mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-25 14:41:40 +00:00
commit
0d4a2dfcf7
34
le.sh
34
le.sh
@ -34,6 +34,14 @@ _info() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_err() {
|
||||||
|
if [ -z "$2" ] ; then
|
||||||
|
echo "$1" >&2
|
||||||
|
else
|
||||||
|
echo "$1:$2" >&2
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#domain [2048]
|
#domain [2048]
|
||||||
createAccountKey() {
|
createAccountKey() {
|
||||||
if [ -z "$1" ] ; then
|
if [ -z "$1" ] ; then
|
||||||
@ -130,6 +138,7 @@ _b64() {
|
|||||||
_send_signed_request() {
|
_send_signed_request() {
|
||||||
url=$1
|
url=$1
|
||||||
payload=$2
|
payload=$2
|
||||||
|
needbase64=$3
|
||||||
|
|
||||||
_debug url $url
|
_debug url $url
|
||||||
_debug payload "$payload"
|
_debug payload "$payload"
|
||||||
@ -160,9 +169,13 @@ _send_signed_request() {
|
|||||||
body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
|
body="{\"header\": $HEADER, \"protected\": \"$protected64\", \"payload\": \"$payload64\", \"signature\": \"$sig\"}"
|
||||||
_debug body "$body"
|
_debug body "$body"
|
||||||
|
|
||||||
|
if [ "$needbase64" ] ; then
|
||||||
|
response="$($CURL -X POST --data "$body" $url | base64)"
|
||||||
|
else
|
||||||
response="$($CURL -X POST --data "$body" $url)"
|
response="$($CURL -X POST --data "$body" $url)"
|
||||||
|
fi
|
||||||
|
|
||||||
responseHeaders="$(cat $CURL_HEADER)"
|
responseHeaders="$(sed 's/\r//g' $CURL_HEADER)"
|
||||||
|
|
||||||
_debug responseHeaders "$responseHeaders"
|
_debug responseHeaders "$responseHeaders"
|
||||||
_debug response "$response"
|
_debug response "$response"
|
||||||
@ -247,7 +260,7 @@ issue() {
|
|||||||
DOMAIN_CONF=$WORKING_DIR/$Le_Domain/$Le_Domain.conf
|
DOMAIN_CONF=$WORKING_DIR/$Le_Domain/$Le_Domain.conf
|
||||||
if [ -f "$DOMAIN_CONF" ] ; then
|
if [ -f "$DOMAIN_CONF" ] ; then
|
||||||
source "$DOMAIN_CONF"
|
source "$DOMAIN_CONF"
|
||||||
if [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then
|
if [ -z "$FORCE" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then
|
||||||
_info "Skip, Next renwal time is: $Le_NextRenewTimeStr"
|
_info "Skip, Next renwal time is: $Le_NextRenewTimeStr"
|
||||||
return 2
|
return 2
|
||||||
fi
|
fi
|
||||||
@ -299,7 +312,7 @@ issue() {
|
|||||||
elif [ "$code" == '409' ] ; then
|
elif [ "$code" == '409' ] ; then
|
||||||
_info "Already registered"
|
_info "Already registered"
|
||||||
else
|
else
|
||||||
_info "Register account Error."
|
_err "Register account Error."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -314,7 +327,7 @@ issue() {
|
|||||||
_send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}"
|
_send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}"
|
||||||
|
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
|
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
|
||||||
_info "new-authz error: $d"
|
_err "new-authz error: $response"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -344,7 +357,7 @@ issue() {
|
|||||||
_send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"
|
_send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"
|
||||||
|
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
||||||
_info "challenge error: $d"
|
_err "challenge error: $d"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -354,7 +367,7 @@ issue() {
|
|||||||
_debug "checking"
|
_debug "checking"
|
||||||
|
|
||||||
if ! _get $uri ; then
|
if ! _get $uri ; then
|
||||||
_info "Verify error:$d"
|
_err "Verify error:$resource"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -366,15 +379,14 @@ issue() {
|
|||||||
|
|
||||||
if [ "$status" == "invalid" ] ; then
|
if [ "$status" == "invalid" ] ; then
|
||||||
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
||||||
_info "Verify error:$d"
|
_err "Verify error:$error"
|
||||||
_debug $error
|
|
||||||
return 1;
|
return 1;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$status" == "pending" ] ; then
|
if [ "$status" == "pending" ] ; then
|
||||||
_info "Verify pending:$d"
|
_info "Verify pending:$d"
|
||||||
else
|
else
|
||||||
_info "Verify error:$d"
|
_err "Verify error:$response"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -383,7 +395,7 @@ issue() {
|
|||||||
|
|
||||||
_info "Verify finished, start to sign."
|
_info "Verify finished, start to sign."
|
||||||
der="$(openssl req -in $CSR_PATH -outform DER | base64 | _b64)"
|
der="$(openssl req -in $CSR_PATH -outform DER | base64 | _b64)"
|
||||||
_send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}"
|
_send_signed_request "$API/acme/new-cert" "{\"resource\": \"new-cert\", \"csr\": \"$der\"}" "needbase64"
|
||||||
|
|
||||||
|
|
||||||
Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
|
Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
|
||||||
@ -405,6 +417,7 @@ issue() {
|
|||||||
_setopt $DOMAIN_CONF "Le_Keylength" "=" "$Le_Keylength"
|
_setopt $DOMAIN_CONF "Le_Keylength" "=" "$Le_Keylength"
|
||||||
|
|
||||||
if [ -z "$Le_LinkCert" ] ; then
|
if [ -z "$Le_LinkCert" ] ; then
|
||||||
|
response="$(echo $response | sed 's/ //g'| base64 -d)"
|
||||||
_info "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
|
_info "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -413,7 +426,6 @@ issue() {
|
|||||||
_setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer"
|
_setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer"
|
||||||
|
|
||||||
if [ "$Le_LinkIssuer" ] ; then
|
if [ "$Le_LinkIssuer" ] ; then
|
||||||
_get "$Le_LinkIssuer"
|
|
||||||
echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH
|
echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH
|
||||||
curl --silent $Le_LinkIssuer | base64 >> $CA_CERT_PATH
|
curl --silent $Le_LinkIssuer | base64 >> $CA_CERT_PATH
|
||||||
echo -----END CERTIFICATE----- >> $CA_CERT_PATH
|
echo -----END CERTIFICATE----- >> $CA_CERT_PATH
|
||||||
|
Loading…
Reference in New Issue
Block a user