From 744dea00ca15ee4a42d58848d658d50a4538e312 Mon Sep 17 00:00:00 2001
From: Scruel Tao <me@scruel.com>
Date: Wed, 8 May 2024 02:56:21 +0800
Subject: [PATCH 1/7] feat: guide user to run script as root to create temp
admin user
Message text and comment optimized
---
deploy/synology_dsm.sh | 33 ++++++++++++++++++++-------------
1 file changed, 20 insertions(+), 13 deletions(-)
diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index 342fb32e..e6f44e8d 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -39,7 +39,7 @@
################################################################################
# Dependencies:
# - curl
-# - synouser & synogroup (When available and SYNO_USE_TEMP_ADMIN is set)
+# - synouser & synogroup & synosetkeyvalue (Required for SYNO_USE_TEMP_ADMIN=1)
################################################################################
# Return value:
# 0 means success, otherwise error.
@@ -66,14 +66,17 @@ synology_dsm_deploy() {
_getdeployconf SYNO_DEVICE_NAME
# Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set
- _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
_getdeployconf SYNO_USE_TEMP_ADMIN
_check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
_debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
- if ! _exists synouser || ! _exists synogroup; then
- _err "Tools are missing for creating temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
+ if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then
+ _err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
+ return 1
+ fi
+ if synouser --help 2>&1 | grep -q 'Permission denied'; then
+ _err "For creating temp admin user, the deploy script must be run as root."
return 1
fi
@@ -184,7 +187,7 @@ synology_dsm_deploy() {
_debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
- _err "SYNO_USE_TEMP_ADMIN=1 Only support locally deployment, if you are sure that hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
+ _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, then execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
return 1
fi
fi
@@ -201,7 +204,7 @@ synology_dsm_deploy() {
# shellcheck disable=SC2086
synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
else
- _err "Tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
+ _err "The tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
else
@@ -212,7 +215,7 @@ synology_dsm_deploy() {
otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none
- _info "Temporary disabled enforce 2FA-OTP to complete authentication."
+ _info "Temporary disabled enforce 2FA-OTP to complete temp admin authentication."
_info "previous_otp_enforce_option" "$otp_enforce_option"
else
otp_enforce_option=""
@@ -230,7 +233,7 @@ synology_dsm_deploy() {
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
# Account has 2FA-OTP enabled, since error 403 reported.
- # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf
+ # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Os/DSM/All/enu/DSM_Login_Web_API_Guide_enu.pdf
if [ "$error_code" == "403" ]; then
if [ -z "$SYNO_DEVICE_NAME" ]; then
printf "Enter device name or leave empty for default (CertRenewal): "
@@ -274,12 +277,16 @@ synology_dsm_deploy() {
_err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window."
elif [ "$error_code" == "406" ]; then
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
- _err "SYNO_USE_TEMP_ADMIN=1 is not supported if enforce auth with 2FA-OTP is enabled."
+ _err "Failed with unexcepted error, please report this by providing full log with '--debug 3'."
else
_err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue."
fi
- elif [ "$error_code" == "400" ] || [ "$error_code" == "401" ] || [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
- _err "Failed to authenticate with a non-existent or disabled account, or the account password is incorrect or has expired."
+ elif [ "$error_code" == "400" ]; then
+ _err "Failed to authenticate, no such account or incorrect password."
+ elif [ "$error_code" == "401" ]; then
+ _err "Failed to authenticate with a non-existent account."
+ elif [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
+ _err "Failed to authenticate, the account password has expired or must be changed."
else
_err "Failed to authenticate with error: $error_code."
fi
@@ -293,7 +300,7 @@ synology_dsm_deploy() {
_debug SynoToken "$token"
if [ -z "$sid" ] || [ -z "$token" ]; then
# Still can't get necessary info even got no errors, may Synology have API updated?
- _err "Unable to authenticate to $_base_url, you may report the full log to the community."
+ _err "Unable to authenticate to $_base_url, you may report this by providing full log with '--debug 3'."
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
@@ -331,7 +338,7 @@ synology_dsm_deploy() {
if [ "$error_code" -eq 105 ]; then
_err "Current user is not administrator and does not have sufficient permission for deploying."
else
- _err "Failed to fetch certificate info with error: $error_code, please try again or contact Synology to learn more."
+ _err "Failed to fetch certificate info: $error_code, please try again or contact Synology to learn more."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
From 47ccb2848215a7733ff5cfc5d8e967722e35d5cc Mon Sep 17 00:00:00 2001
From: Scruel Tao <me@scruel.com>
Date: Wed, 8 May 2024 04:46:51 +0800
Subject: [PATCH 2/7] chore: typo
---
deploy/synology_dsm.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index e6f44e8d..a9057a57 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -187,7 +187,7 @@ synology_dsm_deploy() {
_debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
- _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, then execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
+ _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
return 1
fi
fi
From 1dbc58d4e0de6a0c1fd8fd02937b5a7313db95c4 Mon Sep 17 00:00:00 2001
From: Scruel Tao <me@scruel.com>
Date: Wed, 8 May 2024 14:01:43 +0800
Subject: [PATCH 3/7] chore: optimize more msgs
---
deploy/synology_dsm.sh | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index a9057a57..acac9d1e 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -73,6 +73,7 @@ synology_dsm_deploy() {
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then
_err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
+ _err "Notice: temp admin user authorization method only supports local deployment on DSM."
return 1
fi
if synouser --help 2>&1 | grep -q 'Permission denied'; then
@@ -211,11 +212,14 @@ synology_dsm_deploy() {
_err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
- # havig a workaround to temporary disable enforce 2FA-OTP
+ # havig a workaround to temporary disable enforce 2FA-OTP, will restore
+ # it soon (after a single request), though if any accident occurs like
+ # unexpected interruption, this setting can be easily reverted manually.
otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none
- _info "Temporary disabled enforce 2FA-OTP to complete temp admin authentication."
+ _info "Enforcing 2FA-OTP has been disabled to complete temp admin authentication."
+ _info "Notice: it will be restored soon, if not, you can restore it manually via Control Panel."
_info "previous_otp_enforce_option" "$otp_enforce_option"
else
otp_enforce_option=""
From 9bdfd8f4fe1c625aa773b4875bf1fd2d09283ef1 Mon Sep 17 00:00:00 2001
From: Vlad-Stefan Harbuz <vlad@vladh.net>
Date: Fri, 12 Jul 2024 13:04:42 +0100
Subject: [PATCH 4/7] Improve grammar
---
acme.sh | 714 ++++++++++++++++++++++++++++----------------------------
1 file changed, 356 insertions(+), 358 deletions(-)
diff --git a/acme.sh b/acme.sh
index d154cf77..219a3caa 100755
--- a/acme.sh
+++ b/acme.sh
@@ -231,11 +231,11 @@ _dlg_versions() {
echo "$ACME_OPENSSL_BIN doesn't exist."
fi
- echo "apache:"
+ echo "Apache:"
if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then
$_APACHECTL -V 2>&1
else
- echo "apache doesn't exist."
