plantroon/acme.sh
1
0
Fork 0
mirror of https://github.com/plantroon/acme.sh.git synced 2024-11-10 00:11:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #339 from Neilpang/deploy

Browse Source 
add deploy command
This commit is contained in:
neil 2016-10-25 21:19:24 +08:00 committed by GitHub
commit 35c61f52fe
2 changed files with 146 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
acme.sh
View File

@ -11,6 +11,7 @@ PROJECT="https://github.com/Neilpang/$PROJECT_NAME"
DEFAULT_INSTALL_HOME="$HOME/.$PROJECT_NAME" DEFAULT_INSTALL_HOME="$HOME/.$PROJECT_NAME"
_SCRIPT_="$0" _SCRIPT_="$0"
_SUB_FOLDERS="dnsapi deploy"
DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
@ -2046,6 +2047,29 @@ _regAccount() {
} }
# domain folder file
_findHook() {
_hookdomain="$1"
_hookcat="$2"
_hookname="$3"
if [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname" ] ; then
d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname"
elif [ -f "$LE_WORKING_DIR/$_hookdomain/$_hookname.sh" ] ; then
d_api="$LE_WORKING_DIR/$_hookdomain/$_hookname.sh"
elif [ -f "$LE_WORKING_DIR/$_hookname" ] ; then
d_api="$LE_WORKING_DIR/$_hookname"
elif [ -f "$LE_WORKING_DIR/$_hookname.sh" ] ; then
d_api="$LE_WORKING_DIR/$_hookname.sh"
elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname" ] ; then
d_api="$LE_WORKING_DIR/$_hookcat/$_hookname"
elif [ -f "$LE_WORKING_DIR/$_hookcat/$_hookname.sh" ] ; then
d_api="$LE_WORKING_DIR/$_hookcat/$_hookname.sh"
fi
printf "%s" "$d_api"
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ] ; then if [ -z "$2" ] ; then
@ -2255,22 +2279,9 @@ issue() {
_debug txtdomain "$txtdomain" _debug txtdomain "$txtdomain"
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _urlencode)" txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _urlencode)"
_debug txt "$txt" _debug txt "$txt"
#dns
#1. check use api d_api="$(_findHook $d dnsapi $_currentRoot)"
d_api=""
if [ -f "$LE_WORKING_DIR/$d/$_currentRoot" ] ; then
d_api="$LE_WORKING_DIR/$d/$_currentRoot"
elif [ -f "$LE_WORKING_DIR/$d/$_currentRoot.sh" ] ; then
d_api="$LE_WORKING_DIR/$d/$_currentRoot.sh"
elif [ -f "$LE_WORKING_DIR/$_currentRoot" ] ; then
d_api="$LE_WORKING_DIR/$_currentRoot"
elif [ -f "$LE_WORKING_DIR/$_currentRoot.sh" ] ; then
d_api="$LE_WORKING_DIR/$_currentRoot.sh"
elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot" ] ; then
d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot"
elif [ -f "$LE_WORKING_DIR/dnsapi/$_currentRoot.sh" ] ; then
d_api="$LE_WORKING_DIR/dnsapi/$_currentRoot.sh"
fi
_debug d_api "$d_api" _debug d_api "$d_api"
if [ "$d_api" ] ; then if [ "$d_api" ] ; then
@ -2686,6 +2697,15 @@ renew() {
IS_RENEW="1" IS_RENEW="1"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress"
res=$? res=$?
if [ "$res" != "0" ] ; then
return $res
fi
if [ "$Le_DeployHook" ] ; then
deploy $Le_Domain "$Le_DeployHook" "$Le_Keylength"
res=$?
fi
IS_RENEW="" IS_RENEW=""
return $res return $res
@ -2847,6 +2867,56 @@ list() {
} }
deploy() {
Le_Domain="$1"
Le_DeployHook="$2"
_isEcc="$3"
if [ -z "$Le_DeployHook" ] ; then
_usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] "
return 1
fi
_initpath $Le_Domain "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ] ; then
_err "Domain is not valid:'$Le_Domain'"
return 1
fi
_deployApi="$(_findHook $Le_Domain deploy $Le_DeployHook)"
if [ -z "$_deployApi" ] ; then
_err "The deploy hook $Le_DeployHook is not found."
return 1
fi
_debug _deployApi "$_deployApi"
_savedomainconf Le_DeployHook "$Le_DeployHook"
if ! (
if ! . $_deployApi ; then
_err "Load file $_deployApi error. Please check your api file and try again."
return 1
fi
d_command="${Le_DeployHook}_deploy"
if ! _exists $d_command ; then
_err "It seems that your api file is not correct, it must have a function named: $d_command"
return 1
fi
