mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-25 14:41:40 +00:00
add always-force-new-domain-key. fix https://github.com/Neilpang/acme.sh/issues/914
This commit is contained in:
parent
1be222f6ed
commit
c4b2e5829e
21
acme.sh
21
acme.sh
@ -1281,7 +1281,7 @@ createDomainKey() {
|
||||
|
||||
_initpath "$domain" "$_cdl"
|
||||
|
||||
if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then
|
||||
if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ] ; then
|
||||
if _createkey "$_cdl" "$CERT_KEY_PATH"; then
|
||||
_savedomainconf Le_Keylength "$_cdl"
|
||||
_info "The domain key is here: $(__green $CERT_KEY_PATH)"
|
||||
@ -3148,7 +3148,7 @@ _regAccount() {
|
||||
return 1
|
||||
fi
|
||||
if [ "$code" = '202' ]; then
|
||||
_info "Update success."
|
||||
_info "Update account tos info success."
|
||||
|
||||
CA_KEY_HASH="$(__calcAccountKeyHash)"
|
||||
_debug "Calc CA_KEY_HASH" "$CA_KEY_HASH"
|
||||
@ -3355,7 +3355,7 @@ issue() {
|
||||
else
|
||||
_key=$(_readdomainconf Le_Keylength)
|
||||
_debug "Read key length:$_key"
|
||||
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ]; then
|
||||
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
||||
if ! createDomainKey "$_main_domain" "$_key_length"; then
|
||||
_err "Create domain key error."
|
||||
_clearup
|
||||
@ -3885,6 +3885,12 @@ issue() {
|
||||
_cleardomainconf Le_Listen_V4
|
||||
fi
|
||||
|
||||
if [ "$Le_ForceNewDomainKey" = "1" ]; then
|
||||
_savedomainconf "Le_ForceNewDomainKey" "$Le_ForceNewDomainKey"
|
||||
else
|
||||
_cleardomainconf Le_ForceNewDomainKey
|
||||
fi
|
||||
|
||||
Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60)
|
||||
|
||||
Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime")
|
||||
@ -5026,6 +5032,7 @@ Parameters:
|
||||
--renew-hook Command to be run once for each successfully renewed certificate.
|
||||
--deploy-hook The hook file to deploy cert
|
||||
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
|
||||
--always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default.
|
||||
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
|
||||
--listen-v4 Force standalone/tls server to listen at ipv4.
|
||||
--listen-v6 Force standalone/tls server to listen at ipv6.
|
||||
@ -5506,6 +5513,14 @@ _process() {
|
||||
--ocsp-must-staple | --ocsp)
|
||||
Le_OCSP_Staple="1"
|
||||
;;
|
||||
--always-force-new-domain-key)
|
||||
if [ -z "$2" ] || _startswith "$2" "-"; then
|
||||
Le_ForceNewDomainKey=1
|
||||
else
|
||||
Le_ForceNewDomainKey="$2"
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
--log | --logfile)
|
||||
_log="1"
|
||||
_logfile="$2"
|
||||
|
Loading…
Reference in New Issue
Block a user