From 88bb7b780d445d1874611aa841b51bdb153f1bfb Mon Sep 17 00:00:00 2001 From: fritteli Date: Tue, 29 Aug 2017 22:35:11 +0200 Subject: [PATCH 01/18] Typos --- dnsapi/dns_he.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_he.sh b/dnsapi/dns_he.sh index 7d86eb7a..4d1973ad 100755 --- a/dnsapi/dns_he.sh +++ b/dnsapi/dns_he.sh @@ -47,7 +47,7 @@ dns_he_add() { response="$(_post "$body" "https://dns.he.net/")" exit_code="$?" if [ "$exit_code" -eq 0 ]; then - _info "TXT record added successfuly." + _info "TXT record added successfully." else _err "Couldn't add the TXT record." fi @@ -96,7 +96,7 @@ dns_he_rm() { >/dev/null exit_code="$?" if [ "$exit_code" -eq 0 ]; then - _info "Record removed successfuly." + _info "Record removed successfully." else _err "Could not clean (remove) up the record. Please go to HE administration interface and clean it by hand." return "$exit_code" From 3794b5cb5846cc9713979027d68fc930211ec86e Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 1 Sep 2017 23:01:37 +0800 Subject: [PATCH 02/18] fix changes for :https://community.letsencrypt.org/t/acme-sh-standalone-fails-multiple-validation-requests-staging-multi-va/41249/8 use socat instead of nc. --- acme.sh | 79 +++++++++++++-------------------------------------------- 1 file changed, 17 insertions(+), 62 deletions(-) diff --git a/acme.sh b/acme.sh index cd2f981c..c7f8eddd 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.7.3 +VER=2.7.4 PROJECT_NAME="acme.sh" @@ -164,11 +164,11 @@ _dlg_versions() { echo "nginx doesn't exists." fi - echo "nc:" - if _exists "nc"; then - nc -h 2>&1 + echo "socat:" + if _exists "socat"; then + socat -h 2>&1 else - _debug "nc doesn't exists." + _debug "socat doesn't exists." fi } @@ -1967,68 +1967,22 @@ _startserver() { _debug "ncaddr" "$ncaddr" _debug "startserver: $$" - nchelp="$(nc -h 2>&1)" _debug Le_HTTPPort "$Le_HTTPPort" _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" - _NC="nc" + _NC="socat" if [ "$Le_Listen_V4" ]; then _NC="$_NC -4" elif [ "$Le_Listen_V6" ]; then _NC="$_NC -6" fi - if [ "$Le_Listen_V4$Le_Listen_V6$ncaddr" ]; then - if ! _contains "$nchelp" "-4"; then - _err "The nc doesn't support '-4', '-6' or local-address, please install 'netcat-openbsd' and try again." - _err "See $(__green $_PREPARE_LINK)" - return 1 - fi - fi - - if echo "$nchelp" | grep "\-q[ ,]" >/dev/null; then - _NC="$_NC -q 1 -l $ncaddr" - else - if echo "$nchelp" | grep "GNU netcat" >/dev/null && echo "$nchelp" | grep "\-c, \-\-close" >/dev/null; then - _NC="$_NC -c -l $ncaddr" - elif echo "$nchelp" | grep "\-N" | grep "Shutdown the network socket after EOF on stdin" >/dev/null; then - _NC="$_NC -N -l $ncaddr" - else - _NC="$_NC -l $ncaddr" - fi - fi - _debug "_NC" "$_NC" - - #for centos ncat - if _contains "$nchelp" "nmap.org"; then - _debug "Using ncat: nmap.org" - if ! _exec "printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \"$content\" | $_NC \"$Le_HTTPPort\" >&2"; then - _exec_err - return 1 - fi - if [ "$DEBUG" ]; then - _exec_err - fi - return - fi - - # while true ; do - if ! _exec "printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \"$content\" | $_NC -p \"$Le_HTTPPort\" >&2"; then - _exec "printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \"$content\" | $_NC \"$Le_HTTPPort\" >&2" - fi - - if [ "$?" != "0" ]; then - _err "nc listen error." - _exec_err - exit 1 - fi - if [ "$DEBUG" ]; then - _exec_err - fi - # done + #todo listen address + socat TCP-LISTEN:$Le_HTTPPort,crlf,reuseaddr,fork SYSTEM:"echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & + serverproc="$!" } _stopserver() { @@ -2038,6 +1992,8 @@ _stopserver() { return fi + kill $pid + _debug2 "Le_HTTPPort" "$Le_HTTPPort" if [ "$Le_HTTPPort" ]; then if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then @@ -2943,8 +2899,8 @@ _on_before_issue() { fi if _hasfield "$_chk_web_roots" "$NO_VALUE"; then - if ! _exists "nc"; then - _err "Please install netcat(nc) tools first." + if ! _exists "socat"; then + _err "Please install socat tools first." return 1 fi fi @@ -3665,13 +3621,12 @@ issue() { _info "Standalone mode server" _ncaddr="$(_getfield "$_local_addr" "$_ncIndex")" _ncIndex="$(_math $_ncIndex + 1)" - _startserver "$keyauthorization" "$_ncaddr" & + _startserver "$keyauthorization" "$_ncaddr" if [ "$?" != "0" ]; then _clearup _on_issue_err "$_post_hook" "$vlist" return 1 fi - serverproc="$!" sleep 1 _debug serverproc "$serverproc" elif [ "$_currentRoot" = "$MODE_STATELESS" ]; then @@ -4788,9 +4743,9 @@ _precheck() { return 1 fi - if ! _exists "nc"; then - _err "It is recommended to install nc first, try to install 'nc' or 'netcat'." - _err "We use nc for standalone server if you use standalone mode." + if ! _exists "socat"; then + _err "It is recommended to install socat first." + _err "We use socat for standalone server if you use standalone mode." _err "If you don't use standalone mode, just ignore this warning." fi From 443a5ca0c2d0af8e11f720f3acbb04ee628a001b Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 1 Sep 2017 23:44:52 +0800 Subject: [PATCH 03/18] socat tls mode --- acme.sh | 33 +++------------------------------ 1 file changed, 3 insertions(+), 30 deletions(-) diff --git a/acme.sh b/acme.sh index c7f8eddd..84ae7e93 100755 --- a/acme.sh +++ b/acme.sh @@ -1994,25 +1994,6 @@ _stopserver() { kill $pid - _debug2 "Le_HTTPPort" "$Le_HTTPPort" - if [ "$Le_HTTPPort" ]; then - if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then - _get "http://localhost:$Le_HTTPPort" "" 1 - else - _get "http://localhost:$Le_HTTPPort" "" 1 >/dev/null 2>&1 - fi - fi - - _debug2 "Le_TLSPort" "$Le_TLSPort" - if [ "$Le_TLSPort" ]; then - if [ "$DEBUG" ] && [ "$DEBUG" -gt "3" ]; then - _get "https://localhost:$Le_TLSPort" "" 1 - _get "https://localhost:$Le_TLSPort" "" 1 - else - _get "https://localhost:$Le_TLSPort" "" 1 >/dev/null 2>&1 - _get "https://localhost:$Le_TLSPort" "" 1 >/dev/null 2>&1 - fi - fi } # sleep sec @@ -2067,12 +2048,7 @@ _starttlsserver() { return 1 fi - __S_OPENSSL="${ACME_OPENSSL_BIN:-openssl} s_server -cert $TLS_CERT -key $TLS_KEY " - if [ "$opaddr" ]; then - __S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" - else - __S_OPENSSL="$__S_OPENSSL -accept $port" - fi + __S_OPENSSL="socat" _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" @@ -2083,12 +2059,9 @@ _starttlsserver() { fi _debug "$__S_OPENSSL" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then - (printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $__S_OPENSSL -tlsextdebug) & - else - (printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" "$content" | $__S_OPENSSL >/dev/null 2>&1) & - fi + #todo listen address + $__S_OPENSSL openssl-listen:$port,cert=$TLS_CERT,key=$TLS_KEY,verify=0,reuseaddr,fork SYSTEM:"echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & serverproc="$!" sleep 1 _debug serverproc "$serverproc" From 7b8ddfdd96d5edd6992335a1f289b845ab9403d2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 2 Sep 2017 08:59:30 +0800 Subject: [PATCH 04/18] use socat --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index 2ba02b9c..1378e947 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,6 +20,7 @@ install: - if [ "$TRAVIS_OS_NAME" = 'osx' ]; then brew update && brew install openssl; brew info openssl; + brew info socat; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/openssl; @@ -30,6 +31,7 @@ install: openssl version 2>&1 || true; $ACME_OPENSSL_BIN version 2>&1 || true; export PATH="$_old_path"; + else sudo apt-get install socat; fi script: From cc6610edc2fe1c4d19aed233ac5449b2124de4ea Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 