From 5c48e139d4962ef3e0fde2d0dc24dc89290a8459 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 27 Sep 2016 23:43:18 +0800 Subject: [PATCH] support individual ca accounts --- acme.sh | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 53 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index e748a063..f4156411 100755 --- a/acme.sh +++ b/acme.sh @@ -848,6 +848,7 @@ _mktemp() { if mktemp 2>/dev/null ; then return elif _contains "$(mktemp 2>&1)" "-t prefix" && mktemp -t "$PROJECT_NAME" 2>/dev/null ; then + #for Mac osx return fi fi @@ -1345,6 +1346,8 @@ __initHome() { fi DEFAULT_LOG_FILE="$LE_WORKING_DIR/$PROJECT_NAME.log" + + DEFAULT_CA_HOME="$LE_WORKING_DIR/ca" } #[domain] [keylength] @@ -1362,6 +1365,10 @@ _initpath() { export PATH="$USER_PATH:$PATH" fi fi + + if [ -z "$CA_HOME" ] ; then + CA_HOME="$DEFAULT_CA_HOME" + fi if [ -z "$API" ] ; then if [ -z "$STAGE" ] ; then @@ -1372,6 +1379,19 @@ _initpath() { fi fi + _API_HOST="$(echo "$API" | cut -d : -f 2 | tr -d '/')" + CA_DIR="$CA_HOME/$_API_HOST" + + _DEFAULT_CA_CONF="$CA_DIR/ca.conf" + + if [ -z "$CA_CONF" ] ; then + CA_CONF="$_DEFAULT_CA_CONF" + fi + + if [ -f "$CA_CONF" ] ; then + . "$CA_CONF" + fi + if [ -z "$ACME_DIR" ] ; then ACME_DIR="/home/.acme" fi @@ -1388,11 +1408,20 @@ _initpath() { HTTP_HEADER="$LE_WORKING_DIR/http.header" fi - _DEFAULT_ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key" + _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" + _OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json" + + _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key" + _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json" if [ -z "$ACCOUNT_KEY_PATH" ] ; then ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH" fi + if [ -z "$ACCOUNT_JSON_PATH" ] ; then + ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" + fi + + _DEFAULT_CERT_HOME="$LE_WORKING_DIR" if [ -z "$CERT_HOME" ] ; then CERT_HOME="$_DEFAULT_CERT_HOME" @@ -1401,6 +1430,9 @@ _initpath() { if [ -z "$1" ] ; then return 0 fi + + mkdir -p "$CA_DIR" + domain="$1" _ilength="$2" @@ -1793,6 +1825,17 @@ registeraccount() { _regAccount() { _initpath + + if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then + _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" + mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" + fi + + if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then + _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH" + mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" + fi + if [ ! -f "$ACCOUNT_KEY_PATH" ] ; then _acck="no" if [ "$Le_Keylength" ] ; then @@ -1831,7 +1874,7 @@ _regAccount() { fi if [ "$code" = "" ] || [ "$code" = '201' ] ; then - echo "$response" > $LE_WORKING_DIR/account.json + echo "$response" > $ACCOUNT_JSON_PATH _info "Registered" elif [ "$code" = '409' ] ; then _info "Already registered" @@ -2447,6 +2490,9 @@ issue() { Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" + Le_API="$API" + _savedomainconf "Le_API" "$Le_API" + _on_issue_success if [ "$Le_RealCertPath$Le_RealKeyPath$Le_RealCACertPath$Le_ReloadCmd$Le_RealFullChainPath" ] ; then @@ -2478,6 +2524,11 @@ renew() { fi . "$DOMAIN_CONF" + + if [ "$Le_API" ] ; then + API="$Le_API" + fi + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ] ; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" _info "Add '$(__red '--force')' to force to renew."