DIR="$(echo "$cr" | cut -d ' ' -f 9 | tr -d '"')" _info LE_WORKING_DIR "$LE_WORKING_DIR" - fi + fi _initpath } revoke() { Le_Domain="$1" - if [ -z "$Le_Domain" ] ; then + if [ -z "$Le_Domain" ]; then _usage "Usage: $PROJECT_ENTRY --revoke -d domain.com" return 1 fi - + _isEcc="$2" _initpath $Le_Domain "$_isEcc" - if [ ! -f "$DOMAIN_CONF" ] ; then + if [ ! -f "$DOMAIN_CONF" ]; then _err "$Le_Domain is not a issued domain, skip." - return 1; + return 1 fi - - if [ ! -f "$CERT_PATH" ] ; then + + if [ ! -f "$CERT_PATH" ]; then _err "Cert for $Le_Domain $CERT_PATH is not found, skip." return 1 fi - - cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}"| tr -d "\r\n" | _urlencode)" - if [ -z "$cert" ] ; then + cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _urlencode)" + + if [ -z "$cert" ]; then _err "Cert for $Le_Domain is empty found, skip." return 1 fi - + data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" uri="$API/acme/revoke-cert" - if [ -f "$CERT_KEY_PATH" ] ; then + if [ -f "$CERT_KEY_PATH" ]; then _info "Try domain key first." if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then - if [ -z "$response" ] ; then + if [ -z "$response" ]; then _info "Revoke success." rm -f $CERT_PATH return 0 - else + else _err "Revoke error by domain key." _err "$response" fi fi - else + else _info "Domain key file doesn't exists." fi - + _info "Try account key." - if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH" ; then - if [ -z "$response" ] ; then + if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH"; then + if [ -z "$response" ]; then _info "Revoke success." rm -f $CERT_PATH return 0 - else + else _err "Revoke error." _debug "$response" fi @@ -3457,67 +3422,63 @@ revoke() { return 1 } - #domain vtype _deactivate() { _d_domain="$1" _d_type="$2" _initpath - + _d_i=0 _d_max_retry=9 - while [ "$_d_i" -lt "$_d_max_retry" ] ; - do + while [ "$_d_i" -lt "$_d_max_retry" ]; do _info "Deactivate: $_d_domain" _d_i="$(_math $_d_i + 1)" - - - if ! __get_domain_new_authz "$_d_domain" ; then + + if ! __get_domain_new_authz "$_d_domain"; then _err "Can not get domain new authz token." return 1 fi - + authzUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")" _debug "authzUri" "$authzUri" - if [ ! -z "$code" ] && [ ! "$code" = '201' ] ; then + if [ ! -z "$code" ] && [ ! "$code" = '201' ]; then _err "new-authz error: $response" return 1 fi - - entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"status":"valid","uri"[^\}]*')" + + entry="$(printf "%s\n" "$response" | _egrep_o '[^\{]*"status":"valid","uri"[^\}]*')" _debug entry "$entry" - - if [ -z "$entry" ] ; then + + if [ -z "$entry" ]; then _info "No more valid entry found." break fi - + _vtype="$(printf "%s\n" "$entry" | _egrep_o '"type": *"[^"]*"' | cut -d : -f 2 | tr -d '"')" _debug _vtype $_vtype _info "Found $_vtype" - - uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*'| cut -d : -f 2,3 | tr -d '"' )" + uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" _debug uri $uri - - if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ] ; then + + if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then _info "Skip $_vtype" continue fi - + _info "Deactivate: $_vtype" - - if ! _send_signed_request "$authzUri" "{\"resource\": \"authz\", \"status\":\"deactivated\"}" ; then + + if ! _send_signed_request "$authzUri" "{\"resource\": \"authz\", \"status\":\"deactivated\"}"; then _err "Can not deactivate $_vtype." return 1 fi - + _info "Deactivate: $_vtype success." - + done _debug "$_d_i" - if [ "$_d_i" -lt "$_d_max_retry" ] ; then + if [ "$_d_i" -lt "$_d_max_retry" ]; then _info "Deactivated success!" else _err "Deactivate failed." @@ -3530,16 +3491,15 @@ deactivate() { _d_type="$2" _initpath _debug _d_domain_list "$_d_domain_list" - if [ -z "$(echo $_d_domain_list | cut -d , -f 1 )" ] ; then + if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then _usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]" return 1 fi - for _d_dm in $(echo "$_d_domain_list" | tr ',' ' ' ) ; - do - if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ] ; then + for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do + if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ]; then continue fi - if ! _deactivate "$_d_dm" $_d_type ; then + if ! _deactivate "$_d_dm" $_d_type; then return 1 fi done @@ -3547,7 +3507,7 @@ deactivate() { # Detect profile file if not specified as environment variable _detect_profile() { - if [ -n "$PROFILE" -a -f "$PROFILE" ] ; then + if [ -n "$PROFILE" -a -f "$PROFILE" ]; then echo "$PROFILE" return fi @@ -3555,36 +3515,36 @@ _detect_profile() { DETECTED_PROFILE='' SHELLTYPE="$(basename "/$SHELL")" - if [ "$SHELLTYPE" = "bash" ] ; then - if [ -f "$HOME/.bashrc" ] ; then + if [ "$SHELLTYPE" = "bash" ]; then + if [ -f "$HOME/.bashrc" ]; then DETECTED_PROFILE="$HOME/.bashrc" - elif [ -f "$HOME/.bash_profile" ] ; then + elif [ -f "$HOME/.bash_profile" ]; then DETECTED_PROFILE="$HOME/.bash_profile" fi - elif [ "$SHELLTYPE" = "zsh" ] ; then + elif [ "$SHELLTYPE" = "zsh" ]; then DETECTED_PROFILE="$HOME/.zshrc" fi - if [ -z "$DETECTED_PROFILE" ] ; then - if [ -f "$HOME/.profile" ] ; then + if [ -z "$DETECTED_PROFILE" ]; then + if [ -f "$HOME/.profile" ]; then DETECTED_PROFILE="$HOME/.profile" - elif [ -f "$HOME/.bashrc" ] ; then + elif [ -f "$HOME/.bashrc" ]; then DETECTED_PROFILE="$HOME/.bashrc" - elif [ -f "$HOME/.bash_profile" ] ; then + elif [ -f "$HOME/.bash_profile" ]; then DETECTED_PROFILE="$HOME/.bash_profile" - elif [ -f "$HOME/.zshrc" ] ; then + elif [ -f "$HOME/.zshrc" ]; then DETECTED_PROFILE="$HOME/.zshrc" fi fi - if [ ! -z "$DETECTED_PROFILE" ] ; then + if [ ! -z "$DETECTED_PROFILE" ]; then echo "$DETECTED_PROFILE" fi } _initconf() { _initpath - if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then + if [ ! -f "$ACCOUNT_CONF_PATH" ]; then echo "#ACCOUNT_CONF_PATH=xxxx #Account configurations: @@ -3644,75 +3604,75 @@ _initconf() { #PDNS_Token=\"0123456789ABCDEF\" #PDNS_Ttl=60 - " > $ACCOUNT_CONF_PATH + " >$ACCOUNT_CONF_PATH fi } # nocron _precheck() { _nocron="$1" - - if ! _exists "curl" && ! _exists "wget"; then + + if ! _exists "curl" && ! _exists "wget"; then _err "Please install curl or wget first, we need to access http resources." return 1 fi - - if [ -z "$_nocron" ] ; then - if ! _exists "crontab" ; then + + if [ -z "$_nocron" ]; then + if ! _exists "crontab"; then _err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'." _err "We need to set cron job to renew the certs automatically." _err "Otherwise, your certs will not be able to be renewed automatically." - if [ -z "$FORCE" ] ; then + if [ -z "$FORCE" ]; then _err "Please add '--force' and try install again to go without crontab." _err "./$PROJECT_ENTRY --install --force" return 1 fi fi fi - - if ! _exists "openssl" ; then + + if ! _exists "openssl"; then _err "Please install openssl first." _err "We need openssl to generate keys." return 1 fi - - if ! _exists "nc" ; then + + if ! _exists "nc"; then _err "It is recommended to install nc first, try to install 'nc' or 'netcat'." _err "We use nc for standalone server if you use standalone mode." _err "If you don't use standalone mode, just ignore this warning." fi - + return 0 } _setShebang() { _file="$1" _shebang="$2" - if [ -z "$_shebang" ] ; then + if [ -z "$_shebang" ]; then _usage "Usage: file shebang" return 1 fi cp "$_file" "$_file.tmp" - echo "$_shebang" > "$_file" - sed -n 2,99999p "$_file.tmp" >> "$_file" - rm -f "$_file.tmp" + echo "$_shebang" >"$_file" + sed -n 2,99999p "$_file.tmp" >>"$_file" + rm -f "$_file.tmp" } _installalias() { _initpath _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env" - if [ "$_upgrading" ] && [ "$_upgrading" = "1" ] ; then - echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" > "$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.*$||" > "$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" > "$_envfile" + if [ "$_upgrading" ] && [ "$_upgrading" = "1" ]; then + echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" >"$_envfile" + echo "$(cat $_envfile)" | sed "s|^alias le.*$||" >"$_envfile" + echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" >"$_envfile" fi _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" _setopt "$_envfile" "alias $PROJECT_ENTRY" "=" "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" _profile="$(_detect_profile)" - if [ "$_profile" ] ; then + if [ "$_profile" ]; then _debug "Found profile: $_profile" _info "Installing alias to '$_profile'" _setopt "$_profile" ". \"$_envfile\"" @@ -3720,25 +3680,24 @@ _installalias() { else _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" fi - #for csh _cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" _csh_profile="$HOME/.cshrc" - if [ -f "$_csh_profile" ] ; then + if [ -f "$_csh_profile" ]; then _info "Installing alias to '$_csh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" - _setopt "$_csh_profile" "source \"$_cshfile\"" + _setopt "$_csh_profile" "source \"$_cshfile\"" fi - + #for tcsh _tcsh_profile="$HOME/.tcshrc" - if [ -f "$_tcsh_profile" ] ; then + if [ -f "$_tcsh_profile" ]; then _info "Installing alias to '$_tcsh_profile'" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" - _setopt "$_tcsh_profile" "source \"$_cshfile\"" + _setopt "$_tcsh_profile" "source \"$_cshfile\"" fi } @@ -3746,36 +3705,35 @@ _installalias() { # nocron install() { - if [ -z "$LE_WORKING_DIR" ] ; then + if [ -z "$LE_WORKING_DIR" ]; then LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" fi - + _nocron="$1" - if ! _initpath ; then + if ! _initpath; then _err "Install failed." return 1 fi - if [ "$_nocron" ] ; then + if [ "$_nocron" ]; then _debug "Skip install cron job" fi - - if ! _precheck "$_nocron" ; then + + if ! _precheck "$_nocron"; then _err "Pre-check failed, can not install." return 1 fi - + #convert from le - if [ -d "$HOME/.le" ] ; then - for envfile in "le.env" "le.sh.env" - do - if [ -f "$HOME/.le/$envfile" ] ; then - if grep "le.sh" "$HOME/.le/$envfile" >/dev/null ; then - _upgrading="1" - _info "You are upgrading from le.sh" - _info "Renaming \"$HOME/.le\" to $LE_WORKING_DIR" - mv "$HOME/.le" "$LE_WORKING_DIR" - mv "$LE_WORKING_DIR/$envfile" "$LE_WORKING_DIR/$PROJECT_ENTRY.env" - break; + if [ -d "$HOME/.le" ]; then + for envfile in "le.env" "le.sh.env"; do + if [ -f "$HOME/.le/$envfile" ]; then + if grep "le.sh" "$HOME/.le/$envfile" >/dev/null; then + _upgrading="1" + _info "You are upgrading from le.sh" + _info "Renaming \"$HOME/.le\" to $LE_WORKING_DIR" + mv "$HOME/.le" "$LE_WORKING_DIR" + mv "$LE_WORKING_DIR/$envfile" "$LE_WORKING_DIR/$PROJECT_ENTRY.env" + break fi fi done @@ -3783,16 +3741,16 @@ install() { _info "Installing to $LE_WORKING_DIR" - if ! mkdir -p "$LE_WORKING_DIR" ; then + if ! mkdir -p "$LE_WORKING_DIR"; then _err "Can not create working dir: $LE_WORKING_DIR" return 1 fi - + chmod 700 "$LE_WORKING_DIR" cp $PROJECT_ENTRY "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Install failed, can not copy $PROJECT_ENTRY" return 1 fi @@ -3801,43 +3759,42 @@ install() { _installalias - for subf in $_SUB_FOLDERS ; do - if [ -d "$subf" ] ; then + for subf in $_SUB_FOLDERS; do + if [ -d "$subf" ]; then mkdir -p $LE_WORKING_DIR/$subf - cp $subf/* $LE_WORKING_DIR/$subf/ + cp $subf/* $LE_WORKING_DIR/$subf/ fi done - - if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then + if [ ! -f "$ACCOUNT_CONF_PATH" ]; then _initconf fi - if [ "$_DEFAULT_ACCOUNT_CONF_PATH" != "$ACCOUNT_CONF_PATH" ] ; then + if [ "$_DEFAULT_ACCOUNT_CONF_PATH" != "$ACCOUNT_CONF_PATH" ]; then _setopt "$_DEFAULT_ACCOUNT_CONF_PATH" "ACCOUNT_CONF_PATH" "=" "\"$ACCOUNT_CONF_PATH\"" fi - if [ "$_DEFAULT_CERT_HOME" != "$CERT_HOME" ] ; then + if [ "$_DEFAULT_CERT_HOME" != "$CERT_HOME" ]; then _saveaccountconf "CERT_HOME" "$CERT_HOME" fi - if [ "$_DEFAULT_ACCOUNT_KEY_PATH" != "$ACCOUNT_KEY_PATH" ] ; then + if [ "$_DEFAULT_ACCOUNT_KEY_PATH" != "$ACCOUNT_KEY_PATH" ]; then _saveaccountconf "ACCOUNT_KEY_PATH" "$ACCOUNT_KEY_PATH" fi - - if [ -z "$_nocron" ] ; then + + if [ -z "$_nocron" ]; then installcronjob fi - if [ -z "$NO_DETECT_SH" ] ; then + if [ -z "$NO_DETECT_SH" ]; then #Modify shebang - if _exists bash ; then + if _exists bash; then _info "Good, bash is found, so change the shebang to use bash as prefered." _shebang='#!/usr/bin/env bash' _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" - for subf in $_SUB_FOLDERS ; do - if [ -d "$LE_WORKING_DIR/$subf" ] ; then - for _apifile in "$LE_WORKING_DIR/$subf/"*.sh ; do + for subf in $_SUB_FOLDERS; do + if [ -d "$LE_WORKING_DIR/$subf" ]; then + for _apifile in "$LE_WORKING_DIR/$subf/"*.sh; do _setShebang "$_apifile" "$_shebang" done fi @@ -3851,13 +3808,13 @@ install() { # nocron uninstall() { _nocron="$1" - if [ -z "$_nocron" ] ; then + if [ -z "$_nocron" ]; then uninstallcronjob fi _initpath _uninstallalias - + rm -f $LE_WORKING_DIR/$PROJECT_ENTRY _info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself." @@ -3867,24 +3824,24 @@ _uninstallalias() { _initpath _profile="$(_detect_profile)" - if [ "$_profile" ] ; then + if [ "$_profile" ]; then _info "Uninstalling alias from: '$_profile'" text="$(cat $_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" > "$_profile" + echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" >"$_profile" fi _csh_profile="$HOME/.cshrc" - if [ -f "$_csh_profile" ] ; then + if [ -f "$_csh_profile" ]; then _info "Uninstalling alias from: '$_csh_profile'" text="$(cat $_csh_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_csh_profile" + echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" >"$_csh_profile" fi - + _tcsh_profile="$HOME/.tcshrc" - if [ -f "$_tcsh_profile" ] ; then + if [ -f "$_tcsh_profile" ]; then _info "Uninstalling alias from: '$_csh_profile'" text="$(cat $_tcsh_profile)" - echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" > "$_tcsh_profile" + echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" >"$_tcsh_profile" fi } @@ -3892,20 +3849,20 @@ _uninstallalias() { cron() { IN_CRON=1 _initpath - if [ "$AUTO_UPGRADE" = "1" ] ; then + if [ "$AUTO_UPGRADE" = "1" ]; then export LE_WORKING_DIR ( - if ! upgrade ; then - _err "Cron:Upgrade failed!" - return 1 - fi + if ! upgrade; then + _err "Cron:Upgrade failed!" + return 1 + fi ) . $LE_WORKING_DIR/$PROJECT_ENTRY >/dev/null - if [ -t 1 ] ; then + if [ -t 1 ]; then __INTERACTIVE="1" fi - + _info "Auto upgraded to: $VER" fi renewAll @@ -4008,31 +3965,31 @@ Parameters: _installOnline() { _info "Installing from online archive." _nocron="$1" - if [ ! "$BRANCH" ] ; then + if [ ! "$BRANCH" ]; then BRANCH="master" fi target="$PROJECT/archive/$BRANCH.tar.gz" _info "Downloading $target" localname="$BRANCH.tar.gz" - if ! _get "$target" > $localname ; then + if ! _get "$target" >$localname; then _err "Download error." return 1 fi ( - _info "Extracting $localname" - tar xzf $localname - - cd "$PROJECT_NAME-$BRANCH" - chmod +x $PROJECT_ENTRY - if ./$PROJECT_ENTRY install "$_nocron" ; then - _info "Install success!" - fi - - cd .. - - rm -rf "$PROJECT_NAME-$BRANCH" - rm -f "$localname" + _info "Extracting $localname" + tar xzf $localname + + cd "$PROJECT_NAME-$BRANCH" + chmod +x $PROJECT_ENTRY + if ./$PROJECT_ENTRY install "$_nocron"; then + _info "Install success!" + fi + + cd .. + + rm -rf "$PROJECT_NAME-$BRANCH" + rm -f "$localname" ) } @@ -4042,7 +3999,7 @@ upgrade() { export LE_WORKING_DIR cd "$LE_WORKING_DIR" _installOnline "nocron" - ) ; then + ); then _info "Upgrade success!" exit 0 else @@ -4052,24 +4009,24 @@ upgrade() { } _processAccountConf() { - if [ "$_useragent" ] ; then + if [ "$_useragent" ]; then _saveaccountconf "USER_AGENT" "$_useragent" - elif [ "$USER_AGENT" ] && [ "$USER_AGENT" != "$DEFAULT_USER_AGENT" ] ; then + elif [ "$USER_AGENT" ] && [ "$USER_AGENT" != "$DEFAULT_USER_AGENT" ]; then _saveaccountconf "USER_AGENT" "$USER_AGENT" fi - - if [ "$_accountemail" ] ; then + + if [ "$_accountemail" ]; then _saveaccountconf "ACCOUNT_EMAIL" "$_accountemail" - elif [ "$ACCOUNT_EMAIL" ] && [ "$ACCOUNT_EMAIL" != "$DEFAULT_ACCOUNT_EMAIL" ] ; then + elif [ "$ACCOUNT_EMAIL" ] && [ "$ACCOUNT_EMAIL" != "$DEFAULT_ACCOUNT_EMAIL" ]; then _saveaccountconf "ACCOUNT_EMAIL" "$ACCOUNT_EMAIL" fi - - if [ "$_auto_upgrade" ] ; then + + if [ "$_auto_upgrade" ]; then _saveaccountconf "AUTO_UPGRADE" "$_auto_upgrade" - elif [ "$AUTO_UPGRADE" ] ; then + elif [ "$AUTO_UPGRADE" ]; then _saveaccountconf "AUTO_UPGRADE" "$AUTO_UPGRADE" fi - + } _process() { @@ -4111,339 +4068,339 @@ _process() { _auto_upgrade="" _listen_v4="" _listen_v6="" - while [ ${#} -gt 0 ] ; do + while [ ${#} -gt 0 ]; do case "${1}" in - - --help|-h) + + --help | -h) showhelp return ;; - --version|-v) + --version | -v) version return ;; - --install) + --install) _CMD="install" ;; - --uninstall) + --uninstall) _CMD="uninstall" ;; - --upgrade) + --upgrade) _CMD="upgrade" ;; - --issue) + --issue) _CMD="issue" ;; - --deploy) + --deploy) _CMD="deploy" ;; - --signcsr) + --signcsr) _CMD="signcsr" ;; - --showcsr) + --showcsr) _CMD="showcsr" ;; - --installcert|-i) + --installcert | -i) _CMD="installcert" ;; - --renew|-r) + --renew | -r) _CMD="renew" ;; - --renewAll|--renewall) + --renewAll | --renewall) _CMD="renewAll" ;; - --revoke) + --revoke) _CMD="revoke" ;; - --list) + --list) _CMD="list" ;; - --installcronjob) + --installcronjob) _CMD="installcronjob" ;; - --uninstallcronjob) + --uninstallcronjob) _CMD="uninstallcronjob" ;; - --cron) + --cron) _CMD="cron" ;; - --toPkcs) + --toPkcs) _CMD="toPkcs" - ;; - --createAccountKey|--createaccountkey|-cak) + ;; + --createAccountKey | --createaccountkey | -cak) _CMD="createAccountKey" ;; - --createDomainKey|--createdomainkey|-cdk) + --createDomainKey | --createdomainkey | -cdk) _CMD="createDomainKey" ;; - --createCSR|--createcsr|-ccr) + --createCSR | --createcsr | -ccr) _CMD="createCSR" ;; - --deactivate) + --deactivate) _CMD="deactivate" ;; - --updateaccount) + --updateaccount) _CMD="updateaccount" ;; - --registeraccount) + --registeraccount) _CMD="registeraccount" ;; - --domain|-d) + --domain | -d) _dvalue="$2" - - if [ "$_dvalue" ] ; then - if _startswith "$_dvalue" "-" ; then + + if [ "$_dvalue" ]; then + if _startswith "$_dvalue" "-"; then _err "'$_dvalue' is not a valid domain for parameter '$1'" return 1 fi - if _is_idn "$_dvalue" && ! _exists idn ; then + if _is_idn "$_dvalue" && ! _exists idn; then _err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first." return 1 fi - - if [ -z "$_domain" ] ; then + + if [ -z "$_domain" ]; then _domain="$_dvalue" else - if [ "$_altdomains" = "$NO_VALUE" ] ; then + if [ "$_altdomains" = "$NO_VALUE" ]; then _altdomains="$_dvalue" else _altdomains="$_altdomains,$_dvalue" fi fi fi - + shift ;; - --force|-f) + --force | -f) FORCE="1" ;; - --staging|--test) + --staging | --test) STAGE="1" ;; - --debug) - if [ -z "$2" ] || _startswith "$2" "-" ; then + --debug) + if [ -z "$2" ] || _startswith "$2" "-"; then DEBUG="1" else DEBUG="$2" shift - fi + fi ;; - --webroot|-w) + --webroot | -w) wvalue="$2" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi shift - ;; - --standalone) + ;; + --standalone) wvalue="$NO_VALUE" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --local-address) + --local-address) lvalue="$2" _local_address="$_local_address$lvalue," shift ;; - --apache) + --apache) wvalue="apache" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --tls) + --tls) wvalue="$W_TLS" - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --dns) + --dns) wvalue="dns" - if ! _startswith "$2" "-" ; then + if ! _startswith "$2" "-"; then wvalue="$2" shift fi - if [ -z "$_webroot" ] ; then + if [ -z "$_webroot" ]; then _webroot="$wvalue" else _webroot="$_webroot,$wvalue" fi ;; - --dnssleep) + --dnssleep) _dnssleep="$2" Le_DNSSleep="$_dnssleep" shift ;; - - --keylength|-k) + + --keylength | -k) _keylength="$2" shift ;; - --accountkeylength|-ak) + --accountkeylength | -ak) _accountkeylength="$2" shift ;; - --certpath) + --certpath) _certpath="$2" shift ;; - --keypath) + --keypath) _keypath="$2" shift ;; - --capath) + --capath) _capath="$2" shift ;; - --fullchainpath) + --fullchainpath) _fullchainpath="$2" shift ;; - --reloadcmd|--reloadCmd) + --reloadcmd | --reloadCmd) _reloadcmd="$2" shift ;; - --password) + --password) _password="$2" shift ;; - --accountconf) + --accountconf) _accountconf="$2" ACCOUNT_CONF_PATH="$_accountconf" shift ;; - --home) + --home) LE_WORKING_DIR="$2" shift ;; - --certhome) + --certhome) _certhome="$2" CERT_HOME="$_certhome" shift - ;; - --useragent) + ;; + --useragent) _useragent="$2" USER_AGENT="$_useragent" shift ;; - --accountemail ) + --accountemail) _accountemail="$2" ACCOUNT_EMAIL="$_accountemail" shift ;; - --accountkey ) + --accountkey) _accountkey="$2" ACCOUNT_KEY_PATH="$_accountkey" shift ;; - --days ) + --days) _days="$2" Le_RenewalDays="$_days" shift ;; - --httpport ) + --httpport) _httpport="$2" Le_HTTPPort="$_httpport" shift ;; - --tlsport ) + --tlsport) _tlsport="$2" Le_TLSPort="$_tlsport" shift ;; - - --listraw ) + + --listraw) _listraw="raw" - ;; - --stopRenewOnError|--stoprenewonerror|-se ) + ;; + --stopRenewOnError | --stoprenewonerror | -se) _stopRenewOnError="1" ;; - --insecure) + --insecure) _insecure="1" HTTPS_INSECURE="1" ;; - --ca-bundle) + --ca-bundle) _ca_bundle="$(readlink -f $2)" CA_BUNDLE="$_ca_bundle" shift ;; - --nocron) + --nocron) _nocron="1" ;; - --ecc) + --ecc) _ecc="isEcc" ;; - --csr) + --csr) _csr="$2" shift ;; - --pre-hook) + --pre-hook) _pre_hook="$2" shift ;; - --post-hook) + --post-hook) _post_hook="$2" shift ;; - --renew-hook) + --renew-hook) _renew_hook="$2" shift ;; - --deploy-hook) + --deploy-hook) _deploy_hook="$2" shift ;; - --ocsp-must-staple|--ocsp) + --ocsp-must-staple | --ocsp) Le_OCSP_Stable="1" ;; - --log|--logfile) + --log | --logfile) _log="1" _logfile="$2" - if _startswith "$_logfile" '-' ; then + if _startswith "$_logfile" '-'; then _logfile="" else shift fi LOG_FILE="$_logfile" - if [ -z "$LOG_LEVEL" ] ; then + if [ -z "$LOG_LEVEL" ]; then LOG_LEVEL="$DEFAULT_LOG_LEVEL" fi ;; - --log-level) + --log-level) _log_level="$2" LOG_LEVEL="$_log_level" shift ;; - --auto-upgrade) + --auto-upgrade) _auto_upgrade="$2" - if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-' ; then + if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then _auto_upgrade="1" else shift fi AUTO_UPGRADE="$_auto_upgrade" ;; - --listen-v4) + --listen-v4) _listen_v4="1" Le_Listen_V4="$_listen_v4" ;; - --listen-v6) + --listen-v6) _listen_v6="1" Le_Listen_V6="$_listen_v6" ;; - - *) + + *) _err "Unknown parameter : $1" return 1 ;; @@ -4452,29 +4409,29 @@ _process() { shift 1 done - if [ "${_CMD}" != "install" ] ; then + if [ "${_CMD}" != "install" ]; then __initHome if [ "$_log" ]; then - if [ -z "$_logfile" ] ; then + if [ -z "$_logfile" ]; then _logfile="$DEFAULT_LOG_FILE" fi fi - if [ "$_logfile" ] ; then + if [ "$_logfile" ]; then _saveaccountconf "LOG_FILE" "$_logfile" LOG_FILE="$_logfile" fi - if [ "$_log_level" ] ; then + if [ "$_log_level" ]; then _saveaccountconf "LOG_LEVEL" "$_log_level" LOG_LEVEL="$_log_level" fi - + _processAccountConf fi - + _debug2 LE_WORKING_DIR "$LE_WORKING_DIR" - - if [ "$DEBUG" ] ; then + + if [ "$DEBUG" ]; then version fi @@ -4483,7 +4440,7 @@ _process() { uninstall) uninstall "$_nocron" ;; upgrade) upgrade ;; issue) - issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" + issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" ;; deploy) deploy "$_domain" "$_deploy_hook" "$_ecc" @@ -4497,63 +4454,63 @@ _process() { installcert) installcert "$_domain" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_ecc" ;; - renew) + renew) renew "$_domain" "$_ecc" ;; - renewAll) + renewAll) renewAll "$_stopRenewOnError" ;; - revoke) + revoke) revoke "$_domain" "$_ecc" ;; - deactivate) + deactivate) deactivate "$_domain,$_altdomains" ;; - registeraccount) + registeraccount) registeraccount "$_accountkeylength" ;; - updateaccount) + updateaccount) updateaccount ;; - list) + list) list "$_listraw" ;; installcronjob) installcronjob ;; uninstallcronjob) uninstallcronjob ;; cron) cron ;; - toPkcs) + toPkcs) toPkcs "$_domain" "$_password" "$_ecc" ;; - createAccountKey) + createAccountKey) createAccountKey "$_accountkeylength" ;; - createDomainKey) + createDomainKey) createDomainKey "$_domain" "$_keylength" ;; - createCSR) + createCSR) createCSR "$_domain" "$_altdomains" "$_ecc" ;; *) _err "Invalid command: $_CMD" - showhelp; + showhelp return 1 - ;; + ;; esac _ret="$?" - if [ "$_ret" != "0" ] ; then + if [ "$_ret" != "0" ]; then return $_ret fi - - if [ "${_CMD}" = "install" ] ; then - if [ "$_log" ] ; then - if [ -z "$LOG_FILE" ] ; then + + if [ "${_CMD}" = "install" ]; then + if [ "$_log" ]; then + if [ -z "$LOG_FILE" ]; then LOG_FILE="$DEFAULT_LOG_FILE" fi _saveaccountconf "LOG_FILE" "$LOG_FILE" fi - - if [ "$_log_level" ] ; then + + if [ "$_log_level" ]; then _saveaccountconf "LOG_LEVEL" "$_log_level" fi _processAccountConf @@ -4561,24 +4518,15 @@ _process() { } - -if [ "$INSTALLONLINE" ] ; then +if [ "$INSTALLONLINE" ]; then INSTALLONLINE="" _installOnline $BRANCH exit fi - - - - main() { [ -z "$1" ] && showhelp && return - if _startswith "$1" '-' ; then _process "$@"; else "$@";fi + if _startswith "$1" '-'; then _process "$@"; else "$@"; fi } - main "$@" - - - diff --git a/deploy/myapi.sh b/deploy/myapi.sh index 52e313e..5075fab 100644 --- a/deploy/myapi.sh +++ b/deploy/myapi.sh @@ -6,8 +6,6 @@ #Which will be called by acme.sh to deploy the cert #returns 0 means success, otherwise error. - - ######## Public functions ##################### #domain keyfile certfile cafile fullchain @@ -17,17 +15,14 @@ myapi_deploy() { _ccert="$3" _cca="$4" _cfullchain="$5" - + _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - - + _err "Not implemented yet" return 1 } - - diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index b2dc7eb..63acb28 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -1,54 +1,52 @@ #!/usr/bin/env sh - # #CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" # #CF_Email="xxxx@sss.com" - CF_Api="https://api.cloudflare.com/client/v4" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cf_add(){ +dns_cf_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$CF_Key" ] || [ -z "$CF_Email" ] ; then + + if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then _err "You don't specify cloudflare api key and email yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf CF_Key "$CF_Key" _saveaccountconf CF_Email "$CF_Email" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain" - - if ! printf "$response" | grep \"success\":true > /dev/null ; then + + if ! printf "$response" | grep \"success\":true >/dev/null; then _err "Error" return 1 fi - + count=$(printf "%s\n" "$response" | _egrep_o \"count\":[^,]* | cut -d : -f 2) _debug count "$count" - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then _info "Adding record" - if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep $fulldomain > /dev/null ; then + if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then _info "Added, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect @@ -61,22 +59,21 @@ dns_cf_add(){ _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \"| head -n 1) + record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \" | head -n 1) _debug "record_id" $record_id - - _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" + + _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" if [ "$?" = "0" ]; then _info "Updated, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect - return 0; + return 0 fi _err "Update error" return 1 fi - -} +} #fulldomain dns_cf_rm() { @@ -84,7 +81,6 @@ dns_cf_rm() { } - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -95,20 +91,20 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - - if ! _cf_rest GET "zones?name=$h" ; then + + if ! _cf_rest GET "zones?name=$h"; then return 1 fi - - if printf $response | grep \"name\":\"$h\" >/dev/null ; then + + if printf $response | grep \"name\":\"$h\" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | head -n 1 | cut -d : -f 2 | tr -d \") - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -126,24 +122,22 @@ _cf_rest() { ep="$2" data="$3" _debug $ep - + _H1="X-Auth-Email: $CF_Email" _H2="X-Auth-Key: $CF_Key" _H3="Content-Type: application/json" - - if [ "$data" ] ; then + + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$CF_Api/$ep" "" $m)" else response="$(_get "$CF_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index ae162d6..81eb896 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -6,10 +6,8 @@ # #CX_Secret="sADDsdasdgdsf" - CX_Api="https://www.cloudxns.net/api2" - #REST_API ######## Public functions ##################### @@ -17,54 +15,50 @@ CX_Api="https://www.cloudxns.net/api2" dns_cx_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ] ; then + + if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then _err "You don't specify cloudxns.com api key or secret yet." _err "Please create you key and try again." return 1 fi - + REST_API=$CX_Api - + #save the api key and email to the account conf file. _saveaccountconf CX_Key "$CX_Key" _saveaccountconf CX_Secret "$CX_Secret" - - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi - - existing_records $_domain $_sub_domain + + existing_records $_domain $_sub_domain _debug count "$count" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Error get existing records." return 1 fi - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then add_record $_domain $_sub_domain $txtvalue else update_record $_domain $_sub_domain $txtvalue fi - - if [ "$?" = "0" ] ; then + + if [ "$?" = "0" ]; then return 0 fi return 1 } - - #fulldomain dns_cx_rm() { fulldomain=$1 } - #usage: root sub #return if the sub record already exists. #echos the existing records count. @@ -73,24 +67,24 @@ existing_records() { _debug "Getting txt records" root=$1 sub=$2 - - if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100" ; then + + if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100"; then return 1 fi count=0 seg=$(printf "%s\n" "$response" | _egrep_o "{[^\{]*host\":\"$_sub_domain\"[^\}]*\}") _debug seg "$seg" - if [ -z "$seg" ] ; then + if [ -z "$seg" ]; then return 0 fi - if printf "$response" | grep '"type":"TXT"' > /dev/null ; then + if printf "$response" | grep '"type":"TXT"' >/dev/null; then count=1 record_id=$(printf "%s\n" "$seg" | _egrep_o \"record_id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug record_id "$record_id" - return 0 + return 0 fi - + } #add the txt record. @@ -100,13 +94,13 @@ add_record() { sub=$2 txtvalue=$3 fulldomain=$sub.$root - + _info "Adding record" - + if ! _rest POST "record" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then return 1 fi - + return 0 } @@ -117,19 +111,16 @@ update_record() { sub=$2 txtvalue=$3 fulldomain=$sub.$root - + _info "Updating record" - - if _rest PUT "record/$record_id" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}" ; then + + if _rest PUT "record/$record_id" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then return 0 fi - + return 1 } - - - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -140,25 +131,25 @@ _get_root() { domain=$1 i=2 p=1 - - if ! _rest GET "domain" ; then + + if ! _rest GET "domain"; then return 1 fi - - while [ '1' ] ; do + + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) _debug h "$h" - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - if printf "$response" | grep "$h." >/dev/null ; then - seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}" ) + if printf "$response" | grep "$h." >/dev/null; then + seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}") _debug seg "$seg" _domain_id=$(printf "%s" "$seg" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _debug _sub_domain $_sub_domain _domain=$h @@ -173,7 +164,6 @@ _get_root() { return 1 } - #Usage: method URI data _rest() { m=$1 @@ -181,38 +171,36 @@ _rest() { _debug $ep url="$REST_API/$ep" _debug url "$url" - - cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") + + cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") _debug cdate "$cdate" - + data="$3" _debug data "$data" - + sec="$CX_Key$url$data$cdate$CX_Secret" _debug sec "$sec" - hmac=$(printf "$sec"| openssl md5 |cut -d " " -f 2) + hmac=$(printf "$sec" | openssl md5 | cut -d " " -f 2) _debug hmac "$hmac" - + _H1="API-KEY: $CX_Key" _H2="API-REQUEST-DATE: $cdate" _H3="API-HMAC: $hmac" _H4="Content-Type: application/json" - if [ "$data" ] ; then + if [ "$data" ]; then response="$(_post "$data" "$url" "" $m)" else response="$(_get "$url")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" - if ! printf "$response" | grep '"message":"success"' > /dev/null ; then + if ! printf "$response" | grep '"message":"success"' >/dev/null; then return 1 fi return 0 } - - diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 898806b..4ec8da6 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -18,7 +18,7 @@ dns_dp_add() { fulldomain=$1 txtvalue=$2 - if [ -z "$DP_Id" ] || [ -z "$DP_Key" ] ; then + if [ -z "$DP_Id" ] || [ -z "$DP_Key" ]; then _err "You don't specify dnspod api key and key id yet." _err "Please create you key and try again." return 1 @@ -39,12 +39,12 @@ dns_dp_add() { existing_records $_domain $_sub_domain _debug count "$count" - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "Error get existing records." return 1 fi - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then add_record $_domain $_sub_domain $txtvalue else update_record $_domain $_sub_domain $txtvalue @@ -149,9 +149,9 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid return 1; fi @@ -163,7 +163,7 @@ _get_root() { if printf "$response" | grep "Action completed successful" >/dev/null ; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _debug _sub_domain $_sub_domain _domain=$h @@ -189,14 +189,14 @@ _rest() { _debug url "$url" - if [ "$data" ] ; then + if [ "$data" ]; then _debug2 data "$data" response="$(_post $data "$url")" else response="$(_get "$url")" fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 0f399b4..51ca8db 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -6,39 +6,37 @@ # #GD_Secret="asdfsdfsfsdfsdfdfsdf" - GD_Api="https://api.godaddy.com/v1" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_gd_add(){ +dns_gd_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ] ; then + + if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ]; then _err "You don't specify godaddy api key and secret yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf GD_Key "$GD_Key" _saveaccountconf GD_Secret "$GD_Secret" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _info "Adding record" - if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[{\"data\":\"$txtvalue\"}]"; then - if [ "$response" = "{}" ] ; then + if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[{\"data\":\"$txtvalue\"}]"; then + if [ "$response" = "{}" ]; then _info "Added, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect @@ -50,10 +48,8 @@ dns_gd_add(){ fi fi _err "Add txt record error." - -} - +} #fulldomain dns_gd_rm() { @@ -61,9 +57,6 @@ dns_gd_rm() { } - - - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -74,18 +67,18 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - - if ! _gd_rest GET "domains/$h" ; then + + if ! _gd_rest GET "domains/$h"; then return 1 fi - - if printf "$response" | grep '"code":"NOT_FOUND"' >/dev/null ; then + + if printf "$response" | grep '"code":"NOT_FOUND"' >/dev/null; then _debug "$h not found" else _sub_domain=$(printf $domain | cut -d . -f 1-$p) @@ -103,23 +96,21 @@ _gd_rest() { ep="$2" data="$3" _debug $ep - + _H1="Authorization: sso-key $GD_Key:$GD_Secret" _H2="Content-Type: application/json" - - if [ "$data" ] ; then + + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$GD_Api/$ep" "" $m)" else response="$(_get "$GD_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 34f7637..847b999 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -13,15 +13,15 @@ wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api" dns_lexicon_add() { fulldomain=$1 txtvalue=$2 - + domain=$(printf "$fulldomain" | cut -d . -f 2-999) - - if ! _exists $lexicon_cmd ; then + + if ! _exists $lexicon_cmd; then _err "Please install $lexicon_cmd first: $wiki" return 1 fi - - if [ -z "$PROVIDER" ] ; then + + if [ -z "$PROVIDER" ]; then _err "Please define env PROVIDER first: $wiki" return 1 fi @@ -29,34 +29,34 @@ dns_lexicon_add() { _savedomainconf PROVIDER "$PROVIDER" export PROVIDER - Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr [a-z] [A-Z]) + Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr [a-z] [A-Z]) eval Lx_name_v="\$$Lx_name" _debug "$Lx_name" "$Lx_name_v" - if [ "$Lx_name_v" ] ; then + if [ "$Lx_name_v" ]; then _saveaccountconf $Lx_name "$Lx_name_v" export "$Lx_name" fi - - Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr [a-z] [A-Z]) + + Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr [a-z] [A-Z]) eval Lx_token_v="\$$Lx_token" _debug "$Lx_token" "$Lx_token_v" - if [ "$Lx_token_v" ] ; then + if [ "$Lx_token_v" ]; then _saveaccountconf $Lx_token "$Lx_token_v" export "$Lx_token" fi - - Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr [a-z] [A-Z]) + + Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr [a-z] [A-Z]) eval Lx_password_v="\$$Lx_password" _debug "$Lx_password" "$Lx_password_v" - if [ "$Lx_password_v" ] ; then + if [ "$Lx_password_v" ]; then _saveaccountconf $Lx_password "$Lx_password_v" export "$Lx_password" fi - - Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr [a-z] [A-Z]) + + Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr [a-z] [A-Z]) eval Lx_domaintoken_v="\$$Lx_domaintoken" _debug "$Lx_domaintoken" "$Lx_domaintoken_v" - if [ "$Lx_domaintoken_v" ] ; then + if [ "$Lx_domaintoken_v" ]; then export "$Lx_domaintoken" _saveaccountconf $Lx_domaintoken "$Lx_domaintoken_v" fi @@ -65,14 +65,8 @@ dns_lexicon_add() { } - #fulldomain dns_lexicon_rm() { fulldomain=$1 } - - - - - diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index a59e0d0..efd197c 100644 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -16,40 +16,40 @@ LUA_auth=$(printf $LUA_Email:$LUA_Key | _base64) dns_lua_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ] ; then + + if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ]; then _err "You don't specify luadns api key and email yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf LUA_Key "$LUA_Key" _saveaccountconf LUA_Email "$LUA_Email" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _LUA_rest GET "zones/${_domain_id}/records" - - if ! printf "$response" | grep \"id\": > /dev/null ; then + + if ! printf "$response" | grep \"id\": >/dev/null; then _err "Error" return 1 fi - + count=$(printf "%s\n" "$response" | _egrep_o \"name\":\"$fulldomain\" | wc -l) _debug count "$count" - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then _info "Adding record" - if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep $fulldomain > /dev/null ; then + if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then _info "Added" #todo: check if the record takes effect return 0 @@ -61,21 +61,20 @@ dns_lua_add() { _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2|cut -d, -f1 ) + record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2 | cut -d, -f1) _debug "record_id" $record_id - - _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" + + _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" if [ "$?" = "0" ]; then _info "Updated!" #todo: check if the record takes effect - return 0; + return 0 fi _err "Update error" return 1 fi - -} +} #fulldomain dns_lua_rm() { @@ -83,7 +82,6 @@ dns_lua_rm() { } - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -94,19 +92,19 @@ _get_root() { domain=$1 i=2 p=1 - if ! _LUA_rest GET "zones" ; then - return 1 - fi - while [ '1' ] ; do + if ! _LUA_rest GET "zones"; then + return 1 + fi + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - - if printf $response | grep \"name\":\"$h\" >/dev/null ; then + + if printf $response | grep \"name\":\"$h\" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$h\" | cut -d : -f 2 | cut -d , -f 1) - if [ "$_domain_id" ] ; then + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -124,22 +122,20 @@ _LUA_rest() { ep="$2" data="$3" _debug $ep - + _H1="Accept: application/json" _H2="Authorization: Basic $LUA_auth" - if [ "$data" ] ; then + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$LUA_Api/$ep" "" $m)" else response="$(_get "$LUA_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_myapi.sh b/dnsapi/dns_myapi.sh index 73b1ea8..813a2ed 100755 --- a/dnsapi/dns_myapi.sh +++ b/dnsapi/dns_myapi.sh @@ -6,8 +6,6 @@ #Which will be called by acme.sh to add the txt record to your api system. #returns 0 means success, otherwise error. - - ######## Public functions ##################### #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -15,21 +13,18 @@ dns_myapi_add() { fulldomain=$1 txtvalue=$2 _err "Not implemented!" - return 1; + return 1 } - - #fulldomain dns_myapi_rm() { fulldomain=$1 } - #################### Private functions bellow ################################## _info() { - if [ -z "$2" ] ; then + if [ -z "$2" ]; then echo "[$(date)] $1" else echo "[$(date)] $1='$2'" @@ -42,7 +37,7 @@ _err() { } _debug() { - if [ -z "$DEBUG" ] ; then + if [ -z "$DEBUG" ]; then return fi _err "$@" @@ -50,8 +45,8 @@ _debug() { } _debug2() { - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _debug "$@" fi return -} \ No newline at end of file +} diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index b31d02f..782c083 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -1,6 +1,5 @@ #!