2 Sep 2017 17:32:40 +0800 Subject: [PATCH 05/18] add socat --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1378e947..b45cc464 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,9 +18,8 @@ addons: install: - if [ "$TRAVIS_OS_NAME" = 'osx' ]; then - brew update && brew install openssl; + brew update && brew install openssl socat; brew info openssl; - brew info socat; ln -s /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/opt/openssl/lib/libssl.1.0.0.dylib /usr/local/lib/; ln -s /usr/local/Cellar/openssl/1.0.2j/bin/openssl /usr/local/openssl; From f9cdfd3e5baf89eb84f04a5a912223e2c57c01bb Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 2 Sep 2017 18:58:07 +0800 Subject: [PATCH 06/18] fix for behind proxy --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 84ae7e93..07617c40 100755 --- a/acme.sh +++ b/acme.sh @@ -1981,7 +1981,7 @@ _startserver() { _debug "_NC" "$_NC" #todo listen address - socat TCP-LISTEN:$Le_HTTPPort,crlf,reuseaddr,fork SYSTEM:"echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & + socat TCP-LISTEN:$Le_HTTPPort,crlf,reuseaddr,fork SYSTEM:"sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & serverproc="$!" } @@ -2061,7 +2061,7 @@ _starttlsserver() { _debug "$__S_OPENSSL" #todo listen address - $__S_OPENSSL openssl-listen:$port,cert=$TLS_CERT,key=$TLS_KEY,verify=0,reuseaddr,fork SYSTEM:"echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & + $__S_OPENSSL openssl-listen:$port,cert=$TLS_CERT,key=$TLS_KEY,verify=0,reuseaddr,fork SYSTEM:"sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & serverproc="$!" sleep 1 _debug serverproc "$serverproc" From 6104680caa1c1542b5c2291b8392f5b67b061717 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 2 Sep 2017 20:46:04 +0800 Subject: [PATCH 07/18] fix https://github.com/Neilpang/acme.sh/issues/999 --- acme.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 07617c40..45287eef 100755 --- a/acme.sh +++ b/acme.sh @@ -3934,7 +3934,10 @@ issue() { Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" - _on_issue_success "$_post_hook" "$_renew_hook" + if ! _on_issue_success "$_post_hook" "$_renew_hook"; then + _err "Call hook error." + return 1 + fi if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then _savedomainconf "Le_RealCertPath" "$_real_cert" From 4356eefbb10d519cdbd6d44a52b757e3df348075 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 3 Sep 2017 08:42:44 +0800 Subject: [PATCH 08/18] fix https://github.com/Neilpang/acme.sh/issues/1005#event-1232471561 --- acme.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 45287eef..f6447f73 100755 --- a/acme.sh +++ b/acme.sh @@ -4821,9 +4821,11 @@ install() { _debug "Skip install cron job" fi - if ! _precheck "$_nocron"; then - _err "Pre-check failed, can not install." - return 1 + if [ "$IN_CRON" != "1" ]; then + if ! _precheck "$_nocron"; then + _err "Pre-check failed, can not install." + return 1 + fi fi if [ -z "$_c_home" ] && [ "$LE_CONFIG_HOME" != "$LE_WORKING_DIR" ]; then @@ -4876,7 +4878,9 @@ install() { _info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY" - _installalias "$_c_home" + if [ "$IN_CRON" != "1" ]; then + _installalias "$_c_home" + fi for subf in $_SUB_FOLDERS; do if [ -d "$subf" ]; then From c73fdd402243071d01a23eae7ae17088b5914d7d Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 3 Sep 2017 08:45:58 +0800 Subject: [PATCH 09/18] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index f6447f73..e482b87b 100755 --- a/acme.sh +++ b/acme.sh @@ -4970,7 +4970,7 @@ _uninstallalias() { } cron() { - IN_CRON=1 + export IN_CRON=1 _initpath _info "$(__green "===Starting cron===")" if [ "$AUTO_UPGRADE" = "1" ]; then From e52304edb47b974c905e88bc41b7124705f514e6 Mon Sep 17 00:00:00 2001 From: Santeri