Browse Source

Merge remote-tracking branch 'remotes/Neilpang/master'

master
kaklakariada 9 years ago
parent
commit
f77f8d2320
  1. 1
      README.md
  2. 77
      le.sh

1
README.md

@ -15,6 +15,7 @@ Do NOT require to be `root/sudoer`.
2. CentOS 2. CentOS
3. Windows (cygwin with curl, openssl and crontab included) 3. Windows (cygwin with curl, openssl and crontab included)
4. FreeBSD with bash 4. FreeBSD with bash
5. pfsense with bash and curl
#Supported Mode #Supported Mode

77
le.sh

@ -175,7 +175,8 @@ createCSR() {
if [ -z "$domainlist" ] ; then if [ -z "$domainlist" ] ; then
#single domain #single domain
_info "Single domain" $domain _info "Single domain" $domain
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" > "$CSR_PATH"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n" > "$DOMAIN_SSL_CONF"
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -config "$DOMAIN_SSL_CONF" -out "$CSR_PATH"
else else
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
#multi #multi
@ -204,6 +205,18 @@ _time2str() {
} }
_stat() {
#Linux
if stat -c '%U:%G' "$1" 2>/dev/null ; then
return
fi
#BSD
if stat -f '%Su:%Sg' "$1" 2>/dev/null ; then
return
fi
}
_send_signed_request() { _send_signed_request() {
url=$1 url=$1
payload=$2 payload=$2
@ -285,14 +298,14 @@ _setopt() {
__val="$(echo $__val | sed 's/&/\\&/g')" __val="$(echo $__val | sed 's/&/\\&/g')"
fi fi
text="$(cat $__conf)" text="$(cat $__conf)"
printf "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
elif grep -H -n "^#$__opt$__sep" "$__conf" > /dev/null ; then elif grep -H -n "^#$__opt$__sep" "$__conf" > /dev/null ; then
if [[ "$__val" == *"&"* ]] ; then if [[ "$__val" == *"&"* ]] ; then
__val="$(echo $__val | sed 's/&/\\&/g')" __val="$(echo $__val | sed 's/&/\\&/g')"
fi fi
text="$(cat $__conf)" text="$(cat $__conf)"
printf "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
else else
_debug APP _debug APP
@ -376,7 +389,10 @@ _initpath() {
fi fi
domain="$1" domain="$1"
mkdir -p "$LE_WORKING_DIR"
if ! mkdir -p "$LE_WORKING_DIR" ; then
_err "Can not craete working dir: $LE_WORKING_DIR"
return 1
fi
if [ -z "$ACCOUNT_KEY_PATH" ] ; then if [ -z "$ACCOUNT_KEY_PATH" ] ; then
ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key" ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key"
@ -389,12 +405,15 @@ _initpath() {
domainhome="$LE_WORKING_DIR/$domain" domainhome="$LE_WORKING_DIR/$domain"
mkdir -p "$domainhome" mkdir -p "$domainhome"
if [ -z "$DOMAIN_PATH" ] ; then
DOMAIN_PATH="$domainhome"
fi
if [ -z "$DOMAIN_CONF" ] ; then if [ -z "$DOMAIN_CONF" ] ; then
DOMAIN_CONF="$domainhome/$Le_Domain.conf"
DOMAIN_CONF="$domainhome/$domain.conf"
fi fi
if [ -z "$DOMAIN_SSL_CONF" ] ; then if [ -z "$DOMAIN_SSL_CONF" ] ; then
DOMAIN_SSL_CONF="$domainhome/$Le_Domain.ssl.conf"
DOMAIN_SSL_CONF="$domainhome/$domain.ssl.conf"
fi fi
if [ -z "$CSR_PATH" ] ; then if [ -z "$CSR_PATH" ] ; then
@ -812,7 +831,7 @@ issue() {
mkdir -p "$wellknown_path" mkdir -p "$wellknown_path"
echo -n "$keyauthorization" > "$wellknown_path/$token" echo -n "$keyauthorization" > "$wellknown_path/$token"
webroot_owner=$(stat -c '%U:%G' $Le_Webroot)
webroot_owner=$(_stat $Le_Webroot)
_debug "Changing owner/group of .well-known to $webroot_owner" _debug "Changing owner/group of .well-known to $webroot_owner"
chown -R $webroot_owner "$Le_Webroot/.well-known" chown -R $webroot_owner "$Le_Webroot/.well-known"
@ -987,6 +1006,7 @@ renewAll() {
Le_ReloadCmd="" Le_ReloadCmd=""
DOMAIN_PATH=""
DOMAIN_CONF="" DOMAIN_CONF=""
DOMAIN_SSL_CONF="" DOMAIN_SSL_CONF=""
CSR_PATH="" CSR_PATH=""
@ -1050,7 +1070,7 @@ installcert() {
if [ "$Le_ReloadCmd" ] ; then if [ "$Le_ReloadCmd" ] ; then