/usr/bin/env sh - #Applcation Key #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" # @@ -10,10 +9,8 @@ #Consumer Key #OVH_CK="sdfsdfsdfsdfsdfdsf" - #OVH_END_POINT=ovh-eu - #'ovh-eu' OVH_EU='https://eu.api.ovh.com/1.0' @@ -35,121 +32,116 @@ SYS_CA='https://ca.api.soyoustart.com/1.0' #'runabove-ca' RAV_CA='https://api.runabove.com/1.0' - wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api" ovh_success="https://github.com/Neilpang/acme.sh/wiki/OVH-Success" - - _ovh_get_api() { _ogaep="$1" case "${_ogaep}" in - - ovh-eu|ovheu) - printf "%s" $OVH_EU - return - ;; - ovh-ca|ovhca) - printf "%s" $OVH_CA - return - ;; - kimsufi-eu|kimsufieu) - printf "%s" $KSF_EU - return - ;; - kimsufi-ca|kimsufica) - printf "%s" $KSF_CA - return - ;; - soyoustart-eu|soyoustarteu) - printf "%s" $SYS_EU - return - ;; - soyoustart-ca|soyoustartca) - printf "%s" $SYS_CA - return - ;; - runabove-ca|runaboveca) - printf "%s" $RAV_CA - return - ;; - - + + ovh-eu | ovheu) + printf "%s" $OVH_EU + return + ;; + ovh-ca | ovhca) + printf "%s" $OVH_CA + return + ;; + kimsufi-eu | kimsufieu) + printf "%s" $KSF_EU + return + ;; + kimsufi-ca | kimsufica) + printf "%s" $KSF_CA + return + ;; + soyoustart-eu | soyoustarteu) + printf "%s" $SYS_EU + return + ;; + soyoustart-ca | soyoustartca) + printf "%s" $SYS_CA + return + ;; + runabove-ca | runaboveca) + printf "%s" $RAV_CA + return + ;; + *) - _err "Unknown parameter : $1" - return 1 - ;; - esac + + _err "Unknown parameter : $1" + return 1 + ;; + esac } ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_ovh_add(){ +dns_ovh_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ] ; then + + if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then _err "You don't specify OVH application key and application secret yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf OVH_AK "$OVH_AK" _saveaccountconf OVH_AS "$OVH_AS" - - - if [ -z "$OVH_END_POINT" ] ; then + + if [ -z "$OVH_END_POINT" ]; then OVH_END_POINT="ovh-eu" fi _info "Using OVH endpoint: $OVH_END_POINT" - if [ "$OVH_END_POINT" != "ovh-eu" ] ; then - _saveaccountconf OVH_END_POINT "$OVH_END_POINT" + if [ "$OVH_END_POINT" != "ovh-eu" ]; then + _saveaccountconf OVH_END_POINT "$OVH_END_POINT" fi - - OVH_API="$(_ovh_get_api $OVH_END_POINT )" + + OVH_API="$(_ovh_get_api $OVH_END_POINT)" _debug OVH_API "$OVH_API" - if [ -z "$OVH_CK" ] ; then + if [ -z "$OVH_CK" ]; then _info "OVH consumer key is empty, Let's get one:" - if ! _ovh_authentication ; then + if ! _ovh_authentication; then _err "Can not get consumer key." fi #return and wait for retry. - return 1; + return 1 fi - - + _info "Checking authentication" - + response="$(_ovh_rest GET "domain/")" - if _contains "$response" "INVALID_CREDENTIAL" ; then + if _contains "$response" "INVALID_CREDENTIAL"; then _err "The consumer key is invalid: $OVH_CK" _err "Please retry to create a new one." - _clearaccountconf OVH_CK + _clearaccountconf OVH_CK return 1 fi _info "Consumer key is ok." - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain" - - if _contains "$response" '\[\]' || _contains "$response" "This service does not exist" ; then + + if _contains "$response" '\[\]' || _contains "$response" "This service does not exist"; then _info "Adding record" - if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then - if _contains "$response" "$txtvalue" ; then + if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then + if _contains "$response" "$txtvalue"; then _ovh_rest POST "domain/zone/$_domain/refresh" _debug "Refresh:$response" _info "Added, sleeping 10 seconds" @@ -161,27 +153,26 @@ dns_ovh_add(){ else _info "Updating record" record_id=$(printf "%s" "$response" | tr -d "[]" | cut -d , -f 1) - if [ -z "$record_id" ] ; then + if [ -z "$record_id" ]; then _err "Can not get record id." return 1 fi _debug "record_id" $record_id - if _ovh_rest PUT "domain/zone/$_domain/record/$record_id" "{\"target\":\"$txtvalue\",\"subDomain\":\"$_sub_domain\",\"ttl\":60}" ; then - if _contains "$response" "null" ; then + if _ovh_rest PUT "domain/zone/$_domain/record/$record_id" "{\"target\":\"$txtvalue\",\"subDomain\":\"$_sub_domain\",\"ttl\":60}"; then + if _contains "$response" "null"; then _ovh_rest POST "domain/zone/$_domain/refresh" _debug "Refresh:$response" _info "Updated, sleeping 10 seconds" sleep 10 - return 0; + return 0 fi fi _err "Update error" return 1 fi - -} +} #fulldomain dns_ovh_rm() { @@ -189,45 +180,43 @@ dns_ovh_rm() { } - #################### Private functions bellow ################################## _ovh_authentication() { - + _H1="X-Ovh-Application: $OVH_AK" _H2="Content-type: application/json" _H3="" _H4="" - + _ovhdata='{"accessRules": [{"method": "GET","path": "/*"},{"method": "POST","path": "/*"},{"method": "PUT","path": "/*"},{"method": "DELETE","path": "/*"}],"redirection":"'$ovh_success'"}' - + response="$(_post "$_ovhdata" "$OVH_API/auth/credential")" _debug3 response "$response" validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')" - if [ -z "$validationUrl" ] ; then + if [ -z "$validationUrl" ]; then _err "Unable to get validationUrl" return 1 fi _debug validationUrl "$validationUrl" - + consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" - if [ -z "$consumerKey" ] ; then + if [ -z "$consumerKey" ]; then _err "Unable to get consumerKey" return 1 fi _debug consumerKey "$consumerKey" - + OVH_CK="$consumerKey" _saveaccountconf OVH_CK "$OVH_CK" - - _info "Please open this link to do authentication: $(__green "$validationUrl" )" - _info "Here is a guide for you: $(__green "$wiki" )" + _info "Please open this link to do authentication: $(__green "$validationUrl")" + + _info "Here is a guide for you: $(__green "$wiki")" _info "Please retry after the authentication is done." } - #_acme-challenge.www.domain.com #returns # _sub_domain=_acme-challenge.www @@ -237,18 +226,18 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - - if ! _ovh_rest GET "domain/zone/$h" ; then + + if ! _ovh_rest GET "domain/zone/$h"; then return 1 fi - - if ! _contains "$response" "This service does not exist" >/dev/null ; then + + if ! _contains "$response" "This service does not exist" >/dev/null; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -273,8 +262,7 @@ _ovh_rest() { ep="$2" data="$3" _debug $ep - - + _ovh_url="$OVH_API/$ep" _debug2 _ovh_url "$_ovh_url" _ovh_t="$(_ovh_timestamp)" @@ -283,7 +271,6 @@ _ovh_rest() { _debug _ovh_p "$_ovh_p" _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)" _debug2 _ovh_hex "$_ovh_hex" - _H1="X-Ovh-Application: $OVH_AK" _H2="X-Ovh-Signature: \$1\$$_ovh_hex" @@ -291,19 +278,17 @@ _ovh_rest() { _H3="X-Ovh-Timestamp: $_ovh_t" _H4="X-Ovh-Consumer: $OVH_CK" _H5="Content-Type: application/json;charset=utf-8" - if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] ; then + if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ]; then _debug data "$data" response="$(_post "$data" "$_ovh_url" "" $m)" else response="$(_get "$_ovh_url")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index aa7a2c4..ec82bfe 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -16,25 +16,25 @@ dns_pdns_add() { fulldomain=$1 txtvalue=$2 - if [ -z "$PDNS_Url" ] ; then + if [ -z "$PDNS_Url" ]; then _err "You don't specify PowerDNS address." _err "Please set PDNS_Url and try again." return 1 fi - if [ -z "$PDNS_ServerId" ] ; then + if [ -z "$PDNS_ServerId" ]; then _err "You don't specify PowerDNS server id." _err "Please set you PDNS_ServerId and try again." return 1 fi - if [ -z "$PDNS_Token" ] ; then + if [ -z "$PDNS_Token" ]; then _err "You don't specify PowerDNS token." _err "Please create you PDNS_Token and try again." return 1 fi - if [ -z "$PDNS_Ttl" ] ; then + if [ -z "$PDNS_Ttl" ]; then PDNS_Ttl=$DEFAULT_PDNS_TTL fi @@ -42,44 +42,42 @@ dns_pdns_add() { _saveaccountconf PDNS_Url "$PDNS_Url" _saveaccountconf PDNS_ServerId "$PDNS_ServerId" _saveaccountconf PDNS_Token "$PDNS_Token" - - if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ] ; then + + if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then _saveaccountconf PDNS_Ttl "$PDNS_Ttl" fi _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain "$_domain" - if ! set_record "$_domain" "$fulldomain" "$txtvalue" ; then + if ! set_record "$_domain" "$fulldomain" "$txtvalue"; then return 1 fi return 0 } - #fulldomain dns_pdns_rm() { fulldomain=$1 } - set_record() { _info "Adding record" root=$1 full=$2 txtvalue=$3 - if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"name\": \"$full.\", \"changetype\": \"REPLACE\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}" ; then + if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root." "{\"rrsets\": [{\"name\": \"$full.\", \"changetype\": \"REPLACE\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [{\"name\": \"$full.\", \"type\": \"TXT\", \"content\": \"\\\"$txtvalue\\\"\", \"disabled\": false, \"ttl\": $PDNS_Ttl}]}]}"; then _err "Set txt record error." return 1 fi - if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify" ; then + if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root./notify"; then _err "Notify servers error." return 1 fi @@ -95,17 +93,17 @@ _get_root() { i=1 p=1 - if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones" ; then + if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then _zones_response=$response fi - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then return 1 fi - if printf "$_zones_response" | grep "\"name\": \"$h.\"" >/dev/null ; then + if printf "$_zones_response" | grep "\"name\": \"$h.\"" >/dev/null; then _domain=$h return 0 fi @@ -124,18 +122,18 @@ _pdns_rest() { _H1="X-API-Key: $PDNS_Token" - if [ ! "$method" = "GET" ] ; then + if [ ! "$method" = "GET" ]; then _debug data "$data" response="$(_post "$data" "$PDNS_Url$ep" "" "$method")" else response="$(_get "$PDNS_Url$ep")" fi - if [ "$?" != "0" ] ; then + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 -} \ No newline at end of file +} From 439580b91beb02635ce3d76895d44970ceadb083 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 9 Nov 2016 20:01:27 +0800 Subject: [PATCH 048/100] apply shfmt to dns_dp api. --- dnsapi/dns_dp.sh | 86 ++++++++++++++++++++--------------------------- dnsapi/dns_lua.sh | 0 2 files changed, 36 insertions(+), 50 deletions(-) mode change 100644 => 100755 dnsapi/dns_lua.sh diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 4ec8da6..8861bfc 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -6,10 +6,8 @@ # #DP_Key="sADDsdasdgdsf" - DP_Api="https://dnsapi.cn" - #REST_API ######## Public functions ##################### @@ -17,27 +15,26 @@ DP_Api="https://dnsapi.cn" dns_dp_add() { fulldomain=$1 txtvalue=$2 - + if [ -z "$DP_Id" ] || [ -z "$DP_Key" ]; then _err "You don't specify dnspod api key and key id yet." _err "Please create you key and try again." return 1 fi - + REST_API=$DP_Api - + #save the api key and email to the account conf file. _saveaccountconf DP_Id "$DP_Id" _saveaccountconf DP_Key "$DP_Key" - - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi - - existing_records $_domain $_sub_domain + + existing_records $_domain $_sub_domain _debug count "$count" if [ "$?" != "0" ]; then _err "Error get existing records." @@ -51,15 +48,12 @@ dns_dp_add() { fi } - #fulldomain dns_dp_rm() { fulldomain=$1 } - - #usage: root sub #return if the sub record already exists. #echos the existing records count. @@ -68,26 +62,25 @@ existing_records() { _debug "Getting txt records" root=$1 sub=$2 - + if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&domain_id=$_domain_id&sub_domain=$_sub_domain"; then - return 1 + return 1 fi - - if printf "$response" | grep 'No records' ; then - count=0; - return 0 + + if printf "$response" | grep 'No records'; then + count=0 + return 0 fi - - if printf "$response" | grep "Action completed successful" >/dev/null ; then + + if printf "$response" | grep "Action completed successful" >/dev/null; then count=$(printf "$response" | grep 'TXT' | wc -l) record_id=$(printf "$response" | grep '^' | tail -1 | cut -d '>' -f 2 | cut -d '<' -f 1) - return 0 + return 0 else _err "get existing records error." return 1 fi - - + count=0 } @@ -98,19 +91,18 @@ add_record() { sub=$2 txtvalue=$3 fulldomain=$sub.$root - + _info "Adding record" - + if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then return 1 fi - - if printf "$response" | grep "Action completed successful" ; then - + + if printf "$response" | grep "Action completed successful"; then + return 0 fi - - + return 1 #error } @@ -121,24 +113,21 @@ update_record() { sub=$2 txtvalue=$3 fulldomain=$sub.$root - + _info "Updating record" - + if ! _rest POST "Record.Modify" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认&record_id=$record_id"; then return 1 fi - - if printf "$response" | grep "Action completed successful" ; then - + + if printf "$response" | grep "Action completed successful"; then + return 0 fi - + return 1 #error } - - - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -153,14 +142,14 @@ _get_root() { h=$(printf $domain | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - + if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&domain=$h"; then return 1 fi - - if printf "$response" | grep "Action completed successful" >/dev/null ; then + + if printf "$response" | grep "Action completed successful" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then @@ -178,7 +167,6 @@ _get_root() { return 1 } - #Usage: method URI data _rest() { m=$1 @@ -186,16 +174,16 @@ _rest() { data="$3" _debug $ep url="$REST_API/$ep" - + _debug url "$url" - + if [ "$data" ]; then _debug2 data "$data" response="$(_post $data "$url")" else response="$(_get "$url")" fi - + if [ "$?" != "0" ]; then _err "error $ep" return 1 @@ -203,5 +191,3 @@ _rest() { _debug2 response "$response" return 0 } - - diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh old mode 100644 new mode 100755 From f530a5074be442512ff7181b0c4f4a6ead293d9a Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 20:05:52 +0800 Subject: [PATCH 049/100] fix CI exit code --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6b71b4b..f363dbe 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,4 +8,4 @@ script: - curl -sSL $SHFMT_URL -o ~/shfmt - chmod +x ~/shfmt - ~/shfmt -l -w -i 2 . - - git diff --exit-code || echo "Run shfmt to fix the formatting issues" + - git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false) From 95e06de5ded62826ef503d05121eadf7f9cb6c66 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 20:45:57 +0800 Subject: [PATCH 050/100] fix for shellcheck --- acme.sh | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/acme.sh b/acme.sh index 47a4f6d..cba4905 100755 --- a/acme.sh +++ b/acme.sh @@ -119,7 +119,7 @@ _dlg_versions() { _log() { [ -z "$LOG_FILE" ] && return - _printargs "$@" >>$LOG_FILE + _printargs "$@" >>"$LOG_FILE" } _info() { @@ -229,12 +229,12 @@ _getfield() { _ffi=$_findex while [ "$_ffi" -gt "0" ]; do - _fv="$(echo "$_str" | cut -d $_sep -f $_ffi)" + _fv="$(echo "$_str" | cut -d $_sep -f "$_ffi")" if [ "$_fv" ]; then printf -- "%s" "$_fv" return 0 fi - _ffi="$(_math $_ffi - 1)" + _ffi="$(_math "$_ffi" - 1)" done printf -- "%s" "$_str" @@ -312,21 +312,21 @@ _h2b() { fi printf "\x$h" else - ic="$(printf $hex | cut -c $i)" - jc="$(printf $hex | cut -c $j)" + ic="$(printf "%s" "$hex" | cut -c $i)" + jc="$(printf "%s" "$hex" | cut -c $j)" if [ -z "$ic$jc" ]; then break fi ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" - printf '\'"$(printf %o "$(_math $ic \* 16 + $jc)")" + printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")" fi if [ "$uselet" ]; then let "i+=2" >/dev/null let "j+=2" >/dev/null else - i="$(_math $i + 2)" - j="$(_math $j + 2)" + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" fi done } @@ -419,9 +419,9 @@ _digest() { if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then if [ "$outputhex" ]; then - openssl dgst -$alg -hex | cut -d = -f 2 | tr -d ' ' + openssl dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' ' else - openssl dgst -$alg -binary | _base64 + openssl dgst -"$alg" -binary | _base64 fi else _err "$alg is not supported yet" @@ -444,9 +444,9 @@ _hmac() { if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then if [ "$outputhex" ]; then - openssl dgst -$alg -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' + openssl dgst -"$alg" -hmac "$hmac_sec" | cut -d = -f 2 | tr -d ' ' else - openssl dgst -$alg -hmac "$hmac_sec" -binary | _base64 + openssl dgst -"$alg" -hmac "$hmac_sec" -binary | _base64 fi else _err "$alg is not supported yet" @@ -516,7 +516,7 @@ _createkey() { f="$2" eccname="$length" if _startswith "$length" "ec-"; then - length=$(printf $length | cut -d '-' -f 2-100) + length=$(printf "$length" | cut -d '-' -f 2-100) if [ "$length" = "256" ]; then eccname="prime256v1" @@ -962,22 +962,22 @@ _calcjwk() { pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" - xlen="$(printf "$pubtext" | tr -d ':' | wc -c)" + xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" xlen=$(_math $xlen / 4) _debug3 xlen "$xlen" xend=$(_math "$xlen" + 1) - x="$(printf $pubtext | cut -d : -f 2-$xend)" + x="$(printf "%s" "$pubtext" | cut -d : -f 2-$xend)" _debug3 x "$x" - x64="$(printf $x | tr -d : | _h2b | _base64 | _urlencode)" + x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)" _debug3 x64 "$x64" xend=$(_math "$xend" + 1) - y="$(printf $pubtext | cut -d : -f $xend-10000)" + y="$(printf "%s" "$pubtext" | cut -d : -f $xend-10000)" _debug3 y "$y" - y64="$(printf $y | tr -d : | _h2b | _base64 | _urlencode)" + y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)" _debug3 y64 "$y64" jwk='{"crv": "'$crv'", "kty": "EC", "x": "'$x64'", "y": "'$y64'"}' @@ -1240,7 +1240,7 @@ _send_signed_request() { protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2" _debug3 protected "$protected" - protected64="$(printf "$protected" | _base64 | _urlencode)" + protected64="$(printf "%s" "$protected" | _base64 | _urlencode)" _debug3 protected64 "$protected64" if ! _sig_t="$(printf "%s" "$protected64.