+ echo "Apache doesn't exist."
fi
echo "nginx:"
@@ -949,7 +949,7 @@ _getfile() {
i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)"
if [ -z "$i" ]; then
- _err "Can not find start line: $startline"
+ _err "Cannot find start line: $startline"
return 1
fi
i="$(_math "$i" + 1)"
@@ -957,7 +957,7 @@ _getfile() {
j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)"
if [ -z "$j" ]; then
- _err "Can not find end line: $endline"
+ _err "Cannot find end line: $endline"
return 1
fi
j="$(_math "$j" - 1)"
@@ -1065,7 +1065,7 @@ _sign() {
if ! _signedECText="$($_sign_openssl -sha$__ECC_KEY_LEN | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then
_err "Sign failed: $_sign_openssl"
_err "Key file: $keyfile"
- _err "Key content:$(wc -l <"$keyfile") lines"
+ _err "Key content: $(wc -l <"$keyfile") lines"
return 1
fi
_debug3 "_signedECText" "$_signedECText"
@@ -1145,14 +1145,14 @@ _createkey() {
length=2048
fi
- _debug "Use length $length"
+ _debug "Using length $length"
if ! [ -e "$f" ]; then
if ! touch "$f" >/dev/null 2>&1; then
_f_path="$(dirname "$f")"
_debug _f_path "$_f_path"
if ! mkdir -p "$_f_path"; then
- _err "Can not create path: $_f_path"
+ _err "Cannot create path: $_f_path"
return 1
fi
fi
@@ -1163,11 +1163,11 @@ _createkey() {
fi
if _isEccKey "$length"; then
- _debug "Using ec name: $eccname"
+ _debug "Using EC name: $eccname"
if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then
echo "$_opkey" >"$f"
else
- _err "error ecc key name: $eccname"
+ _err "Error encountered for ECC key named $eccname"
return 1
fi
else
@@ -1179,13 +1179,13 @@ _createkey() {
if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then
echo "$_opkey" >"$f"
else
- _err "error rsa key: $length"
+ _err "Error encountered for RSA key of length $length"
return 1
fi
fi
if [ "$?" != "0" ]; then
- _err "Create key error."
+ _err "Key creation error."
return 1
fi
}
@@ -1452,7 +1452,7 @@ toPkcs() {
_toPkcs "$CERT_PFX_PATH" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$pfxPassword"
if [ "$?" = "0" ]; then
- _info "Success, Pfx is exported to: $CERT_PFX_PATH"
+ _info "Success, PFX has been exported to: $CERT_PFX_PATH"
fi
}
@@ -1496,7 +1496,7 @@ _create_account_key() {
length=$1
if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ]; then
- _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH"
+ _debug "Using default length $DEFAULT_ACCOUNT_KEY_LENGTH"
length="$DEFAULT_ACCOUNT_KEY_LENGTH"
fi
@@ -1505,15 +1505,15 @@ _create_account_key() {
mkdir -p "$CA_DIR"
if [ -s "$ACCOUNT_KEY_PATH" ]; then
- _info "Account key exists, skip"
+ _info "Account key exists, skipping"
return 0
else
#generate account key
if _createkey "$length" "$ACCOUNT_KEY_PATH"; then
- _info "Create account key ok."
+ _info "Account key creation OK."
return 0
else
- _err "Create account key error."
+ _err "Account key creation error."
return 1
fi
fi
@@ -1532,7 +1532,7 @@ createDomainKey() {
_cdl=$2
if [ -z "$_cdl" ]; then
- _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH"
+ _debug "Using DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH"
_cdl="$DEFAULT_DOMAIN_KEY_LENGTH"
fi
@@ -1544,16 +1544,16 @@ createDomainKey() {
_info "The domain key is here: $(__green $CERT_KEY_PATH)"
return 0
else
- _err "Can not create domain key"
+ _err "Cannot create domain key"
return 1
fi
else
if [ "$_ACME_IS_RENEW" ]; then
- _info "Domain key exists, skip"
+ _info "Domain key exists, skipping"
return 0
else
- _err "Domain key exists, do you want to overwrite the key?"
- _err "Add '--force', and try again."
+ _err "Domain key exists, do you want to overwrite it?"
+ _err "If so, add '--force' and try again."
return 1
fi
fi
@@ -1562,7 +1562,7 @@ createDomainKey() {
# domain domainlist isEcc
createCSR() {
- _info "Creating csr"
+ _info "Creating CSR"
if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --create-csr --domain <domain.tld> [--domain <domain2.tld> ...] [--ecc]"
return
@@ -1575,13 +1575,13 @@ createCSR() {
_initpath "$domain" "$_isEcc"
if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then
- _info "CSR exists, skip"
+ _info "CSR exists, skipping"
return
fi
if [ ! -f "$CERT_KEY_PATH" ]; then
- _err "The key file is not found: $CERT_KEY_PATH"
- _err "Please create the key file first."
+ _err "This key file was not found: $CERT_KEY_PATH"
+ _err "Please create it first."
return 1
fi
_createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"
@@ -1725,7 +1725,7 @@ _calcjwk() {
__ECC_KEY_LEN=512
;;
*)
- _err "ECC oid : $crv_oid"
+ _err "ECC oid: $crv_oid"
return 1
;;
esac
@@ -1768,7 +1768,7 @@ _calcjwk() {
JWK_HEADERPLACE_PART1='{"nonce": "'
JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"'
else
- _err "Only RSA or EC key is supported. keyfile=$keyfile"
+ _err "Only RSA or EC keys are supported. keyfile=$keyfile"
_debug2 "$(cat "$keyfile")"
return 1
fi
@@ -1802,7 +1802,7 @@ _date2time() {
if da="$(echo "$1" | tr -d "Z" | tr "T" ' ')" perl -MTime::Piece -e 'print Time::Piece->strptime($ENV{da}, "%Y-%m-%d %H:%M:%S")->epoch, "\n";' 2>/dev/null; then
return
fi
- _err "Can not parse _date2time $1"
+ _err "Cannot parse _date2time $1"
return 1
}
@@ -1826,7 +1826,7 @@ _mktemp() {
echo "/$LE_TEMP_DIR/wefADf24sf.$(_time).tmp"
return 0
fi
- _err "Can not create temp file."
+ _err "Cannot create temp file."
}
#clear all the https envs to cause _inithttp() to run next time.
