mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-12-29 23:52:09 +08:00
Compare commits
23 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
26e3263aec | ||
|
|
08b4e1a744 | ||
|
|
d68f0999a4 | ||
|
|
2c9ed4c565 | ||
|
|
be4f87c760 | ||
|
|
b963dadc14 | ||
|
|
26e7fd8b80 | ||
|
|
b9a972bccd | ||
|
|
bb7b9280d3 | ||
|
|
395fbbfd14 | ||
|
|
896dfe3def | ||
|
|
6c4f33910c | ||
|
|
0a301cdd21 | ||
|
|
c2b1e38d7f | ||
|
|
fcc0aef7f4 | ||
|
|
eaa3de2dce | ||
|
|
f3dc5dd12f | ||
|
|
b73f5a4e94 | ||
|
|
3b74ac841e | ||
|
|
b6f00ea241 | ||
|
|
0bd4a4f98f | ||
|
|
0b52645bb6 | ||
|
|
148f869bec |
@@ -50,7 +50,7 @@ RUN for verb in help \
|
||||
|
||||
RUN printf "%b" '#!'"/usr/bin/env sh\n \
|
||||
if [ \"\$1\" = \"daemon\" ]; then \n \
|
||||
crond; tail -f /dev/null;\n \
|
||||
crond -f\n \
|
||||
else \n \
|
||||
/root/.acme.sh/acme.sh --config-home /acme.sh \"\$@\"\n \
|
||||
fi" >/entry.sh && chmod +x /entry.sh
|
||||
|
||||
24
acme.sh
24
acme.sh
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
VER=2.7.1
|
||||
VER=2.7.2
|
||||
|
||||
PROJECT_NAME="acme.sh"
|
||||
|
||||
@@ -104,21 +104,21 @@ if [ -t 1 ]; then
|
||||
fi
|
||||
|
||||
__green() {
|
||||
if [ "$__INTERACTIVE" ]; then
|
||||
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
|
||||
printf '\033[1;31;32m'
|
||||
fi
|
||||
printf -- "%b" "$1"
|
||||
if [ "$__INTERACTIVE" ]; then
|
||||
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
|
||||
printf '\033[0m'
|
||||
fi
|
||||
}
|
||||
|
||||
__red() {
|
||||
if [ "$__INTERACTIVE" ]; then
|
||||
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
|
||||
printf '\033[1;31;40m'
|
||||
fi
|
||||
printf -- "%b" "$1"
|
||||
if [ "$__INTERACTIVE" ]; then
|
||||
if [ "$__INTERACTIVE${ACME_NO_COLOR}" = "1" ]; then
|
||||
printf '\033[0m'
|
||||
fi
|
||||
}
|
||||
@@ -1093,7 +1093,7 @@ _readSubjectFromCSR() {
|
||||
_usage "_readSubjectFromCSR mycsr.csr"
|
||||
return 1
|
||||
fi
|
||||
${ACME_OPENSSL_BIN:-openssl} req -noout -in "$_csrfile" -subject | _egrep_o "CN *=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d '\n'
|
||||
${ACME_OPENSSL_BIN:-openssl} req -noout -in "$_csrfile" -subject | tr ',' "\n" | _egrep_o "CN *=.*" | cut -d = -f 2 | cut -d / -f 1 | tr -d ' \n'
|
||||
}
|
||||
|
||||
#_csrfile
|
||||
@@ -1136,7 +1136,7 @@ _readKeyLengthFromCSR() {
|
||||
echo "$_outcsr" | tr "\t" " " | _egrep_o "^ *ASN1 OID:.*" | cut -d ':' -f 2 | tr -d ' '
|
||||
else
|
||||
_debug "RSA CSR"
|
||||
echo "$_outcsr" | tr "\t" " " | _egrep_o "(^ *|RSA )Public.Key:.*" | cut -d '(' -f 2 | cut -d ' ' -f 1
|
||||
echo "$_outcsr" | tr "\t" " " | (_egrep_o "^ *Public.Key:.*" || _egrep_o "RSA Public.Key:.*") | cut -d '(' -f 2 | cut -d ' ' -f 1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -1733,7 +1733,7 @@ _send_signed_request() {
|
||||
nonce="$_CACHED_NONCE"
|
||||
_debug2 nonce "$nonce"
|
||||
|
||||
protected="$JWK_HEADERPLACE_PART1$nonce$JWK_HEADERPLACE_PART2"
|
||||
protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2"
|
||||
_debug3 protected "$protected"
|
||||
|
||||
protected64="$(printf "%s" "$protected" | _base64 | _url_replace)"
|
||||
@@ -3940,6 +3940,10 @@ signcsr() {
|
||||
return 1
|
||||
fi
|
||||
_debug _csrsubj "$_csrsubj"
|
||||
if _contains "$_csrsubj" ' ' || ! _contains "$_csrsubj" '.'; then
|
||||
_info "It seems that the subject: $_csrsubj is not a valid domain name. Drop it."