$payload64" | _sign "$keyfile" "sha256")"; then @@ -2392,7 +2392,7 @@ issue() { if [ -f "$DOMAIN_CONF" ]; then Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) _debug Le_NextRenewTime "$Le_NextRenewTime" - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ $(_time) -lt $Le_NextRenewTime ]; then + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _saved_domain=$(_readdomainconf Le_Domain) _debug _saved_domain "$_saved_domain" _saved_alt=$(_readdomainconf Le_Alt) @@ -2529,7 +2529,7 @@ issue() { keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" - if printf "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then _info "$d is already verified, skip." keyauthorization=$STATE_VERIFIED _debug keyauthorization "$keyauthorization" From f9a6988ece012b5291ae47374afb2bacadd1425a Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 21:06:22 +0800 Subject: [PATCH 051/100] fix for shellcheck --- acme.sh | 57 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/acme.sh b/acme.sh index cba4905..16fb1b0 100755 --- a/acme.sh +++ b/acme.sh @@ -306,7 +306,7 @@ _h2b() { _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" while true; do if [ -z "$_URGLY_PRINTF" ]; then - h="$(printf $hex | cut -c $i-$j)" + h="$(printf "%s" "$hex" | cut -c $i-$j)" if [ -z "$h" ]; then break fi @@ -479,7 +479,7 @@ _sign() { if ! _signedECText="$($_sign_openssl | openssl asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" - _err "Key content:$(cat "$keyfile" | wc -l) lises" + _err "Key content:$(wc -l <"$keyfile") lises" return 1 fi _debug3 "_signedECText" "$_signedECText" @@ -516,7 +516,7 @@ _createkey() { f="$2" eccname="$length" if _startswith "$length" "ec-"; then - length=$(printf "$length" | cut -d '-' -f 2-100) + length=$(printf "%s" "$length" | cut -d '-' -f 2-100) if [ "$length" = "256" ]; then eccname="prime256v1" @@ -608,10 +608,10 @@ _createcsr() { #single domain _info "Single domain" "$domain" else - domainlist="$(_idn $domainlist)" + domainlist="$(_idn "$domainlist")" _debug2 domainlist "$domainlist" if _contains "$domainlist" ","; then - alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" + alt="DNS:$(echo "$domainlist" | sed "s/,/,DNS:/g")" else alt="DNS:$domainlist" fi @@ -803,7 +803,7 @@ createDomainKey() { length="$DEFAULT_DOMAIN_KEY_LENGTH" fi - _initpath $domain "$length" + _initpath "$domain" "$length" if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then _createkey "$length" "$CERT_KEY_PATH" @@ -849,18 +849,17 @@ createCSR() { } _urlencode() { - __n=$(cat) - echo $__n | tr '/+' '_-' | tr -d '= ' + tr '/+' '_-' | tr -d '= ' } _time2str() { #BSD - if date -u -d@$1 2>/dev/null; then + if date -u -d@"$1" 2>/dev/null; then return fi #Linux - if date -u -r $1 2>/dev/null; then + if date -u -r "$1" 2>/dev/null; then return fi @@ -905,16 +904,16 @@ _calcjwk() { EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "RSA key" - pub_exp=$(openssl rsa -in $keyfile -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) + pub_exp=$(openssl rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) if [ "${#pub_exp}" = "5" ]; then pub_exp=0$pub_exp fi _debug3 pub_exp "$pub_exp" - e=$(echo $pub_exp | _h2b | _base64) + e=$(echo "$pub_exp" | _h2b | _base64) _debug3 e "$e" - modulus=$(openssl rsa -in $keyfile -modulus -noout | cut -d '=' -f 2) + modulus=$(openssl rsa -in "$keyfile" -modulus -noout | cut -d '=' -f 2) _debug3 modulus "$modulus" n="$(printf "%s" "$modulus" | _h2b | _base64 | _urlencode)" jwk='{"e": "'$e'", "kty": "RSA", "n": "'$n'"}' @@ -926,12 +925,12 @@ _calcjwk() { elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "EC key" EC_SIGN="1" - crv="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" if [ -z "$crv" ]; then _debug "Let's try ASN1 OID" - crv_oid="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" + crv_oid="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^ASN1 OID:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv_oid "$crv_oid" case "${crv_oid}" in "prime256v1") @@ -951,15 +950,15 @@ _calcjwk() { _debug3 crv "$crv" fi - pubi="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" + pubi="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" pubi=$(_math $pubi + 1) _debug3 pubi "$pubi" - pubj="$(openssl ec -in $keyfile -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" + pubj="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" pubj=$(_math $pubj - 1) _debug3 pubj "$pubj" - pubtext="$(openssl ec -in $keyfile -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" + pubtext="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" @@ -967,14 +966,14 @@ _calcjwk() { _debug3 xlen "$xlen" xend=$(_math "$xlen" + 1) - x="$(printf "%s" "$pubtext" | cut -d : -f 2-$xend)" + x="$(printf "%s" "$pubtext" | cut -d : -f 2-"$xend")" _debug3 x "$x" x64="$(printf "%s" "$x" | tr -d : | _h2b | _base64 | _urlencode)" _debug3 x64 "$x64" xend=$(_math "$xend" + 1) - y="$(printf "%s" "$pubtext" | cut -d : -f $xend-10000)" + y="$(printf "%s" "$pubtext" | cut -d : -f "$xend"-10000)" _debug3 y "$y" y64="$(printf "%s" "$y" | tr -d : | _h2b | _base64 | _urlencode)" @@ -1148,9 +1147,9 @@ _get() { fi _debug "_CURL" "$_CURL" if [ "$onlyheader" ]; then - $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url + $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url" else - $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $url + $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url" fi ret=$? if [ "$ret" != "0" ]; then @@ -1167,9 +1166,9 @@ _get() { fi _debug "_WGET" "$_WGET" if [ "$onlyheader" ]; then - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null $url 2>&1 | sed 's/^[ ]*//g' + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g' else - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - "$url" fi ret=$? if [ "$_ret" = "8" ]; then @@ -1192,9 +1191,9 @@ _head_n() { } _tail_n() { - if ! tail -n $1 2>/dev/null; then + if ! tail -n "$1" 2>/dev/null; then #fix for solaris - tail -$1 + tail -"$1" fi } @@ -1207,7 +1206,7 @@ _send_signed_request() { if [ -z "$keyfile" ]; then keyfile="$ACCOUNT_KEY_PATH" fi - _debug url $url + _debug url "$url" _debug payload "$payload" if ! _calcjwk "$keyfile"; then @@ -1215,7 +1214,7 @@ _send_signed_request() { fi payload64=$(printf "%s" "$payload" | _base64 | _urlencode) - _debug3 payload64 $payload64 + _debug3 payload64 "$payload64" if [ -z "$_CACHED_NONCE" ]; then _debug2 "Get nonce." @@ -1255,7 +1254,7 @@ _send_signed_request() { body="{\"header\": $JWK_HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}" _debug3 body "$body" - response="$(_post "$body" $url "$needbase64")" + response="$(_post "$body" "$url" "$needbase64")" _CACHED_NONCE="" if [ "$?" != "0" ]; then _err "Can not post to $url" From 79a267ab08c70912de7a9c040faa32554b5243ce Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 21:18:47 +0800 Subject: [PATCH 052/100] fix for shellcheck --- acme.sh | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/acme.sh b/acme.sh index 16fb1b0..71742fa 100755 --- a/acme.sh +++ b/acme.sh @@ -951,18 +951,18 @@ _calcjwk() { fi pubi="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n pub: | cut -d : -f 1)" - pubi=$(_math $pubi + 1) + pubi=$(_math "$pubi" + 1) _debug3 pubi "$pubi" pubj="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep -n "ASN1 OID:" | cut -d : -f 1)" - pubj=$(_math $pubj - 1) + pubj=$(_math "$pubj" - 1) _debug3 pubj "$pubj" pubtext="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | sed -n "$pubi,${pubj}p" | tr -d " \n\r")" _debug3 pubtext "$pubtext" xlen="$(printf "%s" "$pubtext" | tr -d ':' | wc -c)" - xlen=$(_math $xlen / 4) + xlen=$(_math "$xlen" / 4) _debug3 xlen "$xlen" xend=$(_math "$xlen" + 1) @@ -1135,7 +1135,7 @@ _get() { url="$1" onlyheader="$2" t="$3" - _debug url $url + _debug url "$url" _debug "timeout" "$t" _inithttp @@ -1187,7 +1187,7 @@ _get() { } _head_n() { - head -n $1 + head -n "$1" } _tail_n() { @@ -1219,7 +1219,7 @@ _send_signed_request() { if [ -z "$_CACHED_NONCE" ]; then _debug2 "Get nonce." nonceurl="$API/directory" - _headers="$(_get $nonceurl "onlyheader")" + _headers="$(_get "$nonceurl" "onlyheader")" if [ "$?" != "0" ]; then _err "Can not connect to $nonceurl to get nonce." @@ -1268,8 +1268,8 @@ _send_signed_request() { _debug2 responseHeaders "$responseHeaders" _debug2 response "$response" - code="$(grep "^HTTP" $HTTP_HEADER | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")" - _debug code $code + code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")" + _debug code "$code" _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" @@ -1293,23 +1293,23 @@ _setopt() { if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then _debug3 OK if _contains "$__val" "&"; then - __val="$(echo $__val | sed 's/&/\\&/g')" + __val="$(echo "$__val" | sed 's/&/\\&/g')" fi - text="$(cat $__conf)" + text="$(cat "$__conf")" echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf" elif grep -n "^#$__opt$__sep" "$__conf" >/dev/null; then if _contains "$__val" "&"; then - __val="$(echo $__val | sed 's/&/\\&/g')" + __val="$(echo "$__val" | sed 's/&/\\&/g')" fi - text="$(cat $__conf)" + text="$(cat "$__conf")" echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf" else _debug3 APP echo "$__opt$__sep$__val$__end" >>"$__conf" fi - _debug2 "$(grep -n "^$__opt$__sep" $__conf)" + _debug2 "$(grep -n "^$__opt$__sep" "$__conf")" } #_save_conf file key value @@ -1342,7 +1342,7 @@ _read_conf() { _sdkey="$2" if [ -f "$_r_c_f" ]; then ( - eval $(grep "^$_sdkey *=" "$_r_c_f") + eval "$(grep "^$_sdkey *=" "$_r_c_f")" eval "printf \"%s\" \"\$$_sdkey\"" ) else @@ -1493,7 +1493,7 @@ _sleep() { while [ "$_sleep_c" -ge "0" ]; do printf "\r \r" __green "$_sleep_c" - _sleep_c="$(_math $_sleep_c - 1)" + _sleep_c="$(_math "$_sleep_c" - 1)" sleep 1 done printf "\r" @@ -1816,7 +1816,7 @@ _apachePath() { if [ "$APACHE_HTTPD_CONF" ]; then _saveaccountconf APACHE_HTTPD_CONF "$APACHE_HTTPD_CONF" httpdconf="$APACHE_HTTPD_CONF" - httpdconfname="$(basename $httpdconfname)" + httpdconfname="$(basename "$httpdconfname")" else httpdconfname="$($_APACHECTL -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | tr -d '"')" _debug httpdconfname "$httpdconfname" @@ -1828,12 +1828,12 @@ _apachePath() { if _startswith "$httpdconfname" '/'; then httpdconf="$httpdconfname" - httpdconfname="$(basename $httpdconfname)" + httpdconfname="$(basename "$httpdconfname")" else httpdroot="$($_APACHECTL -V | grep HTTPD_ROOT= | cut -d = -f 2 | tr -d '"')" _debug httpdroot "$httpdroot" httpdconf="$httpdroot/$httpdconfname" - httpdconfname="$(basename $httpdconfname)" + httpdconfname="$(basename "$httpdconfname")" fi fi _debug httpdconf "$httpdconf" @@ -1974,10 +1974,10 @@ _clearupdns() { ventries=$(echo "$vlist" | tr ',' ' ') for ventry in $ventries; do - d=$(echo $ventry | cut -d $sep -f 1) - keyauthorization=$(echo $ventry | cut -d $sep -f 2) - vtype=$(echo $ventry | cut -d $sep -f 4) - _currentRoot=$(echo $ventry | cut -d $sep -f 5) + d=$(echo "$ventry" | cut -d $sep -f 1) + keyauthorization=$(echo "$ventry" | cut -d $sep -f 2) + vtype=$(echo "$ventry" | cut -d $sep -f 4) + _currentRoot=$(echo "$ventry" | cut -d $sep -f 5) if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." From 0c944a03fee3212e83ca3a6b9b9b1ffbd4c298c5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 21:26:35 +0800 Subject: [PATCH 053/100] fix shellcheck warnings --- acme.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index 71742fa..9be912b 100755 --- a/acme.sh +++ b/acme.sh @@ -1429,11 +1429,11 @@ _startserver() { if _contains "$nchelp" "nmap.org"; then _debug "Using ncat: nmap.org" if [ "$DEBUG" ]; then - if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort; then + if printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort; then return fi else - if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort >/dev/null 2>&1; then + if printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort >/dev/null 2>&1; then return fi fi @@ -1442,12 +1442,12 @@ _startserver() { # while true ; do if [ "$DEBUG" ]; then - if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort; then - printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort + if ! printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC -p $Le_HTTPPort; then + printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort fi else - if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then - printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort >/dev/null 2>&1 + if ! printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then + printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort >/dev/null 2>&1 fi fi if [ "$?" != "0" ]; then From d5ec5f80ffbdaa37a90c32d6613140b7d806db26 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 21:44:46 +0800 Subject: [PATCH 054/100] fix shellcheck warnings --- acme.sh | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/acme.sh b/acme.sh index 9be912b..17746db 100755 --- a/acme.sh +++ b/acme.sh @@ -1429,11 +1429,11 @@ _startserver() { if _contains "$nchelp" "nmap.org"; then _debug "Using ncat: nmap.org" if [ "$DEBUG" ]; then - if printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort; then + if printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC "$Le_HTTPPort"; then return fi else - if printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort >/dev/null 2>&1; then + if printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC "$Le_HTTPPort" >/dev/null 2>&1; then return fi fi @@ -1442,12 +1442,12 @@ _startserver() { # while true ; do if [ "$DEBUG" ]; then - if ! printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC -p $Le_HTTPPort; then - printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort + if ! printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC -p "$Le_HTTPPort"; then + printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC "$Le_HTTPPort" fi else - if ! printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC -p $Le_HTTPPort >/dev/null 2>&1; then - printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC $Le_HTTPPort >/dev/null 2>&1 + if ! printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC -p "$Le_HTTPPort" >/dev/null 2>&1; then + printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $_NC "$Le_HTTPPort" >/dev/null 2>&1 fi fi if [ "$?" != "0" ]; then @@ -1555,14 +1555,14 @@ _starttlsserver() { #start openssl _debug "$__S_OPENSSL" if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then - (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL -tlsextdebug) & + (printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $__S_OPENSSL -tlsextdebug) & else - (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL >/dev/null 2>&1) & + (printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $__S_OPENSSL >/dev/null 2>&1) & fi serverproc="$!" sleep 1 - _debug serverproc $serverproc + _debug serverproc "$serverproc" } #file @@ -1998,20 +1998,20 @@ _clearupdns() { fi ( - if ! . $d_api; then + if ! . "$d_api"; then _err "Load file $d_api error. Please check your api file and try again." return 1 fi rmcommand="${_currentRoot}_rm" - if ! _exists $rmcommand; then + if ! _exists "$rmcommand"; then _err "It seems that your api file doesn't define $rmcommand" return 1 fi txtdomain="_acme-challenge.$d" - if ! $rmcommand $txtdomain; then + if ! $rmcommand "$txtdomain"; then _err "Error removing txt for domain:$txtdomain" return 1 fi @@ -2067,7 +2067,7 @@ _on_before_issue() { _currentRoot="" _addrIndex=1 for d in $alldomains; do - _debug "Check for domain" $d + _debug "Check for domain" "$d" _currentRoot="$(_getfield "$Le_Webroot" $_index)" _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) @@ -3128,7 +3128,7 @@ list() { _sep="|" if [ "$_raw" ]; then - printf "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew\n" + printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew" for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do d=$(echo $d | cut -d '/' -f 1) ( @@ -3139,7 +3139,7 @@ list() { _initpath $d "$_isEcc" if [ -f "$DOMAIN_CONF" ]; then . "$DOMAIN_CONF" - printf "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr\n" + printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr" fi ) done @@ -3603,7 +3603,7 @@ _initconf() { #PDNS_Token=\"0123456789ABCDEF\" #PDNS_Ttl=60 - " >$ACCOUNT_CONF_PATH + " >"$ACCOUNT_CONF_PATH" fi } @@ -3747,7 +3747,7 @@ install() { chmod 700 "$LE_WORKING_DIR" - cp $PROJECT_ENTRY "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" + cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" if [ "$?" != "0" ]; then _err "Install failed, can not copy $PROJECT_ENTRY" @@ -3760,8 +3760,8 @@ install() { for subf in $_SUB_FOLDERS; do if [ -d "$subf" ]; then - mkdir -p $LE_WORKING_DIR/$subf - cp $subf/* $LE_WORKING_DIR/$subf/ + mkdir -p "$LE_WORKING_DIR/$subf" + cp "$subf"/* "$LE_WORKING_DIR"/"$subf"/ fi done @@ -3814,7 +3814,7 @@ uninstall() { _uninstallalias - rm -f $LE_WORKING_DIR/$PROJECT_ENTRY + rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY" _info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself." } @@ -3825,21 +3825,21 @@ _uninstallalias() { _profile="$(_detect_profile)" if [ "$_profile" ]; then _info "Uninstalling alias from: '$_profile'" - text="$(cat $_profile)" + text="$(cat "$_profile")" echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.env\"$||" >"$_profile" fi _csh_profile="$HOME/.cshrc" if [ -f "$_csh_profile" ]; then _info "Uninstalling alias from: '$_csh_profile'" - text="$(cat $_csh_profile)" + text="$(cat "$_csh_profile")" echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" >"$_csh_profile" fi _tcsh_profile="$HOME/.tcshrc" if [ -f "$_tcsh_profile" ]; then _info "Uninstalling alias from: '$_csh_profile'" - text="$(cat $_tcsh_profile)" + text="$(cat "$_tcsh_profile")" echo "$text" | sed "s|^.*\"$LE_WORKING_DIR/$PROJECT_NAME.csh\"$||" >"$_tcsh_profile" fi @@ -3856,7 +3856,7 @@ cron() { return 1 fi ) - . $LE_WORKING_DIR/$PROJECT_ENTRY >/dev/null + . "$LE_WORKING_DIR/$PROJECT_ENTRY" >/dev/null if [ -t 1 ]; then __INTERACTIVE="1" @@ -4330,7 +4330,7 @@ _process() { HTTPS_INSECURE="1" ;; --ca-bundle) - _ca_bundle="$(readlink -f $2)" + _ca_bundle="$(readlink -f "$2")" CA_BUNDLE="$_ca_bundle" shift ;; From ca7202eb0a6a416cc4a2c8c243e5d07c44005c7c Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 21:56:50 +0800 Subject: [PATCH 055/100] fix shellcheck warnings --- acme.sh | 60 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/acme.sh b/acme.sh index 17746db..1285e54 100755 --- a/acme.sh +++ b/acme.sh @@ -2195,7 +2195,7 @@ registeraccount() { } __calcAccountKeyHash() { - [ -f "$ACCOUNT_KEY_PATH" ] && cat "$ACCOUNT_KEY_PATH" | _digest sha256 + [ -f "$ACCOUNT_KEY_PATH" ] && _digest sha256 <"$ACCOUNT_KEY_PATH" } #keylength @@ -2244,7 +2244,7 @@ _regAccount() { fi if [ "$code" = "" ] || [ "$code" = '201' ]; then - echo "$response" >$ACCOUNT_JSON_PATH + echo "$response" >"$ACCOUNT_JSON_PATH" _info "Registered" elif [ "$code" = '409' ]; then _info "Already registered" @@ -2384,7 +2384,7 @@ issue() { _debug "Using api: $API" if [ ! "$IS_RENEW" ]; then - _initpath $Le_Domain "$Le_Keylength" + _initpath "$Le_Domain" "$Le_Keylength" mkdir -p "$DOMAIN_PATH" fi @@ -2455,7 +2455,7 @@ issue() { _key=$(_readdomainconf Le_Keylength) _debug "Read key length:$_key" if [ ! -f "$CERT_KEY_PATH" ] || [ "$Le_Keylength" != "$_key" ]; then - if ! createDomainKey $Le_Domain $Le_Keylength; then + if ! createDomainKey "$Le_Domain" "$Le_Keylength"; then _err "Create domain key error." _clearup _on_issue_err @@ -2482,7 +2482,7 @@ issue() { _index=1 _currentRoot="" for d in $alldomains; do - _info "Getting webroot for domain" $d + _info "Getting webroot for domain" "$d" _w="$(echo $Le_Webroot | cut -d , -f $_index)" _info _w "$_w" if [ "$_w" ]; then @@ -2520,17 +2520,17 @@ issue() { return 1 fi token="$(printf "%s\n" "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" - _debug token $token + _debug token "$token" uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" - _debug uri $uri + _debug uri "$uri" keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then _info "$d is already verified, skip." - keyauthorization=$STATE_VERIFIED + keyauthorization="$STATE_VERIFIED" _debug keyauthorization "$keyauthorization" fi @@ -2545,10 +2545,10 @@ issue() { dnsadded="" ventries=$(echo "$vlist" | tr ',' ' ') for ventry in $ventries; do - d=$(echo $ventry | cut -d $sep -f 1) - keyauthorization=$(echo $ventry | cut -d $sep -f 2) - vtype=$(echo $ventry | cut -d $sep -f 4) - _currentRoot=$(echo $ventry | cut -d $sep -f 5) + d=$(echo "$ventry" | cut -d "$sep" -f 1) + keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) + vtype=$(echo "$ventry" | cut -d "$sep" -f 4) + _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." @@ -2578,18 +2578,18 @@ issue() { fi ( - if ! . $d_api; then + if ! . "$d_api"; then _err "Load file $d_api error. Please check your api file and try again." return 1 fi addcommand="${_currentRoot}_add" - if ! _exists $addcommand; then + if ! _exists "$addcommand"; then _err "It seems that your api file is not correct, it must have a function named: $addcommand" return 1 fi - if ! $addcommand $txtdomain $txt; then + if ! $addcommand "$txtdomain" "$txt"; then _err "Error add txt for domain:$txtdomain" return 1 fi @@ -2617,13 +2617,13 @@ issue() { if [ "$dnsadded" = '1' ]; then if [ -z "$Le_DNSSleep" ]; then - Le_DNSSleep=$DEFAULT_DNS_SLEEP + Le_DNSSleep="$DEFAULT_DNS_SLEEP" else _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" fi _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect" - _sleep $Le_DNSSleep + _sleep "$Le_DNSSleep" fi _debug "ok, let's start to verify" @@ -2631,11 +2631,11 @@ issue() { _ncIndex=1 ventries=$(echo "$vlist" | tr ',' ' ') for ventry in $ventries; do - d=$(echo $ventry | cut -d $sep -f 1) - keyauthorization=$(echo $ventry | cut -d $sep -f 2) - uri=$(echo $ventry | cut -d $sep -f 3) - vtype=$(echo $ventry | cut -d $sep -f 4) - _currentRoot=$(echo $ventry | cut -d $sep -f 5) + d=$(echo "$ventry" | cut -d "$sep" -f 1) + keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) + uri=$(echo "$ventry" | cut -d "$sep" -f 3) + vtype=$(echo "$ventry" | cut -d "$sep" -f 4) + _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." @@ -2664,7 +2664,7 @@ issue() { fi serverproc="$!" sleep 1 - _debug serverproc $serverproc + _debug serverproc "$serverproc" else if [ "$_currentRoot" = "apache" ]; then @@ -2697,7 +2697,7 @@ issue() { if [ ! "$usingApache" ]; then if webroot_owner=$(_stat $_currentRoot); then _debug "Changing owner/group of .well-known to $webroot_owner" - chown -R $webroot_owner "$_currentRoot/.well-known" + chown -R "$webroot_owner" "$_currentRoot/.well-known" else _debug "not chaning owner/group of webroot" fi @@ -2740,7 +2740,7 @@ issue() { fi fi - if ! _send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"; then + if ! _send_signed_request "$uri" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"; then _err "$d:Can not get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup @@ -2790,7 +2790,7 @@ issue() { status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') if [ "$status" = "valid" ]; then _info "Success" - _stopserver $serverproc + _stopserver "$serverproc" serverproc="" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" break @@ -2909,7 +2909,7 @@ issue() { _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ] || [ "$Le_RenewalDays" -gt "$MAX_RENEW" ]; then - Le_RenewalDays=$MAX_RENEW + Le_RenewalDays="$MAX_RENEW" else _savedomainconf "Le_RenewalDays" "$Le_RenewalDays" fi @@ -2934,12 +2934,12 @@ issue() { _cleardomainconf Le_Listen_V4 fi - Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) + Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60) - Le_NextRenewTimeStr=$(_time2str $Le_NextRenewTime) + Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" - Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) + Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" _on_issue_success From 0c538f7527fdf8d9a8517c21ad02fd814f85df9a Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 22:07:32 +0800 Subject: [PATCH 056/100] fix shellcheck warnings --- acme.sh | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/acme.sh b/acme.sh index 1285e54..1ea1cbf 100755 --- a/acme.sh +++ b/acme.sh @@ -901,7 +901,6 @@ _calcjwk() { return 0 fi - EC_SIGN="" if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "RSA key" pub_exp=$(openssl rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) @@ -924,7 +923,6 @@ _calcjwk() { JWK_HEADERPLACE_PART2='", "alg": "RS256", "jwk": '$jwk'}' elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then _debug "EC key" - EC_SIGN="1" crv="$(openssl ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" @@ -1974,10 +1972,10 @@ _clearupdns() { ventries=$(echo "$vlist" | tr ',' ' ') for ventry in $ventries; do - d=$(echo "$ventry" | cut -d $sep -f 1) - keyauthorization=$(echo "$ventry" | cut -d $sep -f 2) - vtype=$(echo "$ventry" | cut -d $sep -f 4) - _currentRoot=$(echo "$ventry" | cut -d $sep -f 5) + d=$(echo "$ventry" | cut -d "$sep" -f 1) + keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) + vtype=$(echo "$ventry" | cut -d "$sep" -f 4) + _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then _info "$d is already verified, skip $vtype." @@ -1989,7 +1987,7 @@ _clearupdns() { continue fi - d_api="$(_findHook $d dnsapi $_currentRoot)" + d_api="$(_findHook "$d" dnsapi "$_currentRoot")" _debug d_api "$d_api" if [ -z "$d_api" ]; then @@ -2562,7 +2560,7 @@ issue() { txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _urlencode)" _debug txt "$txt" - d_api="$(_findHook $d dnsapi $_currentRoot)" + d_api="$(_findHook "$d" dnsapi "$_currentRoot")" _debug d_api "$d_api" @@ -2570,8 +2568,8 @@ issue() { _info "Found domain api file: $d_api" else _err "Add the following TXT record:" - _err "Domain: '$(__green $txtdomain)'" - _err "TXT value: '$(__green $txt)'" + _err "Domain: '$(__green "$txtdomain")'" + _err "TXT value: '$(__green "$txt")'" _err "Please be aware that you prepend _acme-challenge. before your domain" _err "so the resulting subdomain will be: $txtdomain" continue @@ -2717,11 +2715,11 @@ issue() { #_debug2 _SAN_A "$_SAN_A" #create B - _hash_B="$(printf "%s" $keyauthorization | _digest "sha256" "hex")" + _hash_B="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")" _debug2 _hash_B "$_hash_B" - _x="$(echo $_hash_B | cut -c 1-32)" + _x="$(echo "$_hash_B" | cut -c 1-32)" _debug2 _x "$_x" - _y="$(echo $_hash_B | cut -c 33-64)" + _y="$(echo "$_hash_B" | cut -c 33-64)" _debug2 _y "$_y" #_SAN_B="$_x.$_y.ka.acme.invalid" @@ -2730,7 +2728,7 @@ issue() { _debug2 _SAN_B "$_SAN_B" _ncaddr="$(_getfield "$Le_LocalAddress" "$_ncIndex")" - _ncIndex="$(_math $_ncIndex + 1)" + _ncIndex="$(_math "$_ncIndex" + 1)" if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then _err "Start tls server error." _clearupwebbroot "$_currentRoot" "$removelevel" "$token" @@ -2762,7 +2760,7 @@ issue() { fi while true; do - waittimes=$(_math $waittimes + 1) + waittimes=$(_math "$waittimes" + 1) if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ]; then _err "$d:Timeout" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" @@ -2843,7 +2841,7 @@ issue() { fi _rcert="$response" - Le_LinkCert="$(grep -i '^Location.*$' $HTTP_HEADER | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" + Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" _savedomainconf "Le_LinkCert" "$Le_LinkCert" if [ "$Le_LinkCert" ]; then @@ -2878,7 +2876,7 @@ issue() { fi if [ -z "$Le_LinkCert" ]; then - response="$(echo $response | _dbase64 "multiline" | _normalizeJson)" + response="$(echo "$response" | _dbase64 "multiline" | _normalizeJson)" _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" _on_issue_err return 1 @@ -2886,7 +2884,7 @@ issue() { _cleardomainconf "Le_Vlist" - Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | _head_n 1 | cut -d " " -f 2 | cut -d ';' -f 1 | tr -d '<>') + Le_LinkIssuer=$(grep -i '^Link' "$HTTP_HEADER" | _head_n 1 | cut -d " " -f 2 | cut -d ';' -f 1 | tr -d '<>') if ! _contains "$Le_LinkIssuer" ":"; then Le_LinkIssuer="$API$Le_LinkIssuer" fi From e799ef2977a829a875851e54f5063bf43564e565 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 22:09:30 +0800 Subject: [PATCH 057/100] fix shellcheck warnings. --- acme.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index 1ea1cbf..f983ea7 100755 --- a/acme.sh +++ b/acme.sh @@ -2958,7 +2958,7 @@ renew() { _isEcc="$2" - _initpath $Le_Domain "$_isEcc" + _initpath "$Le_Domain" "$_isEcc" _info "$(__green "Renew: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then @@ -2979,24 +2979,24 @@ renew() { if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" _info "Add '$(__red '--force')' to force to renew." - return $RENEW_SKIP + return "$RENEW_SKIP" fi IS_RENEW="1" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" - res=$? + res="$?" if [ "$res" != "0" ]; then - return $res + return "$res" fi if [ "$Le_DeployHook" ]; then - deploy $Le_Domain "$Le_DeployHook" "$Le_Keylength" - res=$? + deploy "$Le_Domain" "$Le_DeployHook" "$Le_Keylength" + res="$?" fi IS_RENEW="" - return $res + return "$res" } #renewAll [stopRenewOnError] From 201aa24448531de8020334f4aa5320d975cd2ff8 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 22:28:12 +0800 Subject: [PATCH 058/100] fix shellcheck warnings. --- acme.sh | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/acme.sh b/acme.sh index f983ea7..b1e5ecb 100755 --- a/acme.sh +++ b/acme.sh @@ -227,9 +227,9 @@ _getfield() { _sep="," fi - _ffi=$_findex + _ffi="$_findex" while [ "$_ffi" -gt "0" ]; do - _fv="$(echo "$_str" | cut -d $_sep -f "$_ffi")" + _fv="$(echo "$_str" | cut -d "$_sep" -f "$_ffi")" if [ "$_fv" ]; then printf -- "%s" "$_fv" return 0 @@ -3006,12 +3006,14 @@ renewAll() { _debug "_stopRenewOnError" "$_stopRenewOnError" _ret="0" - for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do - d=$(echo $d | cut -d '/' -f 1) + for d in "${CERT_HOME}"/*.*/; do + _debug d "$d" + d=$(basename "$d") + _debug d "$d" ( - if _endswith $d "$ECC_SUFFIX"; then - _isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2) - d=$(echo $d | cut -d "$ECC_SEP" -f 1) + if _endswith "$d" "$ECC_SUFFIX"; then + _isEcc=$(echo "$d" | cut -d "$ECC_SEP" -f 2) + d=$(echo "$d" | cut -d "$ECC_SEP" -f 1) fi renew "$d" "$_isEcc" ) @@ -3022,14 +3024,14 @@ renewAll() { _info "Skipped $d" elif [ "$_stopRenewOnError" ]; then _err "Error renew $d, stop now." - return $rc + return "$rc" else _ret="$rc" _err "Error renew $d, Go ahead to next one." fi fi done - return $_ret + return "$_ret" } #csr webroot @@ -3127,12 +3129,13 @@ list() { _sep="|" if [ "$_raw" ]; then printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew" - for d in $(ls -F ${CERT_HOME}/ | grep [^.].*[.].*/$); do - d=$(echo $d | cut -d '/' -f 1) + for d in "${CERT_HOME}"/*.*/; do + d=$(basename "$d") + _debug d "$d" ( - if _endswith $d "$ECC_SUFFIX"; then - _isEcc=$(echo $d | cut -d "$ECC_SEP" -f 2) - d=$(echo $d | cut -d "$ECC_SEP" -f 1) + if _endswith "$d" "$ECC_SUFFIX"; then + _isEcc=$(echo "$d" | cut -d "$ECC_SEP" -f 2) + d=$(echo "$d" | cut -d "$ECC_SEP" -f 1) fi _initpath $d "$_isEcc" if [ -f "$DOMAIN_CONF" ]; then From 44edb2bd2ffa738bb98d31c53588693dd5ca341a Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 22:35:30 +0800 Subject: [PATCH 059/100] fix shellcheck warnings --- acme.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/acme.sh b/acme.sh index b1e5ecb..e4c377d 100755 --- a/acme.sh +++ b/acme.sh @@ -1878,7 +1878,7 @@ _setApache() { #test the conf first _info "Checking if there is an error in the apache config file before starting." - if ! _exec $_APACHECTL -t >/dev/null; then + if ! _exec "$_APACHECTL" -t >/dev/null; then _exec_err _err "The apache config file has error, please fix it first, then try again." _err "Don't worry, there is nothing changed to your system." @@ -1940,7 +1940,7 @@ Allow from all chmod 755 "$ACME_DIR" fi - if ! _exec $_APACHECTL graceful; then + if ! _exec "$_APACHECTL" graceful; then _exec_err _err "$_APACHECTL graceful error, please contact me." _restoreApache @@ -1951,7 +1951,7 @@ Allow from all } _clearup() { - _stopserver $serverproc + _stopserver "$serverproc" serverproc="" _restoreApache _clearupdns @@ -2693,7 +2693,7 @@ issue() { fi if [ ! "$usingApache" ]; then - if webroot_owner=$(_stat $_currentRoot); then + if webroot_owner=$(_stat "$_currentRoot"); then _debug "Changing owner/group of .well-known to $webroot_owner" chown -R "$webroot_owner" "$_currentRoot/.well-known" else @@ -2772,7 +2772,7 @@ issue() { _debug "sleep 2 secs to verify" sleep 2 _debug "checking" - response="$(_get $uri)" + response="$(_get "$uri")" if [ "$?" != "0" ]; then _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" @@ -3663,9 +3663,9 @@ _installalias() { _envfile="$LE_WORKING_DIR/$PROJECT_ENTRY.env" if [ "$_upgrading" ] && [ "$_upgrading" = "1" ]; then - echo "$(cat $_envfile)" | sed "s|^LE_WORKING_DIR.*$||" >"$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.*$||" >"$_envfile" - echo "$(cat $_envfile)" | sed "s|^alias le.sh.*$||" >"$_envfile" + echo "$(cat "$_envfile")" | sed "s|^LE_WORKING_DIR.*$||" >"$_envfile" + echo "$(cat "$_envfile")" | sed "s|^alias le.*$||" >"$_envfile" + echo "$(cat "$_envfile")" | sed "s|^alias le.sh.*$||" >"$_envfile" fi _setopt "$_envfile" "export LE_WORKING_DIR" "=" "\"$LE_WORKING_DIR\"" From b9091e14b370db69747ec5538005fbe68dec2122 Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 7 Nov 2016 21:50:59 +0100 Subject: [PATCH 060/100] adding DNSMadeEasy API --- README.md | 1 + dnsapi/README.md | 19 ++++++ dnsapi/dns_me.sh | 148 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 168 insertions(+) create mode 100755 dnsapi/dns_me.sh diff --git a/README.md b/README.md index 79b5a52..104532b 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,7 @@ You don't have do anything manually! 8. lexicon dns api: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api (DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) 9. LuaDNS.com API +10. DNSMadeEasy.com API ##### More APIs are coming soon... diff --git a/dnsapi/README.md b/dnsapi/README.md index 1976911..7eff6de 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -154,4 +154,23 @@ acme.sh --issue --dns dns_lua --dnssleep 3 -d example.com -d www.example.c The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. +## Use DNSMadeEasy domain API + +Get your API credentials at https://cp.dnsmadeeasy.com/account/info + +``` +export ME_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" + +export ME_Secret="qdfqsdfkjdskfj" + +``` + +To issue a cert: +``` +acme.sh --issue --dns dns_me --dnssleep 3 -d example.com -d www.example.com +``` + +The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. + + diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh new file mode 100755 index 0000000..fffd8d4 --- /dev/null +++ b/dnsapi/dns_me.sh @@ -0,0 +1,148 @@ +#!/bin/sh + +# bug reports to dev@1e.ca + +# ME_Key=qmlkdjflmkqdjf +# ME_Secret=qmsdlkqmlksdvnnpae + +ME_Api=https://api.dnsmadeeasy.com/V2.0/dns/managed + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_me_add(){ + fulldomain=$1 + txtvalue=$2 + + if [ -z "$ME_Key" ] || [ -z "$ME_Secret" ] ; then + _err "You didn't specify DNSMadeEasy api key and secret yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf ME_Key "$ME_Key" + _saveaccountconf ME_Secret "$ME_Secret" + + _debug "First detect the root zone" + if ! _get_root $fulldomain ; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _me_rest GET "${_domain_id}/records?recordName=$_sub_domain&type=TXT" + + if ! printf "$response" | grep \"totalRecords\": > /dev/null ; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o \"totalRecords\":[^,]* | cut -d : -f 2) + _debug count "$count" + if [ "$count" = "0" ] ; then + _info "Adding record" + if _me_rest POST "$_domain_id/records/" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep id: > /dev/null ; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | cut -d : -f 2 | head -n 1) + _debug "record_id" $record_id + + _me_rest PUT "$_domain_id/records/$record_id/" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}" + if [ "$?" = "0" ]; then + _info "Updated" + #todo: check if the record takes effect + return 0; + fi + _err "Update error" + return 1 + fi + +} + + +#fulldomain +dns_me_rm() { + fulldomain=$1 + +} + + +#################### Private functions bellow ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while [ '1' ] ; do + h=$(printf $domain | cut -d . -f $i-100) + if [ -z "$h" ] ; then + #not valid + return 1; + fi + + if ! _me_rest GET "name?domainname=$h" ; then + return 1 + fi + + if printf $response | grep \"name\":\"$h\" >/dev/null ; then + _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | head -n 1 | cut -d : -f 2 ) + if [ "$_domain_id" ] ; then + _sub_domain=$(printf $domain | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(expr $i + 1) + done + return 1 +} + +_me_rest() { + m=$1 + ep="$2" + data="$3" + _debug $ep + + cdate=$(date -Ru) + hmac=$(printf "$cdate" | openssl dgst -sha1 -hmac $ME_Secret | cut -d = -f 2 | tr -d ' ') + + _H1="x-dnsme-apiKey: $ME_Key" + _H2="x-dnsme-requestDate: $cdate" + _H3="x-dnsme-hmac: $hmac" + + if [ "$data" ] ; then + _debug data "$data" + response="$(_post "$data" "$ME_Api/$ep" "" $m)" + else + response="$(_get "$ME_Api/$ep")" + fi + + if [ "$?" != "0" ] ; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} + + From 3ec72fcee959954b6bcbf317ba015cd77ed9994f Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 7 Nov 2016 22:16:00 +0100 Subject: [PATCH 061/100] bugfix --- dnsapi/dns_me.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index fffd8d4..4234ac9 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -46,7 +46,7 @@ dns_me_add(){ if [ "$count" = "0" ] ; then _info "Adding record" if _me_rest POST "$_domain_id/records/" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep id: > /dev/null ; then + if [ "$?" = "0" ]; then _info "Added" #todo: check if the record takes effect return 0 From cd90062850161b943b01695379b003ed754f5c9b Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 7 Nov 2016 22:16:53 +0100 Subject: [PATCH 062/100] better bugfix --- dnsapi/dns_me.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index 4234ac9..b379fe9 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -46,7 +46,7 @@ dns_me_add(){ if [ "$count" = "0" ] ; then _info "Adding record" if _me_rest POST "$_domain_id/records/" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}"; then - if [ "$?" = "0" ]; then + if printf -- "%s" "$response" | grep \"id\": > /dev/null ; then _info "Added" #todo: check if the record takes effect return 0 From eb23549cd635cdf4c8231e709f45737aaa7a5697 Mon Sep 17 00:00:00 2001 From: nytral Date: Tue, 8 Nov 2016 14:13:05 +0100 Subject: [PATCH 063/100] s/bash/sh/ --- dnsapi/dns_me.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index b379fe9..d8dd7e4 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/usr/bin/env sh # bug reports to dev@1e.ca From 2ea5b283a84c9efba1ac2171e477ea6968a878e0 Mon Sep 17 00:00:00 2001 From: nytral Date: Tue, 8 Nov 2016 15:56:46 +0100 Subject: [PATCH 064/100] _hmac use and generic date --- dnsapi/dns_me.