diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 4abbb7a..f7d4d1d 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,4 +1,6 @@ Steps to reproduce ------------------ - Debug log ----------------- diff --git a/README.md b/README.md index 2dd178d..f1c7480 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT** **Apache** example: ```bash -acme.sh --installcert -d example.com \ +acme.sh --install-cert -d example.com \ --certpath /path/to/certfile/in/apache/cert.pem \ --keypath /path/to/keyfile/in/apache/key.pem \ --fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \ @@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \ **Nginx** example: ```bash -acme.sh --installcert -d example.com \ +acme.sh --install-cert -d example.com \ --keypath /path/to/keyfile/in/nginx/key.pem \ --fullchainpath /path/to/fullchain/nginx/cert.pem \ --reloadcmd "service nginx force-reload" diff --git a/acme.sh b/acme.sh index cb99b5a..9929dfa 100755 --- a/acme.sh +++ b/acme.sh @@ -61,6 +61,10 @@ LOG_LEVEL_2=2 LOG_LEVEL_3=3 DEFAULT_LOG_LEVEL="$LOG_LEVEL_1" +SYSLOG_INFO="user.info" +SYSLOG_ERROR="user.error" +SYSLOG_DEBUG="user.debug" + _DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh" _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations" @@ -128,18 +132,30 @@ _dlg_versions() { fi } +#class +_syslog() { + if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then + return + fi + _logclass="$1" + shift + logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1 +} + _log() { + _syslog "$@" [ -z "$LOG_FILE" ] && return + shift _printargs "$@" >>"$LOG_FILE" } _info() { - _log "$@" + _log "$SYSLOG_INFO" "$@" _printargs "$@" } _err() { - _log "$@" + _log "$SYSLOG_ERROR" "$@" if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then printf -- "%s" "[$(date)] " >&2 fi @@ -159,7 +175,7 @@ _usage() { _debug() { if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then - _log "$@" + _log "$SYSLOG_DEBUG" "$@" fi if [ -z "$DEBUG" ]; then return @@ -169,19 +185,19 @@ _debug() { _debug2() { if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then - _log "$@" + _log "$SYSLOG_DEBUG" "$@" fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then - _debug "$@" + _printargs "$@" >&2 fi } _debug3() { if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then - _log "$@" + _log "$SYSLOG_DEBUG" "$@" fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then - _debug "$@" + _printargs "$@" >&2 fi } @@ -364,8 +380,16 @@ _ascii_hex() { #input:"abc" #output: " 61 62 63" _hex_dump() { - #in wired some system, the od command is missing. - if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then + if _exists od; then + od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n" + elif _exists hexdump; then + _debug3 "using hexdump" + hexdump -v -e '/1 ""' -e '/1 " %02x" ""' + elif _exists xxd; then + _debug3 "using xxd" + xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " " + else + _debug3 "using _ascii_hex" str=$(cat) _ascii_hex "$str" fi @@ -896,7 +920,11 @@ _createcsr() { _csr_cn="$(_idn "$domain")" _debug2 _csr_cn "$_csr_cn" - $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" + if _contains "$(uname -a)" "MINGW"; then + $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr" + else + $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" + fi } #_signcsr key csr conf cert @@ -4234,7 +4262,7 @@ Commands: --version, -v Show version info. --install Install $PROJECT_NAME to your system. --uninstall Uninstall $PROJECT_NAME, and uninstall the cron job. - --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT . + --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --issue Issue a cert. --signcsr Issue a cert from an existing csr. --deploy Deploy the cert to your server. @@ -4251,8 +4279,8 @@ Commands: --toPkcs Export the certificate and key to a pfx file. --update-account Update account info. --register-account Register account key. - --createAccountKey, -cak Create an account private key, professional use. - --createDomainKey, -cdk Create an domain private key, professional use. + --create-account-key Create an account private key, professional