|
@ -175,7 +175,8 @@ createCSR() { |
|
|
if [ -z "$domainlist" ] ; then |
|
|
if [ -z "$domainlist" ] ; then |
|
|
#single domain |
|
|
#single domain |
|
|
_info "Single domain" $domain |
|
|
_info "Single domain" $domain |
|
|
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" > "$CSR_PATH" |
|
|
|
|
|
|
|
|
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n" > "$DOMAIN_SSL_CONF" |
|
|
|
|
|
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -config "$DOMAIN_SSL_CONF" -out "$CSR_PATH" |
|
|
else |
|
|
else |
|
|
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" |
|
|
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" |
|
|
#multi |
|
|
#multi |
|
@ -204,6 +205,18 @@ _time2str() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
_stat() { |
|
|
|
|
|
#Linux |
|
|
|
|
|
if stat -c '%U:%G' "$1" 2>/dev/null ; then |
|
|
|
|
|
return |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
#BSD |
|
|
|
|
|
if stat -f '%Su:%Sg' "$1" 2>/dev/null ; then |
|
|
|
|
|
return |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
_send_signed_request() { |
|
|
_send_signed_request() { |
|
|
url=$1 |
|
|
url=$1 |
|
|
payload=$2 |
|
|
payload=$2 |
|
@ -285,14 +298,14 @@ _setopt() { |
|
|
__val="$(echo $__val | sed 's/&/\\&/g')" |
|
|
__val="$(echo $__val | sed 's/&/\\&/g')" |
|
|
fi |
|
|
fi |
|
|
text="$(cat $__conf)" |
|
|
text="$(cat $__conf)" |
|
|
printf "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" |
|
|
|
|
|
|
|
|
echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" |
|
|
|
|
|
|
|
|
elif grep -H -n "^#$__opt$__sep" "$__conf" > /dev/null ; then |
|
|
elif grep -H -n "^#$__opt$__sep" "$__conf" > /dev/null ; then |
|
|
if [[ "$__val" == *"&"* ]] ; then |
|
|
if [[ "$__val" == *"&"* ]] ; then |
|
|
__val="$(echo $__val | sed 's/&/\\&/g')" |
|
|
__val="$(echo $__val | sed 's/&/\\&/g')" |
|
|
fi |
|
|
fi |
|
|
text="$(cat $__conf)" |
|
|
text="$(cat $__conf)" |
|
|
printf "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" |
|
|
|
|
|
|
|
|
echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf" |
|
|
|
|
|
|
|
|
else |
|
|
else |
|
|
_debug APP |
|
|
_debug APP |
|
@ -376,7 +389,10 @@ _initpath() { |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
domain="$1" |
|
|
domain="$1" |
|
|
mkdir -p "$LE_WORKING_DIR" |
|
|
|
|
|
|
|
|
if ! mkdir -p "$LE_WORKING_DIR" ; then |
|
|
|
|
|
_err "Can not craete working dir: $LE_WORKING_DIR" |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
if [ -z "$ACCOUNT_KEY_PATH" ] ; then |
|
|
if [ -z "$ACCOUNT_KEY_PATH" ] ; then |
|
|
ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key" |
|
|
ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key" |
|
@ -389,12 +405,15 @@ _initpath() { |
|
|
domainhome="$LE_WORKING_DIR/$domain" |
|
|
domainhome="$LE_WORKING_DIR/$domain" |
|
|
mkdir -p "$domainhome" |
|
|
mkdir -p "$domainhome" |
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$DOMAIN_PATH" ] ; then |
|
|
|
|
|
DOMAIN_PATH="$domainhome" |
|
|
|
|
|
fi |
|
|
if [ -z "$DOMAIN_CONF" ] ; then |
|
|
if [ -z "$DOMAIN_CONF" ] ; then |
|
|
DOMAIN_CONF="$domainhome/$Le_Domain.conf" |
|
|
|
|
|
|
|
|