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index d8dd7e4..3135718 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -123,8 +123,8 @@ _me_rest() { data="$3" _debug $ep - cdate=$(date -Ru) - hmac=$(printf "$cdate" | openssl dgst -sha1 -hmac $ME_Secret | cut -d = -f 2 | tr -d ' ') + cdate=$(date -u +"%a, %d %b %Y %T %Z") + hmac=$(printf "$cdate" | _hmac sha1 "$ME_Secret" 1) _H1="x-dnsme-apiKey: $ME_Key" _H2="x-dnsme-requestDate: $cdate" From dec90f7e5eca1af818d6a7f59d4aca2df56f5d16 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 9 Nov 2016 23:15:08 +0800 Subject: [PATCH 065/100] format dns_me api --- dnsapi/dns_me.sh | 66 +++++++++++++++++++++++------------------------- 1 file changed, 31 insertions(+), 35 deletions(-) diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index 3135718..abc1747 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -10,43 +10,43 @@ ME_Api=https://api.dnsmadeeasy.com/V2.0/dns/managed ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_me_add(){ +dns_me_add() { fulldomain=$1 txtvalue=$2 - - if [ -z "$ME_Key" ] || [ -z "$ME_Secret" ] ; then + + if [ -z "$ME_Key" ] || [ -z "$ME_Secret" ]; then _err "You didn't specify DNSMadeEasy api key and secret yet." _err "Please create you key and try again." return 1 fi - + #save the api key and email to the account conf file. _saveaccountconf ME_Key "$ME_Key" _saveaccountconf ME_Secret "$ME_Secret" - + _debug "First detect the root zone" - if ! _get_root $fulldomain ; then + if ! _get_root $fulldomain; then _err "invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - + _debug "Getting txt records" _me_rest GET "${_domain_id}/records?recordName=$_sub_domain&type=TXT" - - if ! printf "$response" | grep \"totalRecords\": > /dev/null ; then + + if ! printf "$response" | grep \"totalRecords\": >/dev/null; then _err "Error" return 1 fi - + count=$(printf "%s\n" "$response" | _egrep_o \"totalRecords\":[^,]* | cut -d : -f 2) _debug count "$count" - if [ "$count" = "0" ] ; then + if [ "$count" = "0" ]; then _info "Adding record" - if _me_rest POST "$_domain_id/records/" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep \"id\": > /dev/null ; then + if _me_rest POST "$_domain_id/records/" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep \"id\": >/dev/null; then _info "Added" #todo: check if the record takes effect return 0 @@ -60,19 +60,18 @@ dns_me_add(){ _info "Updating record" record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | cut -d : -f 2 | head -n 1) _debug "record_id" $record_id - - _me_rest PUT "$_domain_id/records/$record_id/" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}" + + _me_rest PUT "$_domain_id/records/$record_id/" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}" if [ "$?" = "0" ]; then _info "Updated" #todo: check if the record takes effect - return 0; + return 0 fi _err "Update error" return 1 fi - -} +} #fulldomain dns_me_rm() { @@ -80,7 +79,6 @@ dns_me_rm() { } - #################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns @@ -91,20 +89,20 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ] ; do + while [ '1' ]; do h=$(printf $domain | cut -d . -f $i-100) - if [ -z "$h" ] ; then + if [ -z "$h" ]; then #not valid - return 1; + return 1 fi - - if ! _me_rest GET "name?domainname=$h" ; then + + if ! _me_rest GET "name?domainname=$h"; then return 1 fi - - if printf $response | grep \"name\":\"$h\" >/dev/null ; then - _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | head -n 1 | cut -d : -f 2 ) - if [ "$_domain_id" ] ; then + + if printf $response | grep \"name\":\"$h\" >/dev/null; then + _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | head -n 1 | cut -d : -f 2) + if [ "$_domain_id" ]; then _sub_domain=$(printf $domain | cut -d . -f 1-$p) _domain=$h return 0 @@ -124,25 +122,23 @@ _me_rest() { _debug $ep cdate=$(date -u +"%a, %d %b %Y %T %Z") - hmac=$(printf "$cdate" | _hmac sha1 "$ME_Secret" 1) + hmac=$(printf "$cdate" | _hmac sha1 "$ME_Secret" 1) _H1="x-dnsme-apiKey: $ME_Key" _H2="x-dnsme-requestDate: $cdate" _H3="x-dnsme-hmac: $hmac" - - if [ "$data" ] ; then + + if [ "$data" ]; then _debug data "$data" response="$(_post "$data" "$ME_Api/$ep" "" $m)" else response="$(_get "$ME_Api/$ep")" fi - - if [ "$?" != "0" ] ; then + + if [ "$?" != "0" ]; then _err "error $ep" return 1 fi _debug2 response "$response" return 0 } - - From a2e62f8e1d05fe200c079a832388ad2419b9eba6 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 9 Nov 2016 23:44:24 +0800 Subject: [PATCH 066/100] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 104532b..258cc02 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# An ACME Shell script: acme.sh +# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) - An ACME protocol client written purely in Shell (Unix shell) language. - Fully ACME protocol implementation. - Simple, powerful and very easy to use. You only need 3 minutes to learn. From e591d5cfe4a9a990adbce3a194771a9b9ee113f5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 21:13:33 +0800 Subject: [PATCH 067/100] fix shellcheck warnings --- acme.sh | 50 ++++++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) diff --git a/acme.sh b/acme.sh index e4c377d..255c609 100755 --- a/acme.sh +++ b/acme.sh @@ -27,7 +27,7 @@ STAGE_CA="https://acme-staging.api.letsencrypt.org" VTYPE_HTTP="http-01" VTYPE_DNS="dns-01" VTYPE_TLS="tls-sni-01" -VTYPE_TLS2="tls-sni-02" +#VTYPE_TLS2="tls-sni-02" LOCAL_ANY_ADDRESS="0.0.0.0" @@ -247,10 +247,10 @@ _exists() { _usage "Usage: _exists cmd" return 1 fi - if type command >/dev/null 2>&1; then + if command >/dev/null 2>&1; then command -v "$cmd" >/dev/null 2>&1 - else - type "$cmd" >/dev/null 2>&1 + else which >/dev/null 2>&1; + which "$cmd" >/dev/null 2>&1 fi ret="$?" _debug3 "$cmd exists=$ret" @@ -259,7 +259,7 @@ _exists() { #a + b _math() { - expr "$@" + $(( "$@" )) } _h_char_2_dec() { @@ -299,10 +299,7 @@ _h2b() { hex=$(cat) i=1 j=2 - if _exists let; then - uselet="1" - fi - _debug3 uselet "$uselet" + _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" while true; do if [ -z "$_URGLY_PRINTF" ]; then @@ -310,7 +307,7 @@ _h2b() { if [ -z "$h" ]; then break fi - printf "\x$h" + printf "\x$h%s" else ic="$(printf "%s" "$hex" | cut -c $i)" jc="$(printf "%s" "$hex" | cut -c $j)" @@ -321,13 +318,10 @@ _h2b() { jc="$(_h_char_2_dec "$jc")" printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")" fi - if [ "$uselet" ]; then - let "i+=2" >/dev/null - let "j+=2" >/dev/null - else - i="$(_math "$i" + 2)" - j="$(_math "$j" + 2)" - fi + + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" + done } @@ -3006,9 +3000,9 @@ renewAll() { _debug "_stopRenewOnError" "$_stopRenewOnError" _ret="0" - for d in "${CERT_HOME}"/*.*/; do - _debug d "$d" - d=$(basename "$d") + for di in "${CERT_HOME}"/*.*/; do + _debug di "$di" + d=$(basename "$di") _debug d "$d" ( if _endswith "$d" "$ECC_SUFFIX"; then @@ -3129,15 +3123,15 @@ list() { _sep="|" if [ "$_raw" ]; then printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Created${_sep}Renew" - for d in "${CERT_HOME}"/*.*/; do - d=$(basename "$d") + for di in "${CERT_HOME}"/*.*/; do + d=$(basename "$di") _debug d "$d" ( if _endswith "$d" "$ECC_SUFFIX"; then _isEcc=$(echo "$d" | cut -d "$ECC_SEP" -f 2) d=$(echo "$d" | cut -d "$ECC_SEP" -f 1) fi - _initpath $d "$_isEcc" + _initpath "$d" "$_isEcc" if [ -f "$DOMAIN_CONF" ]; then . "$DOMAIN_CONF" printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr" @@ -3163,13 +3157,13 @@ deploy() { return 1 fi - _initpath $Le_Domain "$_isEcc" + _initpath "$Le_Domain" "$_isEcc" if [ ! -d "$DOMAIN_PATH" ]; then _err "Domain is not valid:'$Le_Domain'" return 1 fi - _deployApi="$(_findHook $Le_Domain deploy $Le_DeployHook)" + _deployApi="$(_findHook "$Le_Domain" deploy "$Le_DeployHook")" if [ -z "$_deployApi" ]; then _err "The deploy hook $Le_DeployHook is not found." return 1 @@ -3179,18 +3173,18 @@ deploy() { _savedomainconf Le_DeployHook "$Le_DeployHook" if ! ( - if ! . $_deployApi; then + if ! . "$_deployApi"; then _err "Load file $_deployApi error. Please check your api file and try again." return 1 fi d_command="${Le_DeployHook}_deploy" - if ! _exists $d_command; then + if ! _exists "$d_command"; then _err "It seems that your api file is not correct, it must have a function named: $d_command" return 1 fi - if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then + if ! $d_command "$Le_Domain" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then _err "Error deploy for domain:$Le_Domain" _on_issue_err return 1 From e3698edd1952b7777d7b2c438cd6ac6f3ee25fb5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 21:15:48 +0800 Subject: [PATCH 068/100] fix shellcheck warnings --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 255c609..ed2bf90 100755 --- a/acme.sh +++ b/acme.sh @@ -4046,7 +4046,7 @@ _process() { _dnssleep="" _listraw="" _stopRenewOnError="" - _insecure="" + #_insecure="" _ca_bundle="" _nocron="" _ecc="" @@ -4321,7 +4321,7 @@ _process() { _stopRenewOnError="1" ;; --insecure) - _insecure="1" + #_insecure="1" HTTPS_INSECURE="1" ;; --ca-bundle) From c4a375b3a5288b5abbb0ff73ad9b06d32f492565 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 21:22:48 +0800 Subject: [PATCH 069/100] fix shellcheck warnings. --- acme.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index ed2bf90..79afb23 100755 --- a/acme.sh +++ b/acme.sh @@ -3364,7 +3364,7 @@ revoke() { _isEcc="$2" - _initpath $Le_Domain "$_isEcc" + _initpath "$Le_Domain" "$_isEcc" if [ ! -f "$DOMAIN_CONF" ]; then _err "$Le_Domain is not a issued domain, skip." return 1 @@ -3387,10 +3387,10 @@ revoke() { if [ -f "$CERT_KEY_PATH" ]; then _info "Try domain key first." - if _send_signed_request $uri "$data" "" "$CERT_KEY_PATH"; then + if _send_signed_request "$uri" "$data" "" "$CERT_KEY_PATH"; then if [ -z "$response" ]; then _info "Revoke success." - rm -f $CERT_PATH + rm -f "$CERT_PATH" return 0 else _err "Revoke error by domain key." @@ -3403,10 +3403,10 @@ revoke() { _info "Try account key." - if _send_signed_request $uri "$data" "" "$ACCOUNT_KEY_PATH"; then + if _send_signed_request "$uri" "$data" "" "$ACCOUNT_KEY_PATH"; then if [ -z "$response" ]; then _info "Revoke success." - rm -f $CERT_PATH + rm -f "$CERT_PATH" return 0 else _err "Revoke error." @@ -3450,11 +3450,11 @@ _deactivate() { fi _vtype="$(printf "%s\n" "$entry" | _egrep_o '"type": *"[^"]*"' | cut -d : -f 2 | tr -d '"')" - _debug _vtype $_vtype + _debug _vtype "$_vtype" _info "Found $_vtype" uri="$(printf "%s\n" "$entry" | _egrep_o '"uri":"[^"]*' | cut -d : -f 2,3 | tr -d '"')" - _debug uri $uri + _debug uri "$uri" if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then _info "Skip $_vtype" @@ -3493,7 +3493,7 @@ deactivate() { if [ -z "$_d_dm" ] || [ "$_d_dm" = "$NO_VALUE" ]; then continue fi - if ! _deactivate "$_d_dm" $_d_type; then + if ! _deactivate "$_d_dm" "$_d_type"; then return 1 fi done @@ -3562,7 +3562,7 @@ _initconf() { #USER_AGENT=\"$USER_AGENT\" -#USER_PATH="" +#USER_PATH= #dns api ####################### From 7ff7a7c527ca9aa6c02d7722717ede9dd8e50b37 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 21:31:16 +0800 Subject: [PATCH 070/100] fix shellcheck warnning --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 79afb23..705f5a9 100755 --- a/acme.sh +++ b/acme.sh @@ -259,7 +259,7 @@ _exists() { #a + b _math() { - $(( "$@" )) + printf "%s" "$(( $@ ))" } _h_char_2_dec() { From 4bd31f4967fcd637087cbc423b650f9d8eb3a557 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 21:47:24 +0800 Subject: [PATCH 071/100] fix shellcheck warnings --- acme.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index 705f5a9..d050738 100755 --- a/acme.sh +++ b/acme.sh @@ -3212,7 +3212,7 @@ installcert() { Le_RealFullChainPath="$6" _isEcc="$7" - _initpath $Le_Domain "$_isEcc" + _initpath "$Le_Domain" "$_isEcc" if [ ! -d "$DOMAIN_PATH" ]; then _err "Domain is not valid:'$Le_Domain'" return 1 @@ -3245,9 +3245,9 @@ _installcert() { Le_RealFullChainPath="" fi - _installed="0" + if [ "$Le_RealCertPath" ]; then - _installed=1 + _info "Installing cert to:$Le_RealCertPath" if [ -f "$Le_RealCertPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealCertPath" "$Le_RealCertPath".bak @@ -3256,7 +3256,7 @@ _installcert() { fi if [ "$Le_RealCACertPath" ]; then - _installed=1 + _info "Installing CA to:$Le_RealCACertPath" if [ "$Le_RealCACertPath" = "$Le_RealCertPath" ]; then echo "" >>"$Le_RealCACertPath" @@ -3270,7 +3270,7 @@ _installcert() { fi if [ "$Le_RealKeyPath" ]; then - _installed=1 + _info "Installing key to:$Le_RealKeyPath" if [ -f "$Le_RealKeyPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealKeyPath" "$Le_RealKeyPath".bak @@ -3279,7 +3279,7 @@ _installcert() { fi if [ "$Le_RealFullChainPath" ]; then - _installed=1 + _info "Installing full chain to:$Le_RealFullChainPath" if [ -f "$Le_RealFullChainPath" ] && [ ! "$IS_RENEW" ]; then cp "$Le_RealFullChainPath" "$Le_RealFullChainPath".bak @@ -3288,7 +3288,7 @@ _installcert() { fi if [ "$Le_ReloadCmd" ]; then - _installed=1 + _info "Run Le_ReloadCmd: $Le_ReloadCmd" if (cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd"); then _info "$(__green "Reload success")" From e51bef6d12c4d80babbd6d24fcaef8dca7b3bbf4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:00:15 +0800 Subject: [PATCH 072/100] fix shellcheck warnings. --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d050738..5a42595 100755 --- a/acme.sh +++ b/acme.sh @@ -316,7 +316,7 @@ _h2b() { fi ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" - printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")" + printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")""%s" fi i="$(_math "$i" + 2)" From b97e1403891ac9f38911bea9baf8c77f6d12c502 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:07:49 +0800 Subject: [PATCH 073/100] fix shfmt warnings --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 5a42595..bd61d11 100755 --- a/acme.sh +++ b/acme.sh @@ -249,7 +249,7 @@ _exists() { fi if command >/dev/null 2>&1; then command -v "$cmd" >/dev/null 2>&1 - else which >/dev/null 2>&1; + elif which >/dev/null 2>&1; which "$cmd" >/dev/null 2>&1 fi ret="$?" @@ -259,7 +259,7 @@ _exists() { #a + b _math() { - printf "%s" "$(( $@ ))" + printf "%s" "$(($@))" } _h_char_2_dec() { From a8b564fa648a0cafae32c7948ae7167a583e86a1 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:10:14 +0800 Subject: [PATCH 074/100] typo --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index bd61d11..f861ace 100755 --- a/acme.sh +++ b/acme.sh @@ -249,7 +249,7 @@ _exists() { fi if command >/dev/null 2>&1; then command -v "$cmd" >/dev/null 2>&1 - elif which >/dev/null 2>&1; + elif which >/dev/null 2>&1; then which "$cmd" >/dev/null 2>&1 fi ret="$?" From a988a91e2eb7e3d9ef81924bc14f7bd6ab36b186 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:14:21 +0800 Subject: [PATCH 075/100] fix shfmt warnings --- acme.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/acme.sh b/acme.sh index f861ace..4a5b111 100755 --- a/acme.sh +++ b/acme.sh @@ -3222,7 +3222,6 @@ installcert() { } _installcert() { - _savedomainconf "Le_RealCertPath" "$Le_RealCertPath" _savedomainconf "Le_RealCACertPath" "$Le_RealCACertPath" _savedomainconf "Le_RealKeyPath" "$Le_RealKeyPath" @@ -3245,7 +3244,6 @@ _installcert() { Le_RealFullChainPath="" fi - if [ "$Le_RealCertPath" ]; then _info "Installing cert to:$Le_RealCertPath" From 7af784adce32592a2758b3e72d1eebb89e1dd7ae Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:30:55 +0800 Subject: [PATCH 076/100] fix shellcheck warnings --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 4a5b111..c5e0926 100755 --- a/acme.sh +++ b/acme.sh @@ -548,7 +548,7 @@ _createkey() { _is_idn() { _is_idn_d="$1" _debug2 _is_idn_d "$_is_idn_d" - _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '[0-9]' | tr -d '[a-z]' | tr -d 'A-Z' | tr -d '.,-') + _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '0-9' | tr -d 'a-z' | tr -d 'A-Z' | tr -d '.,-') _debug2 _idn_temp "$_idn_temp" [ "$_idn_temp" ] } From 796e2cc1562a856ba9909be018d5da8b8711a202 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:32:11 +0800 Subject: [PATCH 077/100] fix shellcheck warnings --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index c5e0926..29f0881 100755 --- a/acme.sh +++ b/acme.sh @@ -532,10 +532,10 @@ _createkey() { if _isEccKey "$length"; then _debug "Using ec name: $eccname" - openssl ecparam -name $eccname -genkey 2>/dev/null >"$f" + openssl ecparam -name "$eccname" -genkey 2>/dev/null >"$f" else _debug "Using RSA: $length" - openssl genrsa $length 2>/dev/null >"$f" + openssl genrsa "$length" 2>/dev/null >"$f" fi if [ "$?" != "0" ]; then From 031e885e4de0b684e6d0df5ef686540c5181c0d6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 22:36:16 +0800 Subject: [PATCH 078/100] fix shellcheck warnings --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 29f0881..f8c7e17 100755 --- a/acme.sh +++ b/acme.sh @@ -859,7 +859,8 @@ _time2str() { #Soaris if _exists adb; then - echo $(echo "0t${1}=Y" | adb) + _t_s_a=$(echo "0t${1}=Y" | adb) + echo "$_t_s_a" fi } From c7b16249b88f682fed44f84ef772625bb69b0eba Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 23:30:14 +0800 Subject: [PATCH 079/100] fix shellcheck warnings --- acme.sh | 10 ++++----- dnsapi/dns_cf.sh | 22 ++++++++++---------- dnsapi/dns_cx.sh | 40 ++++++++++++++++++------------------ dnsapi/dns_dp.sh | 48 +++++++++++++++++++++---------------------- dnsapi/dns_gd.sh | 14 ++++++------- dnsapi/dns_lexicon.sh | 12 +++++------ dnsapi/dns_lua.sh | 20 +++++++++--------- dnsapi/dns_me.sh | 22 ++++++++++---------- dnsapi/dns_ovh.sh | 12 +++++------ dnsapi/dns_pdns.sh | 16 +++++++-------- 10 files changed, 108 insertions(+), 108 deletions(-) diff --git a/acme.sh b/acme.sh index f8c7e17..195adee 100755 --- a/acme.sh +++ b/acme.sh @@ -411,7 +411,7 @@ _digest() { outputhex="$2" - if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then + if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ] || [ "$alg" = "md5" ]; then if [ "$outputhex" ]; then openssl dgst -"$alg" -hex | cut -d = -f 2 | tr -d ' ' else @@ -2290,10 +2290,10 @@ _findHook() { _hookcat="$2" _hookname="$3" - if [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname" ]; then - d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname" - elif [ -f "$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" ]; then - d_api="$_SCRIPT_HOME/$_hookdomain/$_hookname.sh" + if [ -f "$_SCRIPT_HOME/$_hookcat/$_hookname" ]; then + d_api="$_SCRIPT_HOME/$_hookcat/$_hookname" + elif [ -f "$_SCRIPT_HOME/$_hookcat/$_hookname.sh" ]; then + d_api="$_SCRIPT_HOME/$_hookcat/$_hookname.sh" elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ]; then d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname" elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ]; then diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index 63acb28..edd4830 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -25,7 +25,7 @@ dns_cf_add() { _saveaccountconf CF_Email "$CF_Email" _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi @@ -36,7 +36,7 @@ dns_cf_add() { _debug "Getting txt records" _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain" - if ! printf "$response" | grep \"success\":true >/dev/null; then + if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then _err "Error" return 1 fi @@ -46,7 +46,7 @@ dns_cf_add() { if [ "$count" = "0" ]; then _info "Adding record" if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then + if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then _info "Added, sleeping 10 seconds" sleep 10 #todo: check if the record takes effect @@ -60,7 +60,7 @@ dns_cf_add() { else _info "Updating record" record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \" | head -n 1) - _debug "record_id" $record_id + _debug "record_id" "$record_id" _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" if [ "$?" = "0" ]; then @@ -91,8 +91,8 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid return 1 @@ -102,17 +102,17 @@ _get_root() { return 1 fi - if printf $response | grep \"name\":\"$h\" >/dev/null; then + if printf "%s" "$response" | grep "\"name\":\"$h\"" >/dev/null; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | head -n 1 | cut -d : -f 2 | tr -d \") if [ "$_domain_id" ]; then - _sub_domain=$(printf $domain | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h return 0 fi return 1 fi p=$i - i=$(expr $i + 1) + i=$(_math "$i" + 1) done return 1 } @@ -121,7 +121,7 @@ _cf_rest() { m=$1 ep="$2" data="$3" - _debug $ep + _debug "$ep" _H1="X-Auth-Email: $CF_Email" _H2="X-Auth-Key: $CF_Key" @@ -129,7 +129,7 @@ _cf_rest() { if [ "$data" ]; then _debug data "$data" - response="$(_post "$data" "$CF_Api/$ep" "" $m)" + response="$(_post "$data" "$CF_Api/$ep" "" "$m")" else response="$(_get "$CF_Api/$ep")" fi diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index 81eb896..c4d941d 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -22,19 +22,19 @@ dns_cx_add() { return 1 fi - REST_API=$CX_Api + REST_API="$CX_Api" #save the api key and email to the account conf file. _saveaccountconf CX_Key "$CX_Key" _saveaccountconf CX_Secret "$CX_Secret" _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - existing_records $_domain $_sub_domain + existing_records "$_domain" "$_sub_domain" _debug count "$count" if [ "$?" != "0" ]; then _err "Error get existing records." @@ -42,9 +42,9 @@ dns_cx_add() { fi if [ "$count" = "0" ]; then - add_record $_domain $_sub_domain $txtvalue + add_record "$_domain" "$_sub_domain" "$txtvalue" else - update_record $_domain $_sub_domain $txtvalue + update_record "$_domain" "$_sub_domain" "$txtvalue" fi if [ "$?" = "0" ]; then @@ -78,7 +78,7 @@ existing_records() { return 0 fi - if printf "$response" | grep '"type":"TXT"' >/dev/null; then + if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then count=1 record_id=$(printf "%s\n" "$seg" | _egrep_o \"record_id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug record_id "$record_id" @@ -93,7 +93,7 @@ add_record() { root=$1 sub=$2 txtvalue=$3 - fulldomain=$sub.$root + fulldomain="$sub.$root" _info "Adding record" @@ -110,7 +110,7 @@ update_record() { root=$1 sub=$2 txtvalue=$3 - fulldomain=$sub.$root + fulldomain="$sub.