@@ -2015,7 +2015,7 @@ _post() {
_ret="$?"
if [ "$_ret" = "8" ]; then
_ret=0
- _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
+ _debug "wget returned 8 as the server returned a 'Bad Request' response. Let's process the response later."
fi
if [ "$_ret" != "0" ]; then
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
@@ -2029,7 +2029,7 @@ _post() {
_sed_i 's/^ //g' "$HTTP_HEADER"
else
_ret="$?"
- _err "Neither curl nor wget is found, can not do $httpmethod."
+ _err "Neither curl nor wget have been found, cannot make $httpmethod request."
fi
_debug "_ret" "$_ret"
printf "%s" "$response"
@@ -2098,14 +2098,14 @@ _get() {
ret=$?
if [ "$ret" = "8" ]; then
ret=0
- _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
+ _debug "wget returned 8 as the server returned a 'Bad Request' response. Let's process the response later."
fi
if [ "$ret" != "0" ]; then
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
fi
else
ret=$?
- _err "Neither curl nor wget is found, can not do GET."
+ _err "Neither curl nor wget have been found, cannot make GET request."
fi
_debug "ret" "$ret"
return $ret
@@ -2137,7 +2137,7 @@ _send_signed_request() {
if [ -z "$keyfile" ]; then
keyfile="$ACCOUNT_KEY_PATH"
fi
- _debug "=======Begin Send Signed Request======="
+ _debug "=======Sending Signed Request======="
_debug url "$url"
_debug payload "$payload"
@@ -2183,7 +2183,7 @@ _send_signed_request() {
fi
_debug2 _CACHED_NONCE "$_CACHED_NONCE"
if [ "$?" != "0" ]; then
- _err "Can not connect to $nonceurl to get nonce."
+ _err "Cannot connect to $nonceurl to get nonce."
return 1
fi
else
@@ -2226,7 +2226,7 @@ _send_signed_request() {
_CACHED_NONCE=""
if [ "$?" != "0" ]; then
- _err "Can not post to $url"
+ _err "Cannot make POST request to $url"
return 1
fi
@@ -2258,21 +2258,21 @@ _send_signed_request() {
_sleep_overload_retry_sec=5
fi
if [ $_sleep_overload_retry_sec -le 600 ]; then
- _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping $_sleep_overload_retry_sec seconds."
+ _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping for $_sleep_overload_retry_sec seconds."
_sleep $_sleep_overload_retry_sec
continue
else
- _info "The retryafter=$_retryafter is too large > 600, not retry anymore."
+ _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore."
fi
fi
if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then
- _info "It seems the CA server is busy now, let's wait and retry. Sleeping $_sleep_retry_sec seconds."
+ _info "It seems the CA server is busy now, let's wait and retry. Sleeping for $_sleep_retry_sec seconds."
_CACHED_NONCE=""
_sleep $_sleep_retry_sec
continue
fi
if _contains "$_body" "The Replay Nonce is not recognized"; then
- _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds."
+ _info "The replay nonce is not valid, let's get a new one. Sleeping for $_sleep_retry_sec seconds."
_CACHED_NONCE=""
_sleep $_sleep_retry_sec
continue
@@ -2344,7 +2344,7 @@ _save_conf() {
if [ "$_s_c_f" ]; then
_setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'"
else
- _err "config file is empty, can not save $_sdkey=$_sdvalue"
+ _err "Config file is empty, cannot save $_sdkey=$_sdvalue"
fi
}
@@ -2356,7 +2356,7 @@ _clear_conf() {
_conf_data="$(cat "$_c_c_f")"
echo "$_conf_data" | sed "s/^$_sdkey *=.*$//" >"$_c_c_f"
else
- _err "config file is empty, can not clear"
+ _err "Config file is empty, cannot clear"
fi
}
@@ -2374,7 +2374,7 @@ _read_conf() {
fi
printf "%s" "$_sdv"
else
- _debug "config file is empty, can not read $_sdkey"
+ _debug "Config file is empty, cannot read $_sdkey"
fi
}
@@ -2592,7 +2592,7 @@ _starttlsserver() {
#create key TLS_KEY
if ! _createkey "2048" "$TLS_KEY"; then
- _err "Create tls validation key error."
+ _err "Error creating TLS validation key."
return 1
fi
@@ -2602,13 +2602,13 @@ _starttlsserver() {
alt="$alt,$san_b"
fi
if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$acmeValidationv1"; then
- _err "Create tls validation csr error."
+ _err "Error creating TLS validation CSR."
return 1
fi
#self signed
if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT"; then
- _err "Create tls validation cert error."
+ _err "Error creating TLS validation cert."
return 1
fi
@@ -2662,7 +2662,7 @@ _conapath() {
__initHome() {
if [ -z "$_SCRIPT_HOME" ]; then
if _exists readlink && _exists dirname; then
- _debug "Lets find script dir."
+ _debug "Let's find the script directory."
_debug "_SCRIPT_" "$_SCRIPT_"
_script="$(_readlink "$_SCRIPT_")"
_debug "_script" "$_script"
@@ -2671,7 +2671,7 @@ __initHome() {
if [ -d "$_script_home" ]; then
export _SCRIPT_HOME="$_script_home"
else
- _err "It seems the script home is not correct:$_script_home"
+ _err "It seems the script home is not correct: $_script_home"
fi
fi
fi
@@ -2686,7 +2686,7 @@ __initHome() {
# fi
if [ -z "$LE_WORKING_DIR" ]; then
- _debug "Using default home:$DEFAULT_INSTALL_HOME"
+ _debug "Using default home: $DEFAULT_INSTALL_HOME"
LE_WORKING_DIR="$DEFAULT_INSTALL_HOME"
fi
export LE_WORKING_DIR
@@ -2694,7 +2694,7 @@ __initHome() {
if [ -z "$LE_CONFIG_HOME" ]; then
LE_CONFIG_HOME="$LE_WORKING_DIR"
fi
- _debug "Using config home:$LE_CONFIG_HOME"
+ _debug "Using config home: $LE_CONFIG_HOME"
export LE_CONFIG_HOME
_DEFAULT_ACCOUNT_CONF_PATH="$LE_CONFIG_HOME/account.conf"
@@ -2731,7 +2731,7 @@ _clearAPI() {
#server
_initAPI() {
_api_server="${1:-$ACME_DIRECTORY}"
- _debug "_init api for server: $_api_server"
+ _debug "_init API for server: $_api_server"
MAX_API_RETRY_TIMES=10
_sleep_retry_sec=10
@@ -2741,8 +2741,8 @@ _initAPI() {
response=$(_get "$_api_server")
if [ "$?" != "0" ]; then
_debug2 "response" "$response"
- _info "Can not init api for: $_api_server."
- _info "Sleep $_sleep_retry_sec and retry."
+ _info "Cannot init API for: $_api_server."
+ _info "Sleeping for $_sleep_retry_sec seconds and retrying."
