diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index 4abbb7ab..f7d4d1d7 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,4 +1,6 @@
Steps to reproduce
------------------
-
Debug log
-----------------
diff --git a/README.md b/README.md
index 2dd178d8..f1c74806 100644
--- a/README.md
+++ b/README.md
@@ -147,7 +147,7 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT**
**Apache** example:
```bash
-acme.sh --installcert -d example.com \
+acme.sh --install-cert -d example.com \
--certpath /path/to/certfile/in/apache/cert.pem \
--keypath /path/to/keyfile/in/apache/key.pem \
--fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \
@@ -156,7 +156,7 @@ acme.sh --installcert -d example.com \
**Nginx** example:
```bash
-acme.sh --installcert -d example.com \
+acme.sh --install-cert -d example.com \
--keypath /path/to/keyfile/in/nginx/key.pem \
--fullchainpath /path/to/fullchain/nginx/cert.pem \
--reloadcmd "service nginx force-reload"
diff --git a/acme.sh b/acme.sh
index cb99b5ab..9929dfad 100755
--- a/acme.sh
+++ b/acme.sh
@@ -61,6 +61,10 @@ LOG_LEVEL_2=2
LOG_LEVEL_3=3
DEFAULT_LOG_LEVEL="$LOG_LEVEL_1"
+SYSLOG_INFO="user.info"
+SYSLOG_ERROR="user.error"
+SYSLOG_DEBUG="user.debug"
+
_DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh"
_PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
@@ -128,18 +132,30 @@ _dlg_versions() {
fi
}
+#class
+_syslog() {
+ if [ -z "$SYS_LOG" ] || [ "$SYS_LOG" = "0" ]; then
+ return
+ fi
+ _logclass="$1"
+ shift
+ logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
+}
+
_log() {
+ _syslog "$@"
[ -z "$LOG_FILE" ] && return
+ shift
_printargs "$@" >>"$LOG_FILE"
}
_info() {
- _log "$@"
+ _log "$SYSLOG_INFO" "$@"
_printargs "$@"
}
_err() {
- _log "$@"
+ _log "$SYSLOG_ERROR" "$@"
if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
printf -- "%s" "[$(date)] " >&2
fi
@@ -159,7 +175,7 @@ _usage() {
_debug() {
if [ -z "$LOG_LEVEL" ] || [ "$LOG_LEVEL" -ge "$LOG_LEVEL_1" ]; then
- _log "$@"
+ _log "$SYSLOG_DEBUG" "$@"
fi
if [ -z "$DEBUG" ]; then
return
@@ -169,19 +185,19 @@ _debug() {
_debug2() {
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_2" ]; then
- _log "$@"
+ _log "$SYSLOG_DEBUG" "$@"
fi
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
- _debug "$@"
+ _printargs "$@" >&2
fi
}
_debug3() {
if [ "$LOG_LEVEL" ] && [ "$LOG_LEVEL" -ge "$LOG_LEVEL_3" ]; then
- _log "$@"
+ _log "$SYSLOG_DEBUG" "$@"
fi
if [ "$DEBUG" ] && [ "$DEBUG" -ge "3" ]; then
- _debug "$@"
+ _printargs "$@" >&2
fi
}
@@ -364,8 +380,16 @@ _ascii_hex() {
#input:"abc"
#output: " 61 62 63"
_hex_dump() {
- #in wired some system, the od command is missing.
- if ! od -A n -v -t x1 | tr -d "\r\t" | tr -s " " | sed "s/ $//" | tr -d "\n" 2>/dev/null; then
+ if _exists od; then
+ od -A n -v -t x1 | tr -s " " | sed 's/ $//' | tr -d "\r\t\n"
+ elif _exists hexdump; then
+ _debug3 "using hexdump"
+ hexdump -v -e '/1 ""' -e '/1 " %02x" ""'
+ elif _exists xxd; then
+ _debug3 "using xxd"
+ xxd -ps -c 20 -i | sed "s/ 0x/ /g" | tr -d ",\n" | tr -s " "
+ else
+ _debug3 "using _ascii_hex"
str=$(cat)
_ascii_hex "$str"
fi
@@ -896,7 +920,11 @@ _createcsr() {
_csr_cn="$(_idn "$domain")"
_debug2 _csr_cn "$_csr_cn"
- $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
+ if _contains "$(uname -a)" "MINGW"; then
+ $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr"
+ else
+ $OPENSSL_BIN req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
+ fi
}
#_signcsr key csr conf cert
@@ -4234,7 +4262,7 @@ Commands:
--version, -v Show version info.
--install Install $PROJECT_NAME to your system.
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
- --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT .
+ --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
--issue Issue a cert.
--signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server.
@@ -4251,8 +4279,8 @@ Commands:
--toPkcs Export the certificate and key to a pfx file.
--update-account Update account info.
--register-account Register account key.
- --createAccountKey, -cak Create an account private key, professional use.
- --createDomainKey, -cdk Create an domain private key, professional use.
+ --create-account-key Create an account private key, professional use.
+ --create-domain-key Create an domain private key, professional use.
--createCSR, -ccsr Create CSR , professional use.
--deactivate Deactivate the domain authz, professional use.
