Merge pull request #1316 from Neilpang/alias

Alias
2024-11-08 23:41:45 +00:00 · 2018-03-01 22:38:05 +08:00 · 2018-03-01 22:38:05 +08:00 · 61eaa44cf8
commit 61eaa44cf8
parent 2d1e9abb60 1f7df33e28
2 changed files with 67 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -76,6 +76,7 @@ https://github.com/Neilpang/acmetest
 - Apache mode
 - Nginx mode
 - DNS mode
+- [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode)
 - [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode)


--- a/acme.sh
+++ b/acme.sh
@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
 NO_VALUE="no"

 W_TLS="tls"
+DNS_ALIAS_PREFIX="="

 MODE_STATELESS="stateless"

@ -105,6 +106,8 @@ _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"

 _STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"

+_DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode"
+
 _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."

 _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@ -2859,8 +2862,9 @@ _clearupdns() {
    _debug "skip dns."
    return
  fi
-
+  _info "Removing DNS records."
  ventries=$(echo "$vlist" | tr ',' ' ')
+  _alias_index=1
  for ventry in $ventries; do
    d=$(echo "$ventry" | cut -d "$sep" -f 1)
    keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
@ -2874,7 +2878,7 @@ _clearupdns() {
    fi

    if [ "$vtype" != "$VTYPE_DNS" ]; then
-      _info "Skip $d for $vtype"
+      _debug "Skip $d for $vtype"
      continue
    fi

@ -2902,7 +2906,19 @@ _clearupdns() {
      if _startswith "$_dns_root_d" "*."; then
        _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
      fi
-      txtdomain="_acme-challenge.$_dns_root_d"
+
+      _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
+      _alias_index="$(_math "$_alias_index" + 1)"
+      _debug "_d_alias" "$_d_alias"
+      if [ "$_d_alias" ]; then
+        if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
+          txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
+        else
+          txtdomain="_acme-challenge.$_d_alias"
+        fi
+      else
+        txtdomain="_acme-challenge.$_dns_root_d"
+      fi

      if ! $rmcommand "$txtdomain" "$txt"; then
        _err "Error removing txt for domain:$txtdomain"
@ -3384,7 +3400,7 @@ issue() {
  _post_hook="${11}"
  _renew_hook="${12}"
  _local_addr="${13}"
-
+  _challenge_alias="${14}"
  #remove these later.
  if [ "$_web_roots" = "dns-cf" ]; then
    _web_roots="dns_cf"
@ -3437,6 +3453,11 @@ issue() {
  else
    _cleardomainconf "Le_LocalAddress"
  fi
+  if [ "$_challenge_alias" ]; then
+    _savedomainconf "Le_ChallengeAlias" "$_challenge_alias"
+  else
+    _cleardomainconf "Le_ChallengeAlias"
+  fi

  Le_API="$ACME_DIRECTORY"
  _savedomainconf "Le_API" "$Le_API"
@ -3658,6 +3679,7 @@ $_authorizations_map"
    #add entry
    dnsadded=""
    ventries=$(echo "$vlist" | tr "$dvsep" ' ')
+    _alias_index=1
    for ventry in $ventries; do
      d=$(echo "$ventry" | cut -d "$sep" -f 1)
      keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
@ -3675,7 +3697,18 @@ $_authorizations_map"
        if _startswith "$_dns_root_d" "*."; then
          _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
        fi
-        txtdomain="_acme-challenge.$_dns_root_d"
+        _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
+        _alias_index="$(_math "$_alias_index" + 1)"
+        _debug "_d_alias" "$_d_alias"
+        if [ "$_d_alias" ]; then
+          if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
+            txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
+          else
+            txtdomain="_acme-challenge.$_d_alias"
+          fi
+        else
+          txtdomain="_acme-challenge.$_dns_root_d"
+        fi
        _debug txtdomain "$txtdomain"
        txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
        _debug txt "$txt"
@ -4228,7 +4261,7 @@ renew() {
  fi

  IS_RENEW="1"
-  issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress"
+  issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
  res="$?"
  if [ "$res" != "0" ]; then
    return "$res"
@ -4292,6 +4325,17 @@ signcsr() {
    return 1
  fi

+  _real_cert="$3"
+  _real_key="$4"
+  _real_ca="$5"
+  _reload_cmd="$6"
+  _real_fullchain="$7"
+  _pre_hook="${8}"
+  _post_hook="${9}"
+  _renew_hook="${10}"
+  _local_addr="${11}"
+  _challenge_alias="${12}"
+
  _csrsubj=$(_readSubjectFromCSR "$_csrfile")
  if [ "$?" != "0" ]; then
    _err "Can not read subject from csr: $_csrfile"
@ -4337,7 +4381,7 @@ signcsr() {
  _info "Copy csr to: $CSR_PATH"
  cp "$_csrfile" "$CSR_PATH"

-  issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength"
+  issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias"

 }

@ -5312,6 +5356,8 @@ Commands:

 Parameters:
  --domain, -d   domain.tld         Specifies a domain, used to issue, renew or revoke etc.
+  --challenge-alias domain.tld      The challenge domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
+  --domain-alias domain.tld         The domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
  --force, -f                       Used to force to install or force to renew a cert immediately.
  --staging, --test                 Use staging server, just for test.
  --debug                           Output debug info.
@ -5463,6 +5509,7 @@ _process() {
  _domain=""
  _altdomains="$NO_VALUE"
  _webroot=""
+  _challenge_alias=""
  _keylength=""
  _accountkeylength=""
  _cert_file=""
@ -5652,6 +5699,16 @@ _process() {
        fi
        shift
        ;;
+      --challenge-alias)
+        cvalue="$2"
+        _challenge_alias="$_challenge_alias$cvalue,"
+        shift
+        ;;
+      --domain-alias)
+        cvalue="$DNS_ALIAS_PREFIX$2"
+        _challenge_alias="$_challenge_alias$cvalue,"
+        shift
+        ;;
      --standalone)
        wvalue="$NO_VALUE"
        if [ -z "$_webroot" ]; then
@ -5973,13 +6030,13 @@ _process() {
    uninstall) uninstall "$_nocron" ;;
    upgrade) upgrade ;;
    issue)
-      issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address"
+      issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
      ;;
    deploy)
      deploy "$_domain" "$_deploy_hook" "$_ecc"
      ;;
    signcsr)
-      signcsr "$_csr" "$_webroot"
+      signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
      ;;
    showcsr)
      showcsr "$_csr" "$_domain"