_sleep "$_sleep_retry_sec"
continue
fi
@@ -2780,13 +2780,13 @@ _initAPI() {
if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
return 0
fi
- _info "Sleep $_sleep_retry_sec and retry."
+ _info "Sleeping for $_sleep_retry_sec seconds and retrying."
_sleep "$_sleep_retry_sec"
done
if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
return 0
fi
- _err "Can not init api, for $_api_server"
+ _err "Cannot init API for $_api_server"
return 1
}
@@ -2918,7 +2918,7 @@ _initpath() {
DOMAIN_PATH="$domainhomeecc"
elif [ -z "$__SELECTED_RSA_KEY" ]; then
if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ]; then
- _info "The domain '$domain' seems to have a ECC cert already, lets use ecc cert."
+ _info "The domain '$domain' seems to already have an ECC cert, let's use it."
DOMAIN_PATH="$domainhomeecc"
fi
fi
@@ -2981,7 +2981,7 @@ _apachePath() {
if _exists apache2ctl; then
_APACHECTL="apache2ctl"
else
- _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'"
+ _err "'apachectl not found. It seems that Apache is not installed or you are not root.'"
_err "Please use webroot mode to try again."
return 1
fi
@@ -3000,7 +3000,7 @@ _apachePath() {
_debug httpdconfname "$httpdconfname"
if [ -z "$httpdconfname" ]; then
- _err "Can not read apache config file."
+ _err "Cannot read Apache config file."
return 1
fi
@@ -3017,7 +3017,7 @@ _apachePath() {
_debug httpdconf "$httpdconf"
_debug httpdconfname "$httpdconfname"
if [ ! -f "$httpdconf" ]; then
- _err "Apache Config file not found" "$httpdconf"
+ _err "Apache config file not found" "$httpdconf"
return 1
fi
return 0
@@ -3040,7 +3040,7 @@ _restoreApache() {
cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf"
_debug "Restored: $httpdconf."
if ! $_APACHECTL -t; then
- _err "Sorry, restore apache config error, please contact me."
+ _err "Sorry, there's been an error restoring the Apache config. Please ask for support on $PROJECT."
return 1
fi
_debug "Restored successfully."
@@ -3055,26 +3055,26 @@ _setApache() {
fi
#test the conf first
- _info "Checking if there is an error in the apache config file before starting."
+ _info "Checking if there is an error in the Apache config file before starting."
if ! $_APACHECTL -t >/dev/null; then
- _err "The apache config file has error, please fix it first, then try again."
- _err "Don't worry, there is nothing changed to your system."
+ _err "The Apache config file has errors, please fix them first then try again."
+ _err "Don't worry, no changes to your system have been made."
return 1
else
_info "OK"
fi
#backup the conf
- _debug "Backup apache config file" "$httpdconf"
+ _debug "Backing up Apache config file" "$httpdconf"
if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then
- _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed."
- _err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT"
+ _err "Cannot backup Apache config file, aborting. Don't worry, the Apache config has not been changed."
+ _err "This might be an $PROJECT_NAME bug, please open an issue on $PROJECT"
return 1
fi
- _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
- _info "In case there is an error that can not be restored automatically, you may try restore it yourself."
- _info "The backup file will be deleted on success, just forget it."
+ _info "Config file $httpdconf has been backed up to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
+ _info "In case an error causes it to not be restored automatically, you can restore it yourself."
+ _info "You do not need to do anything on success, as the backup file will automatically be deleted."
#add alias
@@ -3104,11 +3104,11 @@ Allow from all
_msg="$($_APACHECTL -t 2>&1)"
if [ "$?" != "0" ]; then
- _err "Sorry, apache config error"
+ _err "Sorry, an Apache config error has occurred"
if _restoreApache; then
- _err "The apache config file is restored."
+ _err "The Apache config file has been restored."
else
- _err "Sorry, the apache config file can not be restored, please report bug."
+ _err "Sorry, the Apache config file cannot be restored, please open an issue on $PROJECT."
fi
return 1
fi
@@ -3119,7 +3119,7 @@ Allow from all
fi
if ! $_APACHECTL graceful; then
- _err "$_APACHECTL graceful error, please contact me."
+ _err "$_APACHECTL graceful error, please open an issue on $PROJECT."
_restoreApache
return 1
fi
@@ -3143,10 +3143,10 @@ _setNginx() {
_start_f="$(echo "$_croot" | cut -d : -f 2)"
_debug _start_f "$_start_f"
if [ -z "$_start_f" ]; then
- _debug "find start conf from nginx command"
+ _debug "Finding config using the nginx command"
if [ -z "$NGINX_CONF" ]; then
if ! _exists "nginx"; then
- _err "nginx command is not found."
+ _err "nginx command not found."
return 1
fi
NGINX_CONF="$(nginx -V 2>&1 | _egrep_o "\-\-conf-path=[^ ]* " | tr -d " ")"
@@ -3154,7 +3154,7 @@ _setNginx() {
NGINX_CONF="$(echo "$NGINX_CONF" | cut -d = -f 2)"
_debug NGINX_CONF "$NGINX_CONF"
if [ -z "$NGINX_CONF" ]; then
- _err "Can not find nginx conf."
+ _err "Cannot find nginx config."
NGINX_CONF=""
return 1
fi
@@ -3163,16 +3163,16 @@ _setNginx() {
NGINX_CONF=""
return 1
fi
- _debug "Found nginx conf file:$NGINX_CONF"
+ _debug "Found nginx config file: $NGINX_CONF"
fi
_start_f="$NGINX_CONF"
fi
- _debug "Start detect nginx conf for $_d from:$_start_f"
+ _debug "Detecting nginx conf for $_d from: $_start_f"
if ! _checkConf "$_d" "$_start_f"; then
- _err "Can not find conf file for domain $d"
+ _err "Cannot find config file for domain $d"
return 1
fi
- _info "Found conf file: $FOUND_REAL_NGINX_CONF"
+ _info "Found config file: $FOUND_REAL_NGINX_CONF"
_ln=$FOUND_REAL_NGINX_CONF_LN
_debug "_ln" "$_ln"
@@ -3182,7 +3182,7 @@ _setNginx() {
_start_tag="$(sed -n "$_lnn,${_lnn}p" "$FOUND_REAL_NGINX_CONF")"
_debug "_start_tag" "$_start_tag"
if [ "$_start_tag" = "$NGINX_START" ]; then
- _info "The domain $_d is already configured, skip"
+ _info "The domain $_d is already configured, skipping"
FOUND_REAL_NGINX_CONF=""
return 0
fi
@@ -3191,28 +3191,28 @@ _setNginx() {
_backup_conf="$DOMAIN_BACKUP_PATH/$_d.nginx.conf"
_debug _backup_conf "$_backup_conf"
BACKUP_NGINX_CONF="$_backup_conf"
- _info "Backup $FOUND_REAL_NGINX_CONF to $_backup_conf"
+ _info "Backing $FOUND_REAL_NGINX_CONF up to $_backup_conf"
if ! cp "$FOUND_REAL_NGINX_CONF" "$_backup_conf"; then
- _err "backup error."