DOMAIN_CONF="$domainhome/$domain.conf" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ -z "$DOMAIN_SSL_CONF" ] ; then |
|
|
if [ -z "$DOMAIN_SSL_CONF" ] ; then |
|
|
DOMAIN_SSL_CONF="$domainhome/$Le_Domain.ssl.conf" |
|
|
|
|
|
|
|
|
DOMAIN_SSL_CONF="$domainhome/$domain.ssl.conf" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ -z "$CSR_PATH" ] ; then |
|
|
if [ -z "$CSR_PATH" ] ; then |
|
@ -812,7 +831,7 @@ issue() { |
|
|
mkdir -p "$wellknown_path" |
|
|
mkdir -p "$wellknown_path" |
|
|
echo -n "$keyauthorization" > "$wellknown_path/$token" |
|
|
echo -n "$keyauthorization" > "$wellknown_path/$token" |
|
|
|
|
|
|
|
|
webroot_owner=$(stat -c '%U:%G' $Le_Webroot) |
|
|
|
|
|
|
|
|
webroot_owner=$(_stat $Le_Webroot) |
|
|
_debug "Changing owner/group of .well-known to $webroot_owner" |
|
|
_debug "Changing owner/group of .well-known to $webroot_owner" |
|
|
chown -R $webroot_owner "$Le_Webroot/.well-known" |
|
|
chown -R $webroot_owner "$Le_Webroot/.well-known" |
|
|
|
|
|
|
|
@ -987,6 +1006,7 @@ renewAll() { |
|
|
|
|
|
|
|
|
Le_ReloadCmd="" |
|
|
Le_ReloadCmd="" |
|
|
|
|
|
|
|
|
|
|
|
DOMAIN_PATH="" |
|
|
DOMAIN_CONF="" |
|
|
DOMAIN_CONF="" |
|
|
DOMAIN_SSL_CONF="" |
|
|
DOMAIN_SSL_CONF="" |
|
|
CSR_PATH="" |
|
|
CSR_PATH="" |
|
@ -1050,7 +1070,7 @@ installcert() { |
|
|
|
|
|
|
|
|
if [ "$Le_ReloadCmd" ] ; then |
|
|
if [ "$Le_ReloadCmd" ] ; then |
|
|
_info "Run Le_ReloadCmd: $Le_ReloadCmd" |
|
|
_info "Run Le_ReloadCmd: $Le_ReloadCmd" |
|
|
eval $Le_ReloadCmd |
|
|
|
|
|
|
|
|
(cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd") |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
@ -1067,7 +1087,12 @@ installcronjob() { |
|
|
fi |
|
|
fi |
|
|
crontab -l | { cat; echo "0 0 * * * LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"; } | crontab - |
|
|
crontab -l | { cat; echo "0 0 * * * LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"; } | crontab - |
|
|
fi |
|
|
fi |
|
|
return 0 |
|
|
|
|
|
|
|
|
if [ "$?" != "0" ] ; then |
|
|
|
|
|
_err "Install cron job failed. You need to manually renew your certs." |
|
|
|
|
|
_err "Or you can add cronjob by yourself:" |
|
|
|
|
|
_err "LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null" |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
uninstallcronjob() { |
|
|
uninstallcronjob() { |
|
@ -1128,6 +1153,7 @@ _initconf() { |
|
|
echo "#Account configurations: |
|
|
echo "#Account configurations: |
|
|
#Here are the supported macros, uncomment them to make them take effect. |
|
|
#Here are the supported macros, uncomment them to make them take effect. |
|
|
#ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account. |
|
|
#ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account. |
|
|
|
|
|
#ACCOUNT_KEY_PATH=\"/path/to/account.key\" |
|
|
|
|
|
|
|
|
#STAGE=1 # Use the staging api |
|
|
#STAGE=1 # Use the staging api |
|
|
#FORCE=1 # Force to issue cert |
|
|
#FORCE=1 # Force to issue cert |
|
@ -1137,29 +1163,32 @@ _initconf() { |
|
|
####################### |
|
|
####################### |
|
|
#Cloudflare: |
|
|
#Cloudflare: |
|
|
#api key |
|
|
#api key |
|
|