_info "Run Le_ReloadCmd: $Le_ReloadCmd" _info "Run Le_ReloadCmd: $Le_ReloadCmd"
eval $Le_ReloadCmd
(cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd")
fi fi
} }
@ -1067,7 +1087,12 @@ installcronjob() {
fi fi
crontab -l | { cat; echo "0 0 * * * LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"; } | crontab - crontab -l | { cat; echo "0 0 * * * LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"; } | crontab -
fi fi
return 0
if [ "$?" != "0" ] ; then
_err "Install cron job failed. You need to manually renew your certs."
_err "Or you can add cronjob by yourself:"
_err "LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"
return 1
fi
} }
uninstallcronjob() { uninstallcronjob() {
@ -1128,6 +1153,7 @@ _initconf() {
echo "#Account configurations: echo "#Account configurations:
#Here are the supported macros, uncomment them to make them take effect. #Here are the supported macros, uncomment them to make them take effect.
#ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account. #ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account.
#ACCOUNT_KEY_PATH=\"/path/to/account.key\"
#STAGE=1 # Use the staging api #STAGE=1 # Use the staging api
#FORCE=1 # Force to issue cert #FORCE=1 # Force to issue cert
@ -1137,29 +1163,32 @@ _initconf() {
####################### #######################
#Cloudflare: #Cloudflare:
#api key #api key
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
#CF_Key=\"sdfsdfsdfljlbjkljlkjsdfoiwje\"
#account email #account email
#CF_Email="xxxx@sss.com"
#CF_Email=\"xxxx@sss.com\"
####################### #######################
#Dnspod.cn: #Dnspod.cn:
#api key id #api key id
#DP_Id="1234"
#DP_Id=\"1234\"
#api key #api key
#DP_Key="sADDsdasdgdsf"
#DP_Key=\"sADDsdasdgdsf\"
####################### #######################
#Cloudxns.com: #Cloudxns.com:
#CX_Key="1234"
#CX_Key=\"1234\"
# #
#CX_Secret="sADDsdasdgdsf"
#CX_Secret=\"sADDsdasdgdsf\"
" > $ACCOUNT_CONF_PATH " > $ACCOUNT_CONF_PATH
fi fi
} }
install() { install() {
_initpath
if ! _initpath ; then
_err "Install failed."
return 1
fi
#check if there is sudo installed, AND if the current user is a sudoer. #check if there is sudo installed, AND if the current user is a sudoer.
if command -v sudo > /dev/null ; then if command -v sudo > /dev/null ; then
@ -1199,9 +1228,14 @@ install() {
_info "Installing to $LE_WORKING_DIR" _info "Installing to $LE_WORKING_DIR"
_info "Installed to $LE_WORKING_DIR/le.sh"
cp le.sh $LE_WORKING_DIR/
chmod +x $LE_WORKING_DIR/le.sh
cp le.sh "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/le.sh"
if [ "$?" != "0" ] ; then
_err "Install failed, can not copy le.sh"
return 1
fi
_info "Installed to $LE_WORKING_DIR/le.sh"
_profile="$(_detect_profile)" _profile="$(_detect_profile)"
if [ "$_profile" ] ; then if [ "$_profile" ] ; then
@ -1211,7 +1245,7 @@ install() {
alias le=\"$LE_WORKING_DIR/le.sh\" alias le=\"$LE_WORKING_DIR/le.sh\"
alias le.sh=\"$LE_WORKING_DIR/le.sh\" alias le.sh=\"$LE_WORKING_DIR/le.sh\"
" > "$LE_WORKING_DIR/le.env" " > "$LE_WORKING_DIR/le.env"
echo "" >> "$_profile"
_setopt "$_profile" "source \"$LE_WORKING_DIR/le.env\"" _setopt "$_profile" "source \"$LE_WORKING_DIR/le.env\""
_info "OK, Close and reopen your terminal to start using le" _info "OK, Close and reopen your terminal to start using le"
else else
@ -1240,7 +1274,8 @@ uninstall() {
_profile="$(_detect_profile)" _profile="$(_detect_profile)"
if [ "$_profile" ] ; then if [ "$_profile" ] ; then
sed -i /le.env/d "$_profile"
text="$(cat $_profile)"
echo "$text" | sed "s|^source.*le.env.*$||" > "$_profile"
fi fi
rm -f $LE_WORKING_DIR/le.sh rm -f $LE_WORKING_DIR/le.sh

Loading…
Cancel
Save