use. + --create-domain-key Create an domain private key, professional use. --createCSR, -ccsr Create CSR , professional use. --deactivate Deactivate the domain authz, professional use. @@ -4274,6 +4302,7 @@ Parameters: --accountkeylength, -ak [2048] Specifies the account key length. --log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here. --log-level 1|2 Specifies the log level, default is 1. + --syslog [1|0] Enable/Disable syslog. These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert: @@ -4432,6 +4461,7 @@ _process() { _listen_v4="" _listen_v6="" _openssl_bin="" + _syslog="" while [ ${#} -gt 0 ]; do case "${1}" in @@ -4494,10 +4524,10 @@ _process() { --toPkcs) _CMD="toPkcs" ;; - --createAccountKey | --createaccountkey | -cak) + --createAccountKey | --createaccountkey | -cak | --create-account-key) _CMD="createAccountKey" ;; - --createDomainKey | --createdomainkey | -cdk) + --createDomainKey | --createdomainkey | -cdk | --create-domain-key) _CMD="createDomainKey" ;; --createCSR | --createcsr | -ccr) @@ -4762,6 +4792,15 @@ _process() { LOG_LEVEL="$_log_level" shift ;; + --syslog) + if ! _startswith "$2" '-'; then + _syslog="$2" + shift + fi + if [ -z "$_syslog" ]; then + _syslog="1" + fi + ;; --auto-upgrade) _auto_upgrade="$2" if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then @@ -4809,6 +4848,21 @@ _process() { LOG_LEVEL="$_log_level" fi + if [ "$_syslog" ]; then + if _exists logger; then + if [ "$_syslog" = "0" ]; then + _clearaccountconf "SYS_LOG" + else + _saveaccountconf "SYS_LOG" "$_syslog" + fi + SYS_LOG="$_syslog" + else + _err "The 'logger' command is not found, can not enable syslog." + _clearaccountconf "SYS_LOG" + SYS_LOG="" + fi + fi + _processAccountConf fi @@ -4901,6 +4955,21 @@ _process() { if [ "$_log_level" ]; then _saveaccountconf "LOG_LEVEL" "$_log_level" fi + + if [ "$_syslog" ]; then + if _exists logger; then + if [ "$_syslog" = "0" ]; then + _clearaccountconf "SYS_LOG" + else + _saveaccountconf "SYS_LOG" "$_syslog" + fi + else + _err "The 'logger' command is not found, can not enable syslog." + _clearaccountconf "SYS_LOG" + SYS_LOG="" + fi + fi + _processAccountConf fi diff --git a/deploy/README.md b/deploy/README.md index 2e490a1..15b7ae1 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -1,6 +1,28 @@ -#Using deploy api +# Using deploy api -#Using the ssh deploy plugin +Here are the scripts to deploy the certs/key to the server/services. + +## 1. Deploy the certs to your cpanel host. + +(cpanel deploy hook is not finished yet, this is just an example.) + +Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). + +Then you can deploy now: + +```sh +export DEPLOY_CPANEL_USER=myusername +export DEPLOY_CPANEL_PASSWORD=PASSWORD +acme.sh --deploy -d example.com --deploy --deploy-hook cpanel +``` + +## 2. Deploy ssl cert on kong proxy engine based on api. + +Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). + +(TODO) + +## 3. Deploy the cert to remote server through SSH access. The ssh deploy plugin allows you to deploy certificates to a remote host using SSH command to connect to the remote server. The ssh plugin is invoked diff --git a/deploy/cpanel.sh b/deploy/cpanel.sh new file mode 100644 index 0000000..bf1332f --- /dev/null +++ b/deploy/cpanel.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env sh + +#Here is the script to deploy the cert to your cpanel account by the cpanel APIs. + +#returns 0 means success, otherwise error. + +#export DEPLOY_CPANEL_USER=myusername +#export DEPLOY_CPANEL_PASSWORD=PASSWORD + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +cpanel_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _err "Not implemented yet" + return 1 + +} diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 555bd70..29d7a2c 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -93,7 +93,7 @@ _get_root() { fi if _contains "$response" "$h."; then - hostedzone="$(echo "$response" | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")" + hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")" _debug hostedzone "$hostedzone" if [ -z "$hostedzone" ]; then _err "Error, can not get hostedzone."