if ! $d_command $Le_Domain "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH" ; then
_err "Error deploy for domain:$Le_Domain"
_on_issue_err
return 1
fi
) ; then
_err "Deploy error."
return 1
else
_info "$(__green Success)"
fi
}
installcert() { installcert() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ] ; then if [ -z "$Le_Domain" ] ; then
@ -3400,10 +3470,13 @@ install() {
_installalias _installalias
if [ -d "dnsapi" ] ; then for subf in $_SUB_FOLDERS ; do
mkdir -p $LE_WORKING_DIR/dnsapi if [ -d "$subf" ] ; then
cp dnsapi/* $LE_WORKING_DIR/dnsapi/ mkdir -p $LE_WORKING_DIR/$subf
cp $subf/* $LE_WORKING_DIR/$subf/
fi fi
done
if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then if [ ! -f "$ACCOUNT_CONF_PATH" ] ; then
_initconf _initconf
@ -3431,11 +3504,13 @@ install() {
_info "Good, bash is found, so change the shebang to use bash as prefered." _info "Good, bash is found, so change the shebang to use bash as prefered."
_shebang='#!/usr/bin/env bash' _shebang='#!/usr/bin/env bash'
_setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang"
if [ -d "$LE_WORKING_DIR/dnsapi" ] ; then for subf in $_SUB_FOLDERS ; do
for _apifile in $(ls "$LE_WORKING_DIR/dnsapi/"*.sh) ; do if [ -d "$LE_WORKING_DIR/$subf" ] ; then
for _apifile in "$LE_WORKING_DIR/$subf/"*.sh ; do
_setShebang "$_apifile" "$_shebang" _setShebang "$_apifile" "$_shebang"
done done
fi fi
done
fi fi
fi fi
@ -3525,6 +3600,7 @@ Commands:
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT . --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT .
--issue Issue a cert. --issue Issue a cert.
--signcsr Issue a cert from an existing csr. --signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server.
--installcert Install the issued cert to apache/nginx or any other server. --installcert Install the issued cert to apache/nginx or any other server.
--renew, -r Renew a cert. --renew, -r Renew a cert.
--renewAll Renew all the certs. --renewAll Renew all the certs.
@ -3589,6 +3665,7 @@ Parameters:
--pre-hook Command to be run before obtaining any certificates. --pre-hook Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
--renew-hook Command to be run once for each successfully renewed certificate. --renew-hook Command to be run once for each successfully renewed certificate.
--deploy-hook The hook file to deploy cert
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension. --ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
--listen-v4 Force standalone/tls server to listen at ipv4. --listen-v4 Force standalone/tls server to listen at ipv4.
@ -3695,6 +3772,7 @@ _process() {
_pre_hook="" _pre_hook=""
_post_hook="" _post_hook=""
_renew_hook="" _renew_hook=""
_deploy_hook=""
_logfile="" _logfile=""
_log="" _log=""
_local_address="" _local_address=""
@ -3725,6 +3803,9 @@ _process() {
--issue) --issue)
_CMD="issue" _CMD="issue"
;; ;;
--deploy)
_CMD="deploy"
;;
--signcsr) --signcsr)
_CMD="signcsr" _CMD="signcsr"
;; ;;
@ -3991,6 +4072,10 @@ _process() {
_renew_hook="$2" _renew_hook="$2"
shift shift
;; ;;
--deploy-hook)
_deploy_hook="$2"
shift
;;
--ocsp-must-staple|--ocsp) --ocsp-must-staple|--ocsp)
Le_OCSP_Stable="1" Le_OCSP_Stable="1"
;; ;;
@ -4070,6 +4155,9 @@ _process() {
issue) issue)
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address"
;; ;;
deploy)
deploy "$_domain" "$_deploy_hook" "$_ecc"
;;
signcsr) signcsr)
signcsr "$_csr" "$_webroot" signcsr "$_csr" "$_webroot"
;; ;;

33
deploy/myapi.sh Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/env sh
#Here is a sample custom api script.
#This file name is "myapi.sh"
#So, here must be a method myapi_deploy()
#Which will be called by acme.sh to deploy the cert
#returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain
myapi_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_err "Not implemented yet"
return 1
}