$root" _info "Updating record" @@ -136,30 +136,30 @@ _get_root() { return 1 fi - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) _debug h "$h" if [ -z "$h" ]; then #not valid return 1 fi - if printf "$response" | grep "$h." >/dev/null; then + if _contains "$response" "$h."; then seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}") _debug seg "$seg" _domain_id=$(printf "%s" "$seg" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf $domain | cut -d . -f 1-$p) - _debug _sub_domain $_sub_domain - _domain=$h - _debug _domain $_domain + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" return 0 fi return 1 fi - p=$i - i=$(expr $i + 1) + p="$i" + i=$(_math "$i" + 1) done return 1 } @@ -168,7 +168,7 @@ _get_root() { _rest() { m=$1 ep="$2" - _debug $ep + _debug "$ep" url="$REST_API/$ep" _debug url "$url" @@ -180,7 +180,7 @@ _rest() { sec="$CX_Key$url$data$cdate$CX_Secret" _debug sec "$sec" - hmac=$(printf "$sec" | openssl md5 | cut -d " " -f 2) + hmac=$(printf "%s" "$sec" | _digest md5 hex) _debug hmac "$hmac" _H1="API-KEY: $CX_Key" @@ -199,7 +199,7 @@ _rest() { return 1 fi _debug2 response "$response" - if ! printf "$response" | grep '"message":"success"' >/dev/null; then + if ! _contains "$response" '"message":"success"'; then return 1 fi return 0 diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 8861bfc..605c541 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -22,19 +22,19 @@ dns_dp_add() { return 1 fi - REST_API=$DP_Api + REST_API="$DP_Api" #save the api key and email to the account conf file. _saveaccountconf DP_Id "$DP_Id" _saveaccountconf DP_Key "$DP_Key" _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - existing_records $_domain $_sub_domain + existing_records "$_domain" "$_sub_domain" _debug count "$count" if [ "$?" != "0" ]; then _err "Error get existing records." @@ -42,9 +42,9 @@ dns_dp_add() { fi if [ "$count" = "0" ]; then - add_record $_domain $_sub_domain $txtvalue + add_record "$_domain" "$_sub_domain" "$txtvalue" else - update_record $_domain $_sub_domain $txtvalue + update_record "$_domain" "$_sub_domain" "$txtvalue" fi } @@ -67,14 +67,14 @@ existing_records() { return 1 fi - if printf "$response" | grep 'No records'; then + if _contains "$response" 'No records'; then count=0 return 0 fi - if printf "$response" | grep "Action completed successful" >/dev/null; then - count=$(printf "$response" | grep 'TXT' | wc -l) - record_id=$(printf "$response" | grep '^' | tail -1 | cut -d '>' -f 2 | cut -d '<' -f 1) + if _contains "$response" "Action completed successful"; then + count=$(printf "%s" "$response" | grep 'TXT' | wc -l) + record_id=$(printf "%s" "$response" | grep '^' | tail -1 | cut -d '>' -f 2 | cut -d '<' -f 1) return 0 else _err "get existing records error." @@ -90,7 +90,7 @@ add_record() { root=$1 sub=$2 txtvalue=$3 - fulldomain=$sub.$root + fulldomain="$sub.$root" _info "Adding record" @@ -98,7 +98,7 @@ add_record() { return 1 fi - if printf "$response" | grep "Action completed successful"; then + if _contains "$response" "Action completed successful"; then return 0 fi @@ -112,7 +112,7 @@ update_record() { root=$1 sub=$2 txtvalue=$3 - fulldomain=$sub.$root + fulldomain="$sub.$root" _info "Updating record" @@ -120,7 +120,7 @@ update_record() { return 1 fi - if printf "$response" | grep "Action completed successful"; then + if _contains "$response" "Action completed successful"; then return 0 fi @@ -138,8 +138,8 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid return 1 @@ -149,20 +149,20 @@ _get_root() { return 1 fi - if printf "$response" | grep "Action completed successful" >/dev/null; then + if _contains "$response" "Action completed successful"; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf $domain | cut -d . -f 1-$p) - _debug _sub_domain $_sub_domain - _domain=$h - _debug _domain $_domain + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" return 0 fi return 1 fi - p=$i - i=$(expr $i + 1) + p="$i" + i=$(_math "$i" + 1) done return 1 } @@ -172,14 +172,14 @@ _rest() { m=$1 ep="$2" data="$3" - _debug $ep + _debug "$ep" url="$REST_API/$ep" _debug url "$url" if [ "$data" ]; then _debug2 data "$data" - response="$(_post $data "$url")" + response="$(_post "$data" "$url")" else response="$(_get "$url")" fi diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 51ca8db..304d5d3 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -26,7 +26,7 @@ dns_gd_add() { _saveaccountconf GD_Secret "$GD_Secret" _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi @@ -67,8 +67,8 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid return 1 @@ -78,11 +78,11 @@ _get_root() { return 1 fi - if printf "$response" | grep '"code":"NOT_FOUND"' >/dev/null; then + if _contains "$response" '"code":"NOT_FOUND"'; then _debug "$h not found" else - _sub_domain=$(printf $domain | cut -d . -f 1-$p) - _domain=$h + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" return 0 fi p=$i @@ -95,7 +95,7 @@ _gd_rest() { m=$1 ep="$2" data="$3" - _debug $ep + _debug "$ep" _H1="Authorization: sso-key $GD_Key:$GD_Secret" _H2="Content-Type: application/json" diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 847b999..bceab8d 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -14,9 +14,9 @@ dns_lexicon_add() { fulldomain=$1 txtvalue=$2 - domain=$(printf "$fulldomain" | cut -d . -f 2-999) + domain=$(printf "%s" "$fulldomain" | cut -d . -f 2-999) - if ! _exists $lexicon_cmd; then + if ! _exists "$lexicon_cmd"; then _err "Please install $lexicon_cmd first: $wiki" return 1 fi @@ -33,7 +33,7 @@ dns_lexicon_add() { eval Lx_name_v="\$$Lx_name" _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then - _saveaccountconf $Lx_name "$Lx_name_v" + _saveaccountconf "$Lx_name" "$Lx_name_v" export "$Lx_name" fi @@ -41,7 +41,7 @@ dns_lexicon_add() { eval Lx_token_v="\$$Lx_token" _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then - _saveaccountconf $Lx_token "$Lx_token_v" + _saveaccountconf "$Lx_token" "$Lx_token_v" export "$Lx_token" fi @@ -49,7 +49,7 @@ dns_lexicon_add() { eval Lx_password_v="\$$Lx_password" _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then - _saveaccountconf $Lx_password "$Lx_password_v" + _saveaccountconf "$Lx_password" "$Lx_password_v" export "$Lx_password" fi @@ -58,7 +58,7 @@ dns_lexicon_add() { _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then export "$Lx_domaintoken" - _saveaccountconf $Lx_domaintoken "$Lx_domaintoken_v" + _saveaccountconf "$Lx_domaintoken" "$Lx_domaintoken_v" fi $lexicon_cmd "$PROVIDER" create ${domain} TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index efd197c..a6375e5 100755 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -28,7 +28,7 @@ dns_lua_add() { _saveaccountconf LUA_Email "$LUA_Email" _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi @@ -49,7 +49,7 @@ dns_lua_add() { if [ "$count" = "0" ]; then _info "Adding record" if _LUA_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if printf -- "%s" "$response" | grep $fulldomain >/dev/null; then + if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then _info "Added" #todo: check if the record takes effect return 0 @@ -62,7 +62,7 @@ dns_lua_add() { else _info "Updating record" record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2 | cut -d, -f1) - _debug "record_id" $record_id + _debug "record_id" "$record_id" _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" if [ "$?" = "0" ]; then @@ -95,24 +95,24 @@ _get_root() { if ! _LUA_rest GET "zones"; then return 1 fi - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid return 1 fi - if printf $response | grep \"name\":\"$h\" >/dev/null; then + if _contains "$response" "\"name\":\"$h\""; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$h\" | cut -d : -f 2 | cut -d , -f 1) if [ "$_domain_id" ]; then - _sub_domain=$(printf $domain | cut -d . -f 1-$p) - _domain=$h + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" return 0 fi return 1 fi p=$i - i=$(expr $i + 1) + i=$(_math "$i" + 1) done return 1 } @@ -121,7 +121,7 @@ _LUA_rest() { m=$1 ep="$2" data="$3" - _debug $ep + _debug "$ep" _H1="Accept: application/json" _H2="Authorization: Basic $LUA_auth" diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index abc1747..db4f796 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -25,7 +25,7 @@ dns_me_add() { _saveaccountconf ME_Secret "$ME_Secret" _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi @@ -36,7 +36,7 @@ dns_me_add() { _debug "Getting txt records" _me_rest GET "${_domain_id}/records?recordName=$_sub_domain&type=TXT" - if ! printf "$response" | grep \"totalRecords\": >/dev/null; then + if ! _contains "$response" "\"totalRecords\":"; then _err "Error" return 1 fi @@ -59,7 +59,7 @@ dns_me_add() { else _info "Updating record" record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | cut -d : -f 2 | head -n 1) - _debug "record_id" $record_id + _debug "record_id" "$record_id" _me_rest PUT "$_domain_id/records/$record_id/" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}" if [ "$?" = "0" ]; then @@ -89,8 +89,8 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid return 1 @@ -100,17 +100,17 @@ _get_root() { return 1 fi - if printf $response | grep \"name\":\"$h\" >/dev/null; then + if _contains "$response" "\"name\":\"$h\""; then _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | head -n 1 | cut -d : -f 2) if [ "$_domain_id" ]; then - _sub_domain=$(printf $domain | cut -d . -f 1-$p) - _domain=$h + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" return 0 fi return 1 fi p=$i - i=$(expr $i + 1) + i=$(_math "$i" + 1) done return 1 } @@ -119,10 +119,10 @@ _me_rest() { m=$1 ep="$2" data="$3" - _debug $ep + _debug "$ep" cdate=$(date -u +"%a, %d %b %Y %T %Z") - hmac=$(printf "$cdate" | _hmac sha1 "$ME_Secret" 1) + hmac=$(printf "%s" "$cdate" | _hmac sha1 "$ME_Secret" 1) _H1="x-dnsme-apiKey: $ME_Key" _H2="x-dnsme-requestDate: $cdate" diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 782c083..ace5222 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -226,8 +226,8 @@ _get_root() { domain=$1 i=2 p=1 - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then #not valid return 1 @@ -238,12 +238,12 @@ _get_root() { fi if ! _contains "$response" "This service does not exist" >/dev/null; then - _sub_domain=$(printf $domain | cut -d . -f 1-$p) - _domain=$h + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" return 0 fi p=$i - i=$(expr $i + 1) + i=$(_math "$i" + 1) done return 1 } @@ -261,7 +261,7 @@ _ovh_rest() { m=$1 ep="$2" data="$3" - _debug $ep + _debug "$ep" _ovh_url="$OVH_API/$ep" _debug2 _ovh_url "$_ovh_url" diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index ec82bfe..7c994eb 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -35,7 +35,7 @@ dns_pdns_add() { fi if [ -z "$PDNS_Ttl" ]; then - PDNS_Ttl=$DEFAULT_PDNS_TTL + PDNS_Ttl="$DEFAULT_PDNS_TTL" fi #save the api addr and key to the account conf file. @@ -48,7 +48,7 @@ dns_pdns_add() { fi _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi @@ -94,22 +94,22 @@ _get_root() { p=1 if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then - _zones_response=$response + _zones_response="$response" fi - while [ '1' ]; do - h=$(printf $domain | cut -d . -f $i-100) + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then return 1 fi - if printf "$_zones_response" | grep "\"name\": \"$h.\"" >/dev/null; then - _domain=$h + if _contains "$_zones_response" "\"name\": \"$h.\""; then + _domain="$h" return 0 fi p=$i - i=$(expr $i + 1) + i=$(_math $i + 1) done _debug "$domain not found" return 1 From a0636d5a87e216ecfb033eff320bd5a79a0489de Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 23:34:21 +0800 Subject: [PATCH 080/100] fix shellcheck warnings. --- dnsapi/dns_lexicon.sh | 8 ++++---- dnsapi/dns_lua.sh | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index bceab8d..4cec7cb 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -29,7 +29,7 @@ dns_lexicon_add() { _savedomainconf PROVIDER "$PROVIDER" export PROVIDER - Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr [a-z] [A-Z]) + Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr 'a-z' 'A-Z') eval Lx_name_v="\$$Lx_name" _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then @@ -37,7 +37,7 @@ dns_lexicon_add() { export "$Lx_name" fi - Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr [a-z] [A-Z]) + Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr 'a-z' 'A-Z') eval Lx_token_v="\$$Lx_token" _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then @@ -45,7 +45,7 @@ dns_lexicon_add() { export "$Lx_token" fi - Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr [a-z] [A-Z]) + Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr 'a-z' 'A-Z') eval Lx_password_v="\$$Lx_password" _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then @@ -53,7 +53,7 @@ dns_lexicon_add() { export "$Lx_password" fi - Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr [a-z] [A-Z]) + Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr 'a-z' 'A-Z') eval Lx_domaintoken_v="\$$Lx_domaintoken" _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index a6375e5..c03686a 100755 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -8,7 +8,7 @@ #LUA_Email="user@luadns.net" LUA_Api="https://api.luadns.com/v1" -LUA_auth=$(printf $LUA_Email:$LUA_Key | _base64) +LUA_auth=$(printf "%s" "$LUA_Email:$LUA_Key" | _base64) ######## Public functions ##################### @@ -39,7 +39,7 @@ dns_lua_add() { _debug "Getting txt records" _LUA_rest GET "zones/${_domain_id}/records" - if ! printf "$response" | grep \"id\": >/dev/null; then + if ! _contains "$response" "\"id\":"; then _err "Error" return 1 fi From c7b8f223ee3cd17c6c95e45bdde47c9129547648 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 23:48:27 +0800 Subject: [PATCH 081/100] fix for solaris tr --- acme.sh | 2 +- dnsapi/dns_lexicon.sh | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 195adee..78a6ec6 100755 --- a/acme.sh +++ b/acme.sh @@ -548,7 +548,7 @@ _createkey() { _is_idn() { _is_idn_d="$1" _debug2 _is_idn_d "$_is_idn_d" - _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '0-9' | tr -d 'a-z' | tr -d 'A-Z' | tr -d '.,-') + _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '[0-9]' | tr -d '[a-z]' | tr -d '[A-Z]' | tr -d '.,-') _debug2 _idn_temp "$_idn_temp" [ "$_idn_temp" ] } diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 4cec7cb..c3628a0 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -29,7 +29,7 @@ dns_lexicon_add() { _savedomainconf PROVIDER "$PROVIDER" export PROVIDER - Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr 'a-z' 'A-Z') + Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr '[a-z]' '[A-Z]') eval Lx_name_v="\$$Lx_name" _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then @@ -37,7 +37,7 @@ dns_lexicon_add() { export "$Lx_name" fi - Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr 'a-z' 'A-Z') + Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr '[a-z]' '[A-Z]') eval Lx_token_v="\$$Lx_token" _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then @@ -45,7 +45,7 @@ dns_lexicon_add() { export "$Lx_token" fi - Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr 'a-z' 'A-Z') + Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr '[a-z]' '[A-Z]') eval Lx_password_v="\$$Lx_password" _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then @@ -53,7 +53,7 @@ dns_lexicon_add() { export "$Lx_password" fi - Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr 'a-z' 'A-Z') + Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr '[a-z]' '[A-Z]') eval Lx_domaintoken_v="\$$Lx_domaintoken" _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then From efd96153d840672d6893c448412eb24f2b763a09 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Nov 2016 23:52:02 +0800 Subject: [PATCH 082/100] minor fix log message. --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 78a6ec6..e49a253 100755 --- a/acme.sh +++ b/acme.sh @@ -2319,7 +2319,7 @@ __get_domain_new_authz() { _Max_new_authz_retry_times=5 _authz_i=0 while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do - _info "Try new-authz for the $_authz_i time." + _debug "Try new-authz for the $_authz_i time." if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then _err "Can not get domain new authz." return 1 @@ -2334,7 +2334,7 @@ __get_domain_new_authz() { done if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then - _debug "new-authz retry reach the max $_Max_new_authz_retry_times times." + _err "new-authz retry reach the max $_Max_new_authz_retry_times times." fi if [ ! -z "$code" ] && [ ! "$code" = '201' ]; then From e9f9f515bdf707e704e33af001378e0bb256d053 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:06:34 +0800 Subject: [PATCH 083/100] fix shellcheck warnings. --- dnsapi/dns_gd.sh | 4 ++-- dnsapi/dns_lexicon.sh | 10 +++++----- dnsapi/dns_lua.sh | 8 ++++---- dnsapi/dns_me.sh | 2 +- dnsapi/dns_ovh.sh | 6 +++--- dnsapi/dns_pdns.sh | 2 -- 6 files changed, 15 insertions(+), 17 deletions(-) diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 304d5d3..dec80a9 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -85,8 +85,8 @@ _get_root() { _domain="$h" return 0 fi - p=$i - i=$(expr $i + 1) + p="$i" + i=$(_math "$i" + 1) done return 1 } diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index c3628a0..38b6a13 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -29,7 +29,7 @@ dns_lexicon_add() { _savedomainconf PROVIDER "$PROVIDER" export PROVIDER - Lx_name=$(echo LEXICON_${PROVIDER}_USERNAME | tr '[a-z]' '[A-Z]') + Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr '[a-z]' '[A-Z]') eval Lx_name_v="\$$Lx_name" _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then @@ -37,7 +37,7 @@ dns_lexicon_add() { export "$Lx_name" fi - Lx_token=$(echo LEXICON_${PROVIDER}_TOKEN | tr '[a-z]' '[A-Z]') + Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr '[a-z]' '[A-Z]') eval Lx_token_v="\$$Lx_token" _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then @@ -45,7 +45,7 @@ dns_lexicon_add() { export "$Lx_token" fi - Lx_password=$(echo LEXICON_${PROVIDER}_PASSWORD | tr '[a-z]' '[A-Z]') + Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr '[a-z]' '[A-Z]') eval Lx_password_v="\$$Lx_password" _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then @@ -53,7 +53,7 @@ dns_lexicon_add() { export "$Lx_password" fi - Lx_domaintoken=$(echo LEXICON_${PROVIDER}_DOMAINTOKEN | tr '[a-z]' '[A-Z]') + Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr '[a-z]' '[A-Z]') eval Lx_domaintoken_v="\$$Lx_domaintoken" _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then @@ -61,7 +61,7 @@ dns_lexicon_add() { _saveaccountconf "$Lx_domaintoken" "$Lx_domaintoken_v" fi - $lexicon_cmd "$PROVIDER" create ${domain} TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" + $lexicon_cmd "$PROVIDER" create "${domain}" TXT --name="_acme-challenge.${domain}." --content="${txtvalue}" } diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index c03686a..e6b4872 100755 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -44,7 +44,7 @@ dns_lua_add() { return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o \"name\":\"$fulldomain\" | wc -l) + count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$fulldomain\"" | wc -l) _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" @@ -61,7 +61,7 @@ dns_lua_add() { _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\" | cut -d: -f2 | cut -d, -f1) + record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*,\"name\":\"$fulldomain.\",\"type\":\"TXT\"" | cut -d: -f2 | cut -d, -f1) _debug "record_id" "$record_id" _LUA_rest PUT "zones/$_domain_id/records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"ttl\":120}" @@ -103,7 +103,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\""; then - _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]*,\"name\":\"$h\" | cut -d : -f 2 | cut -d , -f 1) + _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1) if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" @@ -127,7 +127,7 @@ _LUA_rest() { _H2="Authorization: Basic $LUA_auth" if [ "$data" ]; then _debug data "$data" - response="$(_post "$data" "$LUA_Api/$ep" "" $m)" + response="$(_post "$data" "$LUA_Api/$ep" "" "$m")" else response="$(_get "$LUA_Api/$ep")" fi diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index db4f796..ba79247 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -130,7 +130,7 @@ _me_rest() { if [ "$data" ]; then _debug data "$data" - response="$(_post "$data" "$ME_Api/$ep" "" $m)" + response="$(_post "$data" "$ME_Api/$ep" "" "$m")" else response="$(_get "$ME_Api/$ep")" fi diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index ace5222..97730f7 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -127,7 +127,7 @@ dns_ovh_add() { _info "Consumer key is ok." _debug "First detect the root zone" - if ! _get_root $fulldomain; then + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi @@ -157,7 +157,7 @@ dns_ovh_add() { _err "Can not get record id." return 1 fi - _debug "record_id" $record_id + _debug "record_id" "$record_id" if _ovh_rest PUT "domain/zone/$_domain/record/$record_id" "{\"target\":\"$txtvalue\",\"subDomain\":\"$_sub_domain\",\"ttl\":60}"; then if _contains "$response" "null"; then @@ -280,7 +280,7 @@ _ovh_rest() { _H5="Content-Type: application/json;charset=utf-8" if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ]; then _debug data "$data" - response="$(_post "$data" "$_ovh_url" "" $m)" + response="$(_post "$data" "$_ovh_url" "" "$m")" else response="$(_get "$_ovh_url")" fi diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 7c994eb..0f6c59d 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -91,7 +91,6 @@ set_record() { _get_root() { domain=$1 i=1 - p=1 if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then _zones_response="$response" @@ -108,7 +107,6 @@ _get_root() { return 0 fi - p=$i i=$(_math $i + 1) done _debug "$domain not found" From 69925ce8230d98d7ea32a543d785a83391985ee9 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:09:45 +0800 Subject: [PATCH 084/100] fix shellcheck warnings. --- dnsapi/dns_cx.sh | 2 +- dnsapi/dns_gd.