+ _err "Backup error."
FOUND_REAL_NGINX_CONF=""
return 1
fi
if ! _exists "nginx"; then
- _err "nginx command is not found."
+ _err "nginx command not found."
return 1
fi
- _info "Check the nginx conf before setting up."
+ _info "Checking the nginx config before setting up."
if ! nginx -t >/dev/null 2>&1; then
- _err "It seems that nginx conf is not correct, cannot continue."
+ _err "It seems that the nginx config is not correct, cannot continue."
return 1
fi
- _info "OK, Set up nginx config file"
+ _info "OK, setting up the nginx config file"
if ! sed -n "1,${_ln}p" "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"; then
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
- _err "write nginx conf error, but don't worry, the file is restored to the original version."
+ _err "Error writing nginx config. Restoring it to its original version."
return 1
fi
@@ -3226,20 +3226,20 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
if ! sed -n "${_lnn},99999p" "$_backup_conf" >>"$FOUND_REAL_NGINX_CONF"; then
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
- _err "write nginx conf error, but don't worry, the file is restored."
+ _err "Error writing nginx config. Restoring it to its original version."
return 1
fi
_debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)"
- _info "nginx conf is done, let's check it again."
+ _info "nginx config has been written, let's check it again."
if ! nginx -t >/dev/null 2>&1; then
- _err "It seems that nginx conf was broken, let's restore."
+ _err "There seems to be a problem with the nginx config, let's restore it to its original version."
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
return 1
fi
- _info "Reload nginx"
+ _info "Reloading nginx"
if ! nginx -s reload >/dev/null 2>&1; then
- _err "It seems that nginx reload error, let's restore."
+ _err "There seems to be a problem with the nginx config, let's restore it to its original version."
cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"
return 1
fi
@@ -3251,7 +3251,7 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" {
_checkConf() {
_d="$1"
_c_file="$2"
- _debug "Start _checkConf from:$_c_file"
+ _debug "Starting _checkConf from: $_c_file"
if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then
_debug "wildcard"
for _w_f in $2; do
@@ -3264,14 +3264,14 @@ _checkConf() {
elif [ -f "$2" ]; then
_debug "single"
if _isRealNginxConf "$1" "$2"; then
- _debug "$2 is found."
+ _debug "$2 found."
FOUND_REAL_NGINX_CONF="$2"
return 0
fi
if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then
- _debug "Try include files"
+ _debug "Trying include files"
for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
- _debug "check included $included"
+ _debug "Checking included $included"
if ! _startswith "$included" "/" && _exists dirname; then
_relpath="$(dirname "$2")"
_debug "_relpath" "$_relpath"
@@ -3347,7 +3347,7 @@ _isRealNginxConf() {
#restore all the nginx conf
_restoreNginx() {
if [ -z "$NGINX_RESTORE_VLIST" ]; then
- _debug "No need to restore nginx, skip."
+ _debug "No need to restore nginx config, skipping."
return
fi
_debug "_restoreNginx"
@@ -3362,9 +3362,9 @@ _restoreNginx() {
cat "$_ngbackupconf" >"$_ngconf"
done
- _info "Reload nginx"
+ _info "Reloading nginx"
if ! nginx -s reload >/dev/null; then
- _err "It seems that nginx reload error, please report bug."
+ _err "An error occurred while reloading nginx, please open an issue on $PROJECT."
return 1
fi
return 0
@@ -3389,7 +3389,7 @@ _clearupdns() {
_debug "dns_entries" "$dns_entries"
if [ -z "$dns_entries" ]; then
- _debug "skip dns."
+ _debug "Skipping dns."
return
fi
_info "Removing DNS records."
@@ -3412,7 +3412,7 @@ _clearupdns() {
fi
if [ -z "$d_api" ]; then
- _info "Not Found domain api file: $d_api"
+ _info "Domain API file was not found: $d_api"
continue
fi
@@ -3422,21 +3422,21 @@ _clearupdns() {
(
if ! . "$d_api"; then
- _err "Load file $d_api error. Please check your api file and try again."
+ _err "Error loading file $d_api. Please check your API file and try again."
return 1
fi
rmcommand="${_currentRoot}_rm"
if ! _exists "$rmcommand"; then
- _err "It seems that your api file doesn't define $rmcommand"
+ _err "It seems that your API file doesn't define $rmcommand"
return 1
fi
_info "Removing txt: $txt for domain: $txtdomain"
if ! $rmcommand "$txtdomain" "$txt"; then
- _err "Error removing txt for domain:$txtdomain"
+ _err "Error removing txt for domain: $txtdomain"
return 1
fi
- _info "Removed: Success"
+ _info "Successfully removed"
)
done
@@ -3446,7 +3446,7 @@ _clearupdns() {
_clearupwebbroot() {
__webroot="$1"
if [ -z "$__webroot" ]; then
- _debug "no webroot specified, skip"
+ _debug "No webroot specified, skipping"
return 0
fi
@@ -3458,12 +3458,12 @@ _clearupwebbroot() {
elif [ "$2" = '3' ]; then
_rmpath="$__webroot/.well-known/acme-challenge/$3"
else
- _debug "Skip for removelevel:$2"
+ _debug "Skipping for removelevel: $2"
fi
if [ "$_rmpath" ]; then
if [ "$DEBUG" ]; then
- _debug "Debugging, skip removing: $_rmpath"
+ _debug "Debugging, not removing: $_rmpath"
else
rm -rf "$_rmpath"
fi
@@ -3484,13 +3484,13 @@ _on_before_issue() {
_debug _chk_alt_domains "$_chk_alt_domains"
#run pre hook
if [ "$_chk_pre_hook" ]; then
- _info "Run pre hook:'$_chk_pre_hook'"
+ _info "Runing pre hook:'$_chk_pre_hook'"
if ! (
export Le_Domain="$_chk_main_domain"
export Le_Alt="$_chk_alt_domains"
cd "$DOMAIN_PATH" && eval "$_chk_pre_hook"
); then
- _err "Error when run pre hook."
+ _err "Error occurred when running pre hook."
return 1
fi
fi
@@ -3515,7 +3515,7 @@ _on_before_issue() {
if [ -z "$d" ]; then
break
fi
- _debug "Check for domain" "$d"
+ _debug "Checking for domain" "$d"
_currentRoot="$(_getfield "$_chk_web_roots" $_index)"
_debug "_currentRoot" "$_currentRoot"
_index=$(_math $_index + 1)
@@ -3562,7 +3562,7 @@ _on_before_issue() {
if _hasfield "$_chk_web_roots" "apache"; then
if ! _setApache; then
- _err "set up apache error. Report error to me."