Date: Sun, 3 Sep 2017 13:35:20 +0400 Subject: [PATCH 10/18] cpanel_uapi tried to make it a bit less confusing --- deploy/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/deploy/README.md b/deploy/README.md index e026cadf..62a3fb6f 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -6,6 +6,8 @@ Here are the scripts to deploy the certs/key to the server/services. ## 1. Deploy the certs to your cpanel host. +If you want to deploy using cpanel UAPI see 7. + (cpanel deploy hook is not finished yet, this is just an example.) @@ -81,14 +83,13 @@ acme.sh --deploy -d ftp.example.com --deploy-hook exim4 acme.sh --deploy -d ftp.example.com --deploy-hook keychain ``` -## 7. Deploy to cpanel host. +## 7. Deploy to cpanel host using UAPI +This hook is using UAPI and works in cPanel & WHM version 56 or newer. ``` acme.sh --deploy -d example.com --deploy-hook cpanel_uapi ``` - -If you are login as root, please specify the username to deploy cert to: - +DEPLOY_CPANEL_USER is required only if you run the script as root and it should contain cpanel username. ```sh export DEPLOY_CPANEL_USER=username acme.sh --deploy -d example.com --deploy-hook cpanel_uapi From 8148bfeacf43a311551c00473f39c514e5f50d52 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 5 Sep 2017 20:32:14 +0800 Subject: [PATCH 11/18] fix https://github.com/Neilpang/acme.sh/issues/998 --- acme.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index e482b87b..d9855651 100755 --- a/acme.sh +++ b/acme.sh @@ -1814,7 +1814,12 @@ _send_signed_request() { _CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" - if _contains "$response" "JWS has invalid anti-replay nonce"; then + _body="$response" + if [ "$needbase64" ]; then + _body="$(echo "$_body" | _dbase64)" + fi + _debug3 _body "$_body" + if _contains "$_body" "JWS has invalid anti-replay nonce"; then _info "It seems the CA server is busy now, let's wait and retry." _request_retry_times=$(_math "$_request_retry_times" + 1) _sleep 5 From f81d4033fa0e85f4a4cb789e250bb52d3a282e5f Mon Sep 17 00:00:00 2001 From: Santeri Kannisto Date: Tue, 5 Sep 2017 17:37:48 +0400 Subject: [PATCH 12/18] One cert per domain Deploy works only for the first domain --- deploy/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/README.md b/deploy/README.md index 62a3fb6f..48caea6f 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -94,6 +94,7 @@ DEPLOY_CPANEL_USER is required only if you run the script as root and it should export DEPLOY_CPANEL_USER=username acme.sh --deploy -d example.com --deploy-hook cpanel_uapi ``` +Please note, that the cpanel_uapi hook will deploy only the first domain when your certificate will automatically renew. Therefore you should issue only one certificate per domain. From a9726fde1948c7404e8873e9b6264785081b025a Mon Sep 17 00:00:00 2001 From: Santeri Kannisto Date: Tue, 5 Sep 2017 17:42:17 +0400 Subject: [PATCH 13/18] 1 cert per domain for cpanel_uapi --- deploy/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/README.md b/deploy/README.md index 48caea6f..c80a567e 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -94,7 +94,7 @@ DEPLOY_CPANEL_USER is required only if you run the script as root and it should export DEPLOY_CPANEL_USER=username acme.sh --deploy -d example.com --deploy-hook cpanel_uapi ``` -Please note, that the cpanel_uapi hook will deploy only the first domain when your certificate will automatically renew. Therefore you should issue only one certificate per domain. +Please note, that the cpanel_uapi hook will deploy only the first domain when your certificate will automatically renew. Therefore you should issue a separete certificate for each domain. From 3eeb090578a371eb5e5ce507adb27a6cf1676ac8 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 6 Sep 2017 20:50:31 +0800 Subject: [PATCH 14/18] fix tls mode back to use openssl --- acme.