|
||||
_csrsubj=""
|
||||
fi
|
||||
|
||||
_csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile")
|
||||
if [ "$?" != "0" ]; then
|
||||
@@ -4892,6 +4896,7 @@ Parameters:
|
||||
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
|
||||
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
||||
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
||||
--no-color Do not output color text.
|
||||
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
||||
--csr Specifies the input csr.
|
||||
--pre-hook Command to be run before obtaining any certificates.
|
||||
@@ -5339,6 +5344,9 @@ _process() {
|
||||
--nocron)
|
||||
_nocron="1"
|
||||
;;
|
||||
--no-color)
|
||||
export ACME_NO_COLOR=1
|
||||
;;
|
||||
--ecc)
|
||||
_ecc="isEcc"
|
||||
;;
|
||||
|
||||
@@ -9,7 +9,7 @@ dns_infoblox_add() {
|
||||
## Nothing to see here, just some housekeeping
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue"
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View"
|
||||
|
||||
_info "Using Infoblox API"
|
||||
_debug fulldomain "$fulldomain"
|
||||
@@ -19,14 +19,19 @@ dns_infoblox_add() {
|
||||
if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then
|
||||
Infoblox_Creds=""
|
||||
Infoblox_Server=""
|
||||
_err "You didn't specify the credentials or server yet (Infoblox_Creds and Infoblox_Server)."
|
||||
_err "Please set them via EXPORT ([username:password] and [ip or hostname]) and try again."
|
||||
_err "You didn't specify the credentials, server or infoblox view yet (Infoblox_Creds, Infoblox_Server and Infoblox_View)."
|
||||
_err "Please set them via EXPORT ([username:password], [ip or hostname]) and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "$Infoblox_View" ]; then
|
||||
Infoblox_View="default"
|
||||
fi
|
||||
|
||||
## Save the credentials to the account file
|
||||
_saveaccountconf Infoblox_Creds "$Infoblox_Creds"
|
||||
_saveaccountconf Infoblox_Server "$Infoblox_Server"
|
||||
_saveaccountconf Infoblox_View "$Infoblox_View"
|
||||
|
||||
## Base64 encode the credentials
|
||||
Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64)
|
||||
@@ -39,7 +44,7 @@ dns_infoblox_add() {
|
||||
result=$(_post "" "$baseurlnObject" "" "POST")
|
||||
|
||||
## Let's see if we get something intelligible back from the unit
|
||||
if echo "$result" | egrep 'record:txt/.*:.*/default'; then
|
||||
if echo "$result" | egrep "record:txt/.*:.*/$Infoblox_View"; then
|
||||
_info "Successfully created the txt record"
|
||||
return 0
|
||||
else
|
||||
@@ -68,18 +73,18 @@ dns_infoblox_rm() {
|
||||
export _H2="Authorization: Basic $Infoblox_CredsEncoded"
|
||||
|
||||
## Does the record exist? Let's check.
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&_return_type=xml-pretty"
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View&_return_type=xml-pretty"
|
||||
result=$(_get "$baseurlnObject")
|
||||
|
||||
## Let's see if we get something intelligible back from the grid
|
||||
if echo "$result" | egrep 'record:txt/.*:.*/default'; then
|
||||
if echo "$result" | egrep "record:txt/.*:.*/$Infoblox_View"; then
|
||||
## Extract the object reference
|
||||
objRef=$(printf "%b" "$result" | _egrep_o 'record:txt/.*:.*/default')
|
||||
objRef=$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")
|
||||
objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef"
|
||||
## Delete them! All the stale records!
|
||||
rmResult=$(_post "" "$objRmUrl" "" "DELETE")
|
||||
## Let's see if that worked
|
||||
if echo "$rmResult" | egrep 'record:txt/.*:.*/default'; then
|
||||
if echo "$rmResult" | egrep "record:txt/.*:.*/$Infoblox_View"; then
|
||||
_info "Successfully deleted $objRef"
|
||||
return 0
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user