+ _err "Error setting up Apache. Please open an issue on $PROJECT."
return 1
fi
else
@@ -3579,17 +3579,17 @@ _on_issue_err() {
if [ "$LOG_FILE" ]; then
_err "Please check log file for more details: $LOG_FILE"
else
- _err "Please add '--debug' or '--log' to check more details."
+ _err "Please add '--debug' or '--log' to see more information."
_err "See: $_DEBUG_WIKI"
fi
#run the post hook
if [ "$_chk_post_hook" ]; then
- _info "Run post hook:'$_chk_post_hook'"
+ _info "Running post hook: '$_chk_post_hook'"
if ! (
cd "$DOMAIN_PATH" && eval "$_chk_post_hook"
); then
- _err "Error when run post hook."
+ _err "Error encountered while running post hook."
return 1
fi
fi
@@ -3628,7 +3628,7 @@ _on_issue_success() {
#run the post hook
if [ "$_chk_post_hook" ]; then
- _info "Run post hook:'$_chk_post_hook'"
+ _info "Running post hook:'$_chk_post_hook'"
if ! (
export CERT_PATH
export CERT_KEY_PATH
@@ -3637,14 +3637,14 @@ _on_issue_success() {
export Le_Domain="$_main_domain"
cd "$DOMAIN_PATH" && eval "$_chk_post_hook"
); then
- _err "Error when run post hook."
+ _err "Error encountered while running post hook."
return 1
fi
fi
#run renew hook
if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
- _info "Run renew hook:'$_chk_renew_hook'"
+ _info "Running renew hook: '$_chk_renew_hook'"
if ! (
export CERT_PATH
export CERT_KEY_PATH
@@ -3653,7 +3653,7 @@ _on_issue_success() {
export Le_Domain="$_main_domain"
cd "$DOMAIN_PATH" && eval "$_chk_renew_hook"
); then
- _err "Error when run renew hook."
+ _err "Error encountered while running renew hook."
return 1
fi
fi
@@ -3709,7 +3709,7 @@ _regAccount() {
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
if ! _create_account_key "$_reg_length"; then
- _err "Create account key error."
+ _err "Error creating account key."
return 1
fi
fi
@@ -3732,7 +3732,7 @@ _regAccount() {
if [ "$ACME_DIRECTORY" = "$CA_ZEROSSL" ]; then
if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
- _info "No EAB credentials found for ZeroSSL, let's get one"
+ _info "No EAB credentials found for ZeroSSL, let's obtain them"
if [ -z "$_email" ]; then
_info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")"
_info "$(__green "Please update your account with an email address first.")"
@@ -3743,20 +3743,20 @@ _regAccount() {
_eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
if [ "$?" != "0" ]; then
_debug2 "$_eabresp"
- _err "Can not get EAB credentials from ZeroSSL."
+ _err "Cannot get EAB credentials from ZeroSSL."
return 1
fi
_secure_debug2 _eabresp "$_eabresp"
_eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
_secure_debug2 _eab_id "$_eab_id"
if [ -z "$_eab_id" ]; then
- _err "Can not resolve _eab_id"
+ _err "Cannot resolve _eab_id"
return 1
fi
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
_secure_debug2 _eab_hmac_key "$_eab_hmac_key"
if [ -z "$_eab_hmac_key" ]; then
- _err "Can not resolve _eab_hmac_key"
+ _err "Cannot resolve _eab_hmac_key"
return 1
fi
_savecaconf CA_EAB_KEY_ID "$_eab_id"
@@ -3793,7 +3793,7 @@ _regAccount() {
_info "Registering account: $ACME_DIRECTORY"
if ! _send_signed_request "${ACME_NEW_ACCOUNT}" "$regjson"; then
- _err "Register account Error: $response"
+ _err "Error registering account: $response"
return 1
fi
@@ -3804,10 +3804,10 @@ _regAccount() {
elif [ "$code" = '409' ] || [ "$code" = '200' ]; then
_info "Already registered"
elif [ "$code" = '400' ] && _contains "$response" 'The account is not awaiting external account binding'; then
- _info "Already register EAB."
+ _info "EAB already registered"
_eabAlreadyBound=1
else
- _err "Register account Error: $response"
+ _err "Account registration error: $response"
return 1
fi
@@ -3816,7 +3816,7 @@ _regAccount() {
_accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n ")"
_debug "_accUri" "$_accUri"
if [ -z "$_accUri" ]; then
- _err "Can not find account id url."
+ _err "Cannot find account id url."
_err "$responseHeaders"
return 1
fi
@@ -3831,7 +3831,7 @@ _regAccount() {
_savecaconf CA_KEY_HASH "$CA_KEY_HASH"
if [ "$code" = '403' ]; then
- _err "It seems that the account key is already deactivated, please use a new account key."
+ _err "It seems that the account key has been deactivated, please use a new account key."
return 1
fi
@@ -3844,7 +3844,7 @@ updateaccount() {
_initpath
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
- _err "Account key is not found at: $ACCOUNT_KEY_PATH"
+ _err "Account key not found at: $ACCOUNT_KEY_PATH"
return 1
fi
@@ -3852,8 +3852,7 @@ updateaccount() {
_debug _accUri "$_accUri"
if [ -z "$_accUri" ]; then
- _err "The account url is empty, please run '--update-account' first to update the account info first,"
- _err "Then try again."
+ _err "The account URL is empty, please run '--update-account' first to update the account info, then try again."
return 1
fi
@@ -3876,7 +3875,7 @@ updateaccount() {
echo "$response" >"$ACCOUNT_JSON_PATH"
_info "Account update success for $_accUri."
else
- _info "Error. The account was not updated."
+ _info "An error occurred and the account was not updated."
return 1
fi
}
@@ -3886,7 +3885,7 @@ deactivateaccount() {
_initpath
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
- _err "Account key is not found at: $ACCOUNT_KEY_PATH"
+ _err "Account key not found at: $ACCOUNT_KEY_PATH"
return 1
fi
@@ -3894,8 +3893,7 @@ deactivateaccount() {
_debug _accUri "$_accUri"
if [ -z "$_accUri" ]; then
- _err "The account url is empty, please run '--update-account' first to update the account info first,"
- _err "Then try again."
+ _err "The account URL is empty, please run '--update-account' first to update the account info, then try again."
return 1
fi
@@ -3907,13 +3905,13 @@ deactivateaccount() {
_djson="{\"status\":\"deactivated\"}"
if _send_signed_request "$_accUri" "$_djson" && _contains "$response" '"deactivated"'; then
- _info "Deactivate account success for $_accUri."