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index c4d941d..4500374 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -189,7 +189,7 @@ _rest() { _H4="Content-Type: application/json" if [ "$data" ]; then - response="$(_post "$data" "$url" "" $m)" + response="$(_post "$data" "$url" "" "$m")" else response="$(_get "$url")" fi diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index dec80a9..fed25d8 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -102,7 +102,7 @@ _gd_rest() { if [ "$data" ]; then _debug data "$data" - response="$(_post "$data" "$GD_Api/$ep" "" $m)" + response="$(_post "$data" "$GD_Api/$ep" "" "$m")" else response="$(_get "$GD_Api/$ep")" fi From 432771dfe3c46786a5eaf01f8fa37d811e923c1d Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:19:59 +0800 Subject: [PATCH 085/100] add shellcheck to CI --- .travis.yml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index f363dbe..3c4485b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,19 @@ -language: bash +language: shell env: global: - SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64 +addons: + apt: + sources: + - debian-sid # Grab shellcheck from the Debian repo (o_O) + packages: + - shellcheck + script: - curl -sSL $SHFMT_URL -o ~/shfmt - chmod +x ~/shfmt - - ~/shfmt -l -w -i 2 . - - git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false) + - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false) + - [ "$?" = "0" ] && shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" || false + From 9d6abcd9be975a0286125b1da4da02ccc85d5356 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:23:07 +0800 Subject: [PATCH 086/100] fix CI --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3c4485b..1509979 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,6 @@ addons: script: - curl -sSL $SHFMT_URL -o ~/shfmt - chmod +x ~/shfmt - - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false) - - [ "$?" = "0" ] && shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" || false + - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && exit 1) + - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" || exit 1 From 870274ad9db5f789f20f766326891bb4f51eb190 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:25:15 +0800 Subject: [PATCH 087/100] fix CI --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1509979..cad5a20 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ addons: script: - curl -sSL $SHFMT_URL -o ~/shfmt - chmod +x ~/shfmt - - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && exit 1) - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" || exit 1 + - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && exit 1) + From 5766250288ffdf6c28a8b49069f5720d9b20cdd2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:31:24 +0800 Subject: [PATCH 088/100] fix CI --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index cad5a20..4c06c2d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ addons: script: - curl -sSL $SHFMT_URL -o ~/shfmt - chmod +x ~/shfmt + - shellcheck -V - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" || exit 1 - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && exit 1) From e440223b40998411c80be06286ff88336fbefc03 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 00:50:44 +0800 Subject: [PATCH 089/100] fix shellcheck warnings --- dnsapi/dns_cf.sh | 6 +++--- dnsapi/dns_cx.sh | 4 ++-- dnsapi/dns_dp.sh | 2 +- dnsapi/dns_gd.sh | 3 +-- dnsapi/dns_me.sh | 6 +++--- dnsapi/dns_ovh.sh | 3 +-- 6 files changed, 11 insertions(+), 13 deletions(-) diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index edd4830..20cb169 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -41,7 +41,7 @@ dns_cf_add() { return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o \"count\":[^,]* | cut -d : -f 2) + count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" @@ -59,7 +59,7 @@ dns_cf_add() { _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \" | head -n 1) + record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) _debug "record_id" "$record_id" _cf_rest PUT "zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" @@ -103,7 +103,7 @@ _get_root() { fi if printf "%s" "$response" | grep "\"name\":\"$h\"" >/dev/null; then - _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | head -n 1 | cut -d : -f 2 | tr -d \") + _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index 4500374..38649f3 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -80,7 +80,7 @@ existing_records() { if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then count=1 - record_id=$(printf "%s\n" "$seg" | _egrep_o \"record_id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + record_id=$(printf "%s\n" "$seg" | _egrep_o "\"record_id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _debug record_id "$record_id" return 0 fi @@ -147,7 +147,7 @@ _get_root() { if _contains "$response" "$h."; then seg=$(printf "%s" "$response" | _egrep_o "\{[^\{]*\"$h\.\"[^\}]*\}") _debug seg "$seg" - _domain_id=$(printf "%s" "$seg" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + _domain_id=$(printf "%s" "$seg" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 605c541..a06f157 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -150,7 +150,7 @@ _get_root() { fi if _contains "$response" "Action completed successful"; then - _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index fed25d8..f96af93 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -30,7 +30,7 @@ dns_gd_add() { _err "invalid domain" return 1 fi - _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" @@ -62,7 +62,6 @@ dns_gd_rm() { #returns # _sub_domain=_acme-challenge.www # _domain=domain.com -# _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 i=2 diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index ba79247..f231f7e 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -41,7 +41,7 @@ dns_me_add() { return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o \"totalRecords\":[^,]* | cut -d : -f 2) + count=$(printf "%s\n" "$response" | _egrep_o "\"totalRecords\":[^,]*" | cut -d : -f 2) _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" @@ -58,7 +58,7 @@ dns_me_add() { _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | cut -d : -f 2 | head -n 1) + record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | cut -d : -f 2 | head -n 1) _debug "record_id" "$record_id" _me_rest PUT "$_domain_id/records/$record_id/" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\",\"gtdLocation\":\"DEFAULT\",\"ttl\":120}" @@ -101,7 +101,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\""; then - _domain_id=$(printf "%s\n" "$response" | _egrep_o \"id\":[^,]* | head -n 1 | cut -d : -f 2) + _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | head -n 1 | cut -d : -f 2) if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 97730f7..ed8c42b 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -131,7 +131,7 @@ dns_ovh_add() { _err "invalid domain" return 1 fi - _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" @@ -221,7 +221,6 @@ _ovh_authentication() { #returns # _sub_domain=_acme-challenge.www # _domain=domain.com -# _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 i=2 From be68fbd4f5b65716a37a4a669e7a8ae960ebf07d Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 10:58:20 +0800 Subject: [PATCH 090/100] fix for alpine --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index e49a253..b4f0138 100755 --- a/acme.sh +++ b/acme.sh @@ -259,7 +259,8 @@ _exists() { #a + b _math() { - printf "%s" "$(($@))" + _m_opts="$@" + printf "%s" "$(($_m_opts))" } _h_char_2_dec() { From 797cbb9b2064784a4a13d8d509863a3292c35739 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 11:05:05 +0800 Subject: [PATCH 091/100] fix shellcheck warnings --- dnsapi/dns_cf.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index 20cb169..cacb5b3 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -15,6 +15,8 @@ dns_cf_add() { txtvalue=$2 if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then + CF_Key="" + CF_Email="" _err "You don't specify cloudflare api key and email yet." _err "Please create you key and try again." return 1 From 422e5026d60847c1df316539d3e7b91ef2fee2a6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 11:13:40 +0800 Subject: [PATCH 092/100] fix shellcheck warnings --- dnsapi/dns_cx.sh | 2 ++ dnsapi/dns_dp.sh | 2 ++ dnsapi/dns_gd.sh | 2 ++ dnsapi/dns_lexicon.sh | 1 + dnsapi/dns_me.sh | 2 ++ dnsapi/dns_ovh.sh | 2 ++ dnsapi/dns_pdns.sh | 3 +++ 7 files changed, 14 insertions(+) diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index 38649f3..0caf0c0 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -17,6 +17,8 @@ dns_cx_add() { txtvalue=$2 if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then + CX_Key="" + CX_Secret="" _err "You don't specify cloudxns.com api key or secret yet." _err "Please create you key and try again." return 1 diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index a06f157..aa06d5f 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -17,6 +17,8 @@ dns_dp_add() { txtvalue=$2 if [ -z "$DP_Id" ] || [ -z "$DP_Key" ]; then + DP_Id="" + DP_Key="" _err "You don't specify dnspod api key and key id yet." _err "Please create you key and try again." return 1 diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index f96af93..9470ed2 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -16,6 +16,8 @@ dns_gd_add() { txtvalue=$2 if [ -z "$GD_Key" ] || [ -z "$GD_Secret" ]; then + GD_Key="" + GD_Secret="" _err "You don't specify godaddy api key and secret yet." _err "Please create you key and try again." return 1 diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 38b6a13..a0f707a 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -22,6 +22,7 @@ dns_lexicon_add() { fi if [ -z "$PROVIDER" ]; then + PROVIDER="" _err "Please define env PROVIDER first: $wiki" return 1 fi diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index f231f7e..edd88d9 100755 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -15,6 +15,8 @@ dns_me_add() { txtvalue=$2 if [ -z "$ME_Key" ] || [ -z "$ME_Secret" ]; then + ME_Key="" + ME_Secret="" _err "You didn't specify DNSMadeEasy api key and secret yet." _err "Please create you key and try again." return 1 diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index ed8c42b..377b3de 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -86,6 +86,8 @@ dns_ovh_add() { txtvalue=$2 if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then + OVH_AK="" + OVH_AS="" _err "You don't specify OVH application key and application secret yet." _err "Please create you key and try again." return 1 diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 0f6c59d..5d6d99f 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -17,18 +17,21 @@ dns_pdns_add() { txtvalue=$2 if [ -z "$PDNS_Url" ]; then + PDNS_Url="" _err "You don't specify PowerDNS address." _err "Please set PDNS_Url and try again." return 1 fi if [ -z "$PDNS_ServerId" ]; then + PDNS_ServerId="" _err "You don't specify PowerDNS server id." _err "Please set you PDNS_ServerId and try again." return 1 fi if [ -z "$PDNS_Token" ]; then + PDNS_Token="" _err "You don't specify PowerDNS token." _err "Please create you PDNS_Token and try again." return 1 From 158a628c0e53173686f127a25c41ca7d30c9490e Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 11:16:40 +0800 Subject: [PATCH 093/100] fix CI --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4c06c2d..7b68dfd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,7 +15,7 @@ script: - curl -sSL $SHFMT_URL -o ~/shfmt - chmod +x ~/shfmt - shellcheck -V - - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" || exit 1 - - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && exit 1) + - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" + - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false) From a0311b0134571d380715e63cd633db1e939bfa56 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 11:35:19 +0800 Subject: [PATCH 094/100] fix for shellcheck warnings --- dnsapi/dns_lexicon.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index a0f707a..7495442 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -31,7 +31,7 @@ dns_lexicon_add() { export PROVIDER Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr '[a-z]' '[A-Z]') - eval Lx_name_v="\$$Lx_name" + Lx_name_v=$(eval "echo "\$$Lx_name"") _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then _saveaccountconf "$Lx_name" "$Lx_name_v" @@ -39,7 +39,7 @@ dns_lexicon_add() { fi Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr '[a-z]' '[A-Z]') - eval Lx_token_v="\$$Lx_token" + Lx_token_v=$(eval "echo "\$$Lx_token"") _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then _saveaccountconf "$Lx_token" "$Lx_token_v" @@ -47,7 +47,7 @@ dns_lexicon_add() { fi Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr '[a-z]' '[A-Z]') - eval Lx_password_v="\$$Lx_password" + Lx_password_v=$(eval "echo "\$$Lx_password"") _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then _saveaccountconf "$Lx_password" "$Lx_password_v" @@ -55,7 +55,7 @@ dns_lexicon_add() { fi Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr '[a-z]' '[A-Z]') - eval Lx_domaintoken_v="\$$Lx_domaintoken" + Lx_domaintoken_v=$(eval "echo "\$$Lx_domaintoken"") _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then export "$Lx_domaintoken" From 3de85700226a2f5fe0c9145259ca7864ae1093a5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 11:40:30 +0800 Subject: [PATCH 095/100] fix shellcheck warnings. --- dnsapi/dns_lexicon.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 7495442..d3bfc94 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -31,34 +31,34 @@ dns_lexicon_add() { export PROVIDER Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr '[a-z]' '[A-Z]') - Lx_name_v=$(eval "echo "\$$Lx_name"") + Lx_name_v=$(eval "echo "\$"$Lx_name""") _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then _saveaccountconf "$Lx_name" "$Lx_name_v" - export "$Lx_name" + eval export "$Lx_name" fi Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr '[a-z]' '[A-Z]') - Lx_token_v=$(eval "echo "\$$Lx_token"") + Lx_token_v=$(eval "echo "\$"$Lx_token""") _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then _saveaccountconf "$Lx_token" "$Lx_token_v" - export "$Lx_token" + eval export "$Lx_token" fi Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr '[a-z]' '[A-Z]') - Lx_password_v=$(eval "echo "\$$Lx_password"") + Lx_password_v=$(eval "echo "\$"$Lx_password""") _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then _saveaccountconf "$Lx_password" "$Lx_password_v" - export "$Lx_password" + eval export "$Lx_password" fi Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr '[a-z]' '[A-Z]') - Lx_domaintoken_v=$(eval "echo "\$$Lx_domaintoken"") + Lx_domaintoken_v=$(eval "echo "\$"$Lx_domaintoken""") _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then - export "$Lx_domaintoken" + eval export "$Lx_domaintoken" _saveaccountconf "$Lx_domaintoken" "$Lx_domaintoken_v" fi From a8c61111978013d594d63cca7e6eadab1e865bad Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 11:45:30 +0800 Subject: [PATCH 096/100] fix shellcheck warnings --- dnsapi/dns_lexicon.sh | 8 ++++---- dnsapi/dns_lua.sh | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index d3bfc94..4ab6564 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -31,7 +31,7 @@ dns_lexicon_add() { export PROVIDER Lx_name=$(echo LEXICON_"${PROVIDER}"_USERNAME | tr '[a-z]' '[A-Z]') - Lx_name_v=$(eval "echo "\$"$Lx_name""") + Lx_name_v=$(eval echo \$"$Lx_name") _debug "$Lx_name" "$Lx_name_v" if [ "$Lx_name_v" ]; then _saveaccountconf "$Lx_name" "$Lx_name_v" @@ -39,7 +39,7 @@ dns_lexicon_add() { fi Lx_token=$(echo LEXICON_"${PROVIDER}"_TOKEN | tr '[a-z]' '[A-Z]') - Lx_token_v=$(eval "echo "\$"$Lx_token""") + Lx_token_v=$(eval echo \$"$Lx_token") _debug "$Lx_token" "$Lx_token_v" if [ "$Lx_token_v" ]; then _saveaccountconf "$Lx_token" "$Lx_token_v" @@ -47,7 +47,7 @@ dns_lexicon_add() { fi Lx_password=$(echo LEXICON_"${PROVIDER}"_PASSWORD | tr '[a-z]' '[A-Z]') - Lx_password_v=$(eval "echo "\$"$Lx_password""") + Lx_password_v=$(eval echo \$"$Lx_password") _debug "$Lx_password" "$Lx_password_v" if [ "$Lx_password_v" ]; then _saveaccountconf "$Lx_password" "$Lx_password_v" @@ -55,7 +55,7 @@ dns_lexicon_add() { fi Lx_domaintoken=$(echo LEXICON_"${PROVIDER}"_DOMAINTOKEN | tr '[a-z]' '[A-Z]') - Lx_domaintoken_v=$(eval "echo "\$"$Lx_domaintoken""") + Lx_domaintoken_v=$(eval echo \$"$Lx_domaintoken") _debug "$Lx_domaintoken" "$Lx_domaintoken_v" if [ "$Lx_domaintoken_v" ]; then eval export "$Lx_domaintoken" diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index e6b4872..2c7ec4b 100755 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -18,6 +18,8 @@ dns_lua_add() { txtvalue=$2 if [ -z "$LUA_Key" ] || [ -z "$LUA_Email" ]; then + LUA_Key="" + LUA_Email="" _err "You don't specify luadns api key and email yet." _err "Please create you key and try again." return 1 From 8f9a1881a4d78c567e53eb84300933b2b18da278 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 18:28:17 +0800 Subject: [PATCH 097/100] v2.6.5, support shellcheck and shfmt --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b4f0138..c2f7663 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.4 +VER=2.6.5 PROJECT_NAME="acme.sh" From 87edf71e9395caac3eef8fbb195fe0994b9de817 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 12 Nov 2016 18:39:26 +0800 Subject: [PATCH 098/100] fast_finish: true --- .travis.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 7b68dfd..62feca3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,4 +18,7 @@ script: - shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" - ~/shfmt -l -w -i 2 . && echo "shfmt OK" || git diff --exit-code || (echo "Run shfmt to fix the formatting issues" && false) - +matrix: + fast_finish: true + + From 07af42476da0baf53b2d34474df1b7f08fa65951 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Nov 2016 21:47:58 +0800 Subject: [PATCH 099/100] change default user agent --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index c2f7663..2ecf122 100755 --- a/acme.sh +++ b/acme.sh @@ -16,7 +16,7 @@ _SUB_FOLDERS="dnsapi deploy" DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" -DEFAULT_USER_AGENT="$PROJECT_ENTRY client v$VER : $PROJECT" +DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)" DEFAULT_ACCOUNT_EMAIL="" DEFAULT_ACCOUNT_KEY_LENGTH=2048 From 20ea85918322a19953fd8e4cff73b4b7d0337e1d Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 14 Nov 2016 17:47:22 +0800 Subject: [PATCH 100/100] fix 'sed -i' permissions on PVE --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 2ecf122..e5dabb3 100755 --- a/acme.sh +++ b/acme.sh @@ -1324,7 +1324,8 @@ _clear_conf() { _c_c_f="$1" _sdkey="$2" if [ "$_c_c_f" ]; then - _sed_i "s/^$_sdkey.*$//" "$_c_c_f" + _conf_data="$(cat "$_c_c_f")" + echo "$_conf_data" | sed "s/^$_sdkey *=.*$//" > "$_c_c_f" else _err "config file is empty, can not clear" fi