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index d9855651..83c06fa5 100755 --- a/acme.sh +++ b/acme.sh @@ -2053,7 +2053,12 @@ _starttlsserver() { return 1 fi - __S_OPENSSL="socat" + __S_OPENSSL="${ACME_OPENSSL_BIN:-openssl} s_server -www -cert $TLS_CERT -key $TLS_KEY " + if [ "$opaddr" ]; then + __S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" + else + __S_OPENSSL="$__S_OPENSSL -accept $port" + fi _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" @@ -2064,9 +2069,12 @@ _starttlsserver() { fi _debug "$__S_OPENSSL" + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then + $__S_OPENSSL -tlsextdebug & + else + $__S_OPENSSL >/dev/null 2>&1 & + fi - #todo listen address - $__S_OPENSSL openssl-listen:$port,cert=$TLS_CERT,key=$TLS_KEY,verify=0,reuseaddr,fork SYSTEM:"sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & serverproc="$!" sleep 1 _debug serverproc "$serverproc" From 53273a15bf54d2b3c48e8351c592f42ee1e49dab Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 6 Sep 2017 21:18:02 +0800 Subject: [PATCH 15/18] use socat for tls mode --- acme.sh | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/acme.sh b/acme.sh index 83c06fa5..d9855651 100755 --- a/acme.sh +++ b/acme.sh @@ -2053,12 +2053,7 @@ _starttlsserver() { return 1 fi - __S_OPENSSL="${ACME_OPENSSL_BIN:-openssl} s_server -www -cert $TLS_CERT -key $TLS_KEY " - if [ "$opaddr" ]; then - __S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port" - else - __S_OPENSSL="$__S_OPENSSL -accept $port" - fi + __S_OPENSSL="socat" _debug Le_Listen_V4 "$Le_Listen_V4" _debug Le_Listen_V6 "$Le_Listen_V6" @@ -2069,12 +2064,9 @@ _starttlsserver() { fi _debug "$__S_OPENSSL" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then - $__S_OPENSSL -tlsextdebug & - else - $__S_OPENSSL >/dev/null 2>&1 & - fi + #todo listen address + $__S_OPENSSL openssl-listen:$port,cert=$TLS_CERT,key=$TLS_KEY,verify=0,reuseaddr,fork SYSTEM:"sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & serverproc="$!" sleep 1 _debug serverproc "$serverproc" From a6b399286e4dcd387c5193589358d066174d51eb Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 9 Sep 2017 14:15:11 +0800 Subject: [PATCH 16/18] add socat --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7ca042ea..e85098e0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ RUN apk update -f \ && apk --no-cache add -f \ openssl \ curl \ - netcat-openbsd \ + socat \ && rm -rf /var/cache/apk/* ENV LE_CONFIG_HOME /acme.sh From 36309e6dbc5b074b108c268bb2a652689aae379d Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 11 Sep 2017 21:28:37 +0800 Subject: [PATCH 17/18] minor, fix debug info --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d9855651..b1a7f68a 100755 --- a/acme.sh +++ b/acme.sh @@ -1817,8 +1817,9 @@ _send_signed_request() { _body="$response" if [ "$needbase64" ]; then _body="$(echo "$_body" | _dbase64)" + _debug2 _body "$_body" fi - _debug3 _body "$_body" + if _contains "$_body" "JWS has invalid anti-replay nonce"; then _info "It seems the CA server is busy now, let's wait and retry." _request_retry_times=$(_math "$_request_retry_times" + 1) From 95949b6519b4b7e8de5f8dc83ef900d558caa331 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 11 Sep 2017 21:40:56 +0800 Subject: [PATCH 18/18] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b1a7f68a..e7746931 100755 --- a/acme.sh +++ b/acme.sh @@ -1987,7 +1987,7 @@ _startserver() { _debug "_NC" "$_NC" #todo listen address - socat TCP-LISTEN:$Le_HTTPPort,crlf,reuseaddr,fork SYSTEM:"sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & + $_NC TCP-LISTEN:$Le_HTTPPort,crlf,reuseaddr,fork SYSTEM:"sleep 0.5; echo HTTP/1.1 200 OK'; echo ; echo $content; echo;" & serverproc="$!" }