+ _info "Successfully deactivated account $_accUri."
_accid=$(echo "$response" | _egrep_o "\"id\" *: *[^,]*," | cut -d : -f 2 | tr -d ' ,')
elif [ "$code" = "403" ]; then
_info "The account is already deactivated."
_accid=$(_getfield "$_accUri" "999" "/")
else
- _err "Deactivate: account failed for $_accUri."
+ _err "Account deactivation failed for $_accUri."
return 1
fi
@@ -3927,7 +3925,7 @@ deactivateaccount() {
mv "$ACCOUNT_JSON_PATH" "$_deactivated_account_path/"
mv "$ACCOUNT_KEY_PATH" "$_deactivated_account_path/"
else
- _err "Can not create dir: $_deactivated_account_path, try to remove the deactivated account key."
+ _err "Cannot create dir: $_deactivated_account_path, try to remove the deactivated account key."
rm -f "$CA_CONF"
rm -f "$ACCOUNT_JSON_PATH"
rm -f "$ACCOUNT_KEY_PATH"
@@ -3970,28 +3968,28 @@ __get_domain_new_authz() {
_Max_new_authz_retry_times=5
_authz_i=0
while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do
- _debug "Try new-authz for the $_authz_i time."
+ _debug "Trying new-authz, attempt number $_authz_i."
if ! _send_signed_request "${ACME_NEW_AUTHZ}" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then
- _err "Can not get domain new authz."
+ _err "Cannot get new authz for domain."
return 1
fi
if _contains "$response" "No registration exists matching provided key"; then
- _err "It seems there is an error, but it's recovered now, please try again."
- _err "If you see this message for a second time, please report bug: $(__green "$PROJECT")"
+ _err "There has been an error, but it might now be resolved, please try again."
+ _err "If you see this message for a second time, please report this as a bug: $(__green "$PROJECT")"
_clearcaconf "CA_KEY_HASH"
break
fi
if ! _contains "$response" "An error occurred while processing your request"; then
- _info "The new-authz request is ok."
+ _info "new-authz request successful."
break
fi
_authz_i="$(_math "$_authz_i" + 1)"
- _info "The server is busy, Sleep $_authz_i to retry."
+ _info "The server is busy, sleeping for $_authz_i seconds and retrying."
_sleep "$_authz_i"
done
if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then
- _err "new-authz retry reach the max $_Max_new_authz_retry_times times."
+ _err "new-authz has been retried $_Max_new_authz_retry_times times, stopping."
fi
if [ "$code" ] && [ "$code" != '201' ]; then
@@ -4047,7 +4045,7 @@ _ns_lookup_cf() {
_ns_purge_cf() {
_cf_d="$1"
_cf_d_type="$2"
- _debug "Cloudflare purge $_cf_d_type record for domain $_cf_d"
+ _debug "Purging Cloudflare $_cf_d_type record for domain $_cf_d"
_cf_purl="https://cloudflare-dns.com/api/v1/purge?domain=$_cf_d&type=$_cf_d_type"
response="$(_post "" "$_cf_purl")"
_debug2 response "$response"
@@ -4112,21 +4110,21 @@ _ns_lookup_dp() {
_ns_select_doh() {
if [ -z "$DOH_USE" ]; then
- _debug "Detect dns server first."
+ _debug "Detecting DNS server first."
if _ns_is_available_cf; then
- _debug "Use cloudflare doh server"
+ _debug "Using Cloudflare doh server"
export DOH_USE=$DOH_CLOUDFLARE
elif _ns_is_available_google; then
- _debug "Use google doh server"
+ _debug "Using Google DOH server"
export DOH_USE=$DOH_GOOGLE
elif _ns_is_available_ali; then
- _debug "Use aliyun doh server"
+ _debug "Using Aliyun DOH server"
export DOH_USE=$DOH_ALI
elif _ns_is_available_dp; then
- _debug "Use dns pod doh server"
+ _debug "Using DNS POD DOH server"
export DOH_USE=$DOH_DP
else
- _err "No doh"
+ _err "No DOH"
fi
fi
}
@@ -4143,7 +4141,7 @@ _ns_lookup() {
elif [ "$DOH_USE" = "$DOH_DP" ]; then
_ns_lookup_dp "$@"
else
- _err "Unknown doh provider: DOH_USE=$DOH_USE"
+ _err "Unknown DOH provider: DOH_USE=$DOH_USE"
fi
}
@@ -4169,7 +4167,7 @@ __purge_txt() {
if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then
_ns_purge_cf "$_p_txtdomain" "TXT"
else
- _debug "no purge api for this doh api, just sleep 5 secs"
+ _debug "No purge API for this DOH API, just sleeping for 5 seconds"
_sleep 5
fi
@@ -4200,17 +4198,17 @@ _check_dns_entries() {
_debug "d_api" "$d_api"
_info "Checking $d for $aliasDomain"
if _contains "$_success_txt" ",$txt,"; then
- _info "Already success, continue next one."
+ _info "Already succeeded, continuing."
continue
fi
if __check_txt "$txtdomain" "$aliasDomain" "$txt"; then
- _info "Domain $d '$aliasDomain' success."
+ _info "Success for domain $d '$aliasDomain'."
_success_txt="$_success_txt,$txt,"
continue
fi
_left=1
- _info "Not valid yet, let's wait 10 seconds and check next one."
+ _info "Not valid yet, let's wait for 10 seconds then check the next one."
__purge_txt "$txtdomain"
if [ "$txtdomain" != "$aliasDomain" ]; then
__purge_txt "$aliasDomain"
@@ -4218,10 +4216,10 @@ _check_dns_entries() {
_sleep 10
done
if [ "$_left" ]; then
- _info "Let's wait 10 seconds and check again".
+ _info "Let's wait for 10 seconds and check again".
_sleep 10
else
- _info "All success, let's return"
+ _info "All checks succeeded"
return 0
fi
done
@@ -4337,14 +4335,14 @@ _convertValidaty() {
elif _endswith "$_dateTo" "d"; then
_v_end=$(_math "$_v_begin + 60 * 60 * 24 * $(echo "$_dateTo" | tr -d '+d')")
else
- _err "Not recognized format for _dateTo: $_dateTo"
+ _err "Unrecognized format for _dateTo: $_dateTo"
return 1
fi
_debug2 "_v_end" "$_v_end"
_time2str "$_v_end"
else
if [ "$(_time)" -gt "$(_date2time "$_dateTo")" ]; then
- _err "The validaty to is in the past: _dateTo = $_dateTo"
+ _err "The validity end date is in the past: _dateTo = $_dateTo"
return 1
fi
echo "$_dateTo"
@@ -4408,7 +4406,7 @@ issue() {
_valid_to_saved=$(_readdomainconf Le_Valid_to)
if [ "$_valid_to_saved" ] && ! _startswith "$_valid_to_saved" "+"; then
_info "The domain is set to be valid to: $_valid_to_saved"
- _info "It can not be renewed automatically"
+ _info "It cannot be renewed automatically"
_info "See: $_VALIDITY_WIKI"
return $RENEW_SKIP
fi
@@ -4424,8 +4422,8 @@ issue() {
if [ "$_normized_saved_domains" = "$_normized_domains" ]; then
_info "Domains not changed."
- _info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")"
- _info "Add '$(__red '--force')' to force to renew."
+ _info "Skipping. Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")"
+ _info "Add '$(__red '--force')' to force renewal."
return $RENEW_SKIP
else
_info "Domains have changed."
@@ -4484,7 +4482,7 @@ issue() {
return 1
fi
else
- _debug "_saved_account_key_hash is not changed, skip register account."
+ _debug "_saved_account_key_hash was not changed, skipping account registration."
fi
export Le_Next_Domain_Key="$CERT_KEY_PATH.next"
@@ -4498,15 +4496,15 @@ issue() {
if [ -z "$_key" ]; then
_key=2048
fi
- _debug "Read key length:$_key"
+ _debug "Read key length: $_key"
if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
if [ "$Le_ForceNewDomainKey" = "1" ] && [ -f "$Le_Next_Domain_Key" ]; then
- _info "Using pre generated key: $Le_Next_Domain_Key"
+ _info "Using pre-generated key: $Le_Next_Domain_Key"
cat "$Le_Next_Domain_Key" >"$CERT_KEY_PATH"
echo "" >"$Le_Next_Domain_Key"
else
if ! createDomainKey "$_main_domain" "$_key_length"; then
- _err "Create domain key error."
+ _err "Error creating domain key."
_clearup
_on_issue_err "$_post_hook"
return 1
@@ -4514,18 +4512,18 @@ issue() {
fi
fi
if [ "$Le_ForceNewDomainKey" ]; then
- _info "Generate next pre-generate key."
+ _info "Generating next pre-generate key."
if [ ! -e "$Le_Next_Domain_Key" ]; then
touch "$Le_Next_Domain_Key"
chmod 600 "$Le_Next_Domain_Key"
fi
if ! _createkey "$_key_length" "$Le_Next_Domain_Key"; then
- _err "Can not pre generate domain key"
+ _err "Cannot pre-generate domain key"
return 1
fi
fi
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
- _err "Create CSR error."
+ _err "Error creating CSR."
_clearup
_on_issue_err "$_post_hook"
return 1
@@ -4561,7 +4559,7 @@ issue() {
_debug2 "_valid_from" "$_valid_from"
_notBefore="$(_convertValidaty "" "$_valid_from")"
if [ "$?" != "0" ]; then
- _err "Can not parse _valid_from: $_valid_from"
+ _err "Cannot parse _valid_from: $_valid_from"
return 1
fi
if [ "$(_time)" -gt "$(_date2time "$_notBefore")" ]; then
@@ -4577,7 +4575,7 @@ issue() {
_savedomainconf "Le_Valid_To" "$_valid_to"
_notAfter="$(_convertValidaty "$_notBefore" "$_valid_to")"
if [ "$?" != "0" ]; then
- _err "Can not parse _valid_to: $_valid_to"
+ _err "Cannot parse _valid_to: $_valid_to"
return 1
fi
else
@@ -4594,7 +4592,7 @@ issue() {
fi
_debug "STEP 1, Ordering a Certificate"
if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then
- _err "Create new order error."
+ _err "Error creating new order."
_clearup
_on_issue_err "$_post_hook"
return 1
@@ -4614,7 +4612,7 @@ issue() {
Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)"
_debug Le_OrderFinalize "$Le_OrderFinalize"
if [ -z "$Le_OrderFinalize" ]; then
- _err "Create new order error. Le_OrderFinalize not found. $response"
+ _err "Error creating new order. Le_OrderFinalize not found. $response"
_clearup
_on_issue_err "$_post_hook"
return 1
@@ -4638,7 +4636,7 @@ issue() {
for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do
_debug2 "_authz_url" "$_authz_url"
if ! _send_signed_request "$_authz_url"; then
- _err "get to authz error."
+ _err "Error getting authz."
_err "_authorizations_seg" "$_authorizations_seg"
_err "_authz_url" "$_authz_url"
_err "$response"
@@ -4711,7 +4709,7 @@ $_authorizations_map"
response="$(echo "$_candidates" | sed "s/$_idn_d,//")"
_debug2 "response" "$response"
if [ -z "$response" ]; then
- _err "get to authz error."
+ _err "Error getting authz."
_err "_authorizations_map" "$_authorizations_map"
_clearup
_on_issue_err "$_post_hook"
@@ -4735,10 +4733,10 @@ $_authorizations_map"
_debug entry "$entry"
if [ -z "$keyauthorization" -a -z "$entry" ]; then
- _err "Error, can not get domain token entry $d for $vtype"
+ _err "Cannot get domain token entry $d for $vtype"
_supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
if [ "$_supported_vtypes" ]; then
- _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
+ _err "Supported validation types are: $_supported_vtypes, but you specified: $vtype"
fi
_clearup
_on_issue_err "$_post_hook"
@@ -4750,7 +4748,7 @@ $_authorizations_map"
_debug token "$token"
if [ -z "$token" ]; then
- _err "Error, can not get domain token $entry"
+ _err "Cannot get domain token $entry"
_clearup
_on_issue_err "$_post_hook"
return 1
@@ -4761,7 +4759,7 @@ $_authorizations_map"
_debug uri "$uri"
if [ -z "$uri" ]; then
- _err "Error, can not get domain uri. $entry"
+ _err "Cannot get domain URI $entry"
_clearup
_on_issue_err "$_post_hook"
return 1
@@ -4790,7 +4788,7 @@ $_authorizations_map"
_authz_url=$(echo "$ventry" | cut -d "$sep" -f 6)
_debug d "$d"
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
- _debug "$d is already verified, skip $vtype."
+ _debug "$d has already been verified, skipping $vtype."
_alias_index="$(_math "$_alias_index" + 1)"
continue
fi
@@ -4827,37 +4825,37 @@ $_authorizations_map"
dns_entry="$dns_entry$dvsep$txt${dvsep}$d_api"
_debug2 dns_entry "$dns_entry"
if [ "$d_api" ]; then
- _debug "Found domain api file: $d_api"
+ _debug "Found domain API file: $d_api"
else
if [ "$_currentRoot" != "$W_DNS" ]; then
- _err "Can not find dns api hook for: $_currentRoot"
- _info "You need to add the txt record manually."
+ _err "Cannot find DNS API hook for: $_currentRoot"
+