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|
|
|
|
|
|
|
|
#CF_Key=\"sdfsdfsdfljlbjkljlkjsdfoiwje\" |
|
|
#account email |
|
|
#account email |
|
|
#CF_Email="xxxx@sss.com" |
|
|
|
|
|
|
|
|
#CF_Email=\"xxxx@sss.com\" |
|
|
|
|
|
|
|
|
####################### |
|
|
####################### |
|
|
#Dnspod.cn: |
|
|
#Dnspod.cn: |
|
|
#api key id |
|
|
#api key id |
|
|
#DP_Id="1234" |
|
|
|
|
|
|
|
|
#DP_Id=\"1234\" |
|
|
#api key |
|
|
#api key |
|
|
#DP_Key="sADDsdasdgdsf" |
|
|
|
|
|
|
|
|
#DP_Key=\"sADDsdasdgdsf\" |
|
|
|
|
|
|
|
|
####################### |
|
|
####################### |
|
|
#Cloudxns.com: |
|
|
#Cloudxns.com: |
|
|
#CX_Key="1234" |
|
|
|
|
|
|
|
|
#CX_Key=\"1234\" |
|
|
# |
|
|
# |
|
|
#CX_Secret="sADDsdasdgdsf" |
|
|
|
|
|
|
|
|
#CX_Secret=\"sADDsdasdgdsf\" |
|
|
|
|
|
|
|
|
" > $ACCOUNT_CONF_PATH |
|
|
" > $ACCOUNT_CONF_PATH |
|
|
fi |
|
|
fi |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
install() { |
|
|
install() { |
|
|
_initpath |
|
|
|
|
|
|
|
|
if ! _initpath ; then |
|
|
|
|
|
_err "Install failed." |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
#check if there is sudo installed, AND if the current user is a sudoer. |
|
|
#check if there is sudo installed, AND if the current user is a sudoer. |
|
|
if command -v sudo > /dev/null ; then |
|
|
if command -v sudo > /dev/null ; then |
|
@ -1199,9 +1228,14 @@ install() { |
|
|
|
|
|
|
|
|
_info "Installing to $LE_WORKING_DIR" |
|
|
_info "Installing to $LE_WORKING_DIR" |
|
|
|
|
|
|
|
|
_info "Installed to $LE_WORKING_DIR/le.sh" |
|
|
|
|
|
cp le.sh $LE_WORKING_DIR/ |
|
|
|
|
|
chmod +x $LE_WORKING_DIR/le.sh |
|
|
|
|
|
|
|
|
cp le.sh "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/le.sh" |
|
|
|
|
|
|
|
|
|
|
|
if [ "$?" != "0" ] ; then |
|
|
|
|
|
_err "Install failed, can not copy le.sh" |
|
|
|
|
|
return 1 |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
_info "Installed to $LE_WORKING_DIR/le.sh" |
|
|
|
|
|
|
|
|
_profile="$(_detect_profile)" |
|
|
_profile="$(_detect_profile)" |
|
|
if [ "$_profile" ] ; then |
|
|
if [ "$_profile" ] ; then |
|
@ -1211,7 +1245,7 @@ install() { |
|
|
alias le=\"$LE_WORKING_DIR/le.sh\" |
|
|
alias le=\"$LE_WORKING_DIR/le.sh\" |
|
|
alias le.sh=\"$LE_WORKING_DIR/le.sh\" |
|
|
alias le.sh=\"$LE_WORKING_DIR/le.sh\" |
|
|
" > "$LE_WORKING_DIR/le.env" |
|
|
" > "$LE_WORKING_DIR/le.env" |
|
|
|
|
|
|
|
|
|
|
|
echo "" >> "$_profile" |
|
|
_setopt "$_profile" "source \"$LE_WORKING_DIR/le.env\"" |
|
|
_setopt "$_profile" "source \"$LE_WORKING_DIR/le.env\"" |
|
|
_info "OK, Close and reopen your terminal to start using le" |
|
|
_info "OK, Close and reopen your terminal to start using le" |
|
|
else |
|
|
else |
|
@ -1240,7 +1274,8 @@ uninstall() { |
|
|
|
|
|
|
|
|
_profile="$(_detect_profile)" |
|
|
_profile="$(_detect_profile)" |
|
|
if [ "$_profile" ] ; then |
|
|
if [ "$_profile" ] ; then |
|
|
sed -i /le.env/d "$_profile" |
|
|
|
|
|
|
|
|
text="$(cat $_profile)" |
|
|
|
|
|
echo "$text" | sed "s|^source.*le.env.*$||" > "$_profile" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
rm -f $LE_WORKING_DIR/le.sh |
|
|
rm -f $LE_WORKING_DIR/le.sh |
|
|