@@ -4274,6 +4302,7 @@ Parameters:
--accountkeylength, -ak [2048] Specifies the account key length.
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
--log-level 1|2 Specifies the log level, default is 1.
+ --syslog [1|0] Enable/Disable syslog.
These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert:
@@ -4432,6 +4461,7 @@ _process() {
_listen_v4=""
_listen_v6=""
_openssl_bin=""
+ _syslog=""
while [ ${#} -gt 0 ]; do
case "${1}" in
@@ -4494,10 +4524,10 @@ _process() {
--toPkcs)
_CMD="toPkcs"
;;
- --createAccountKey | --createaccountkey | -cak)
+ --createAccountKey | --createaccountkey | -cak | --create-account-key)
_CMD="createAccountKey"
;;
- --createDomainKey | --createdomainkey | -cdk)
+ --createDomainKey | --createdomainkey | -cdk | --create-domain-key)
_CMD="createDomainKey"
;;
--createCSR | --createcsr | -ccr)
@@ -4762,6 +4792,15 @@ _process() {
LOG_LEVEL="$_log_level"
shift
;;
+ --syslog)
+ if ! _startswith "$2" '-'; then
+ _syslog="$2"
+ shift
+ fi
+ if [ -z "$_syslog" ]; then
+ _syslog="1"
+ fi
+ ;;
--auto-upgrade)
_auto_upgrade="$2"
if [ -z "$_auto_upgrade" ] || _startswith "$_auto_upgrade" '-'; then
@@ -4809,6 +4848,21 @@ _process() {
LOG_LEVEL="$_log_level"
fi
+ if [ "$_syslog" ]; then
+ if _exists logger; then
+ if [ "$_syslog" = "0" ]; then
+ _clearaccountconf "SYS_LOG"
+ else
+ _saveaccountconf "SYS_LOG" "$_syslog"
+ fi
+ SYS_LOG="$_syslog"
+ else
+ _err "The 'logger' command is not found, can not enable syslog."
+ _clearaccountconf "SYS_LOG"
+ SYS_LOG=""
+ fi
+ fi
+
_processAccountConf
fi
@@ -4901,6 +4955,21 @@ _process() {
if [ "$_log_level" ]; then
_saveaccountconf "LOG_LEVEL" "$_log_level"
fi
+
+ if [ "$_syslog" ]; then
+ if _exists logger; then
+ if [ "$_syslog" = "0" ]; then
+ _clearaccountconf "SYS_LOG"
+ else
+ _saveaccountconf "SYS_LOG" "$_syslog"
+ fi
+ else
+ _err "The 'logger' command is not found, can not enable syslog."
+ _clearaccountconf "SYS_LOG"
+ SYS_LOG=""
+ fi
+ fi
+
_processAccountConf
fi
diff --git a/deploy/README.md b/deploy/README.md
index 2e490a17..15b7ae1d 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -1,6 +1,28 @@
-#Using deploy api
+# Using deploy api
-#Using the ssh deploy plugin
+Here are the scripts to deploy the certs/key to the server/services.
+
+## 1. Deploy the certs to your cpanel host.
+
+(cpanel deploy hook is not finished yet, this is just an example.)
+
+Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
+
+Then you can deploy now:
+
+```sh
+export DEPLOY_CPANEL_USER=myusername
+export DEPLOY_CPANEL_PASSWORD=PASSWORD
+acme.sh --deploy -d example.com --deploy --deploy-hook cpanel
+```
+
+## 2. Deploy ssl cert on kong proxy engine based on api.
+
+Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
+
+(TODO)
+
+## 3. Deploy the cert to remote server through SSH access.
The ssh deploy plugin allows you to deploy certificates to a remote host
using SSH command to connect to the remote server. The ssh plugin is invoked
diff --git a/deploy/cpanel.sh b/deploy/cpanel.sh
new file mode 100644
index 00000000..bf1332ff
--- /dev/null
+++ b/deploy/cpanel.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env sh
+
+#Here is the script to deploy the cert to your cpanel account by the cpanel APIs.
+
+#returns 0 means success, otherwise error.
+
+#export DEPLOY_CPANEL_USER=myusername
+#export DEPLOY_CPANEL_PASSWORD=PASSWORD
+
+######## Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+cpanel_deploy() {
+ _cdomain="$1"
+ _ckey="$2"
+ _ccert="$3"
+ _cca="$4"
+ _cfullchain="$5"
+
+ _debug _cdomain "$_cdomain"
+ _debug _ckey "$_ckey"
+ _debug _ccert "$_ccert"
+ _debug _cca "$_cca"
+ _debug _cfullchain "$_cfullchain"
+
+ _err "Not implemented yet"
+ return 1
+
+}
diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh
index 555bd70b..29d7a2cd 100755
--- a/dnsapi/dns_aws.sh
+++ b/dnsapi/dns_aws.sh
@@ -93,7 +93,7 @@ _get_root() {
fi
if _contains "$response" "$h."; then
- hostedzone="$(echo "$response" | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")"
+ hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")"
_debug hostedzone "$hostedzone"
if [ -z "$hostedzone" ]; then
_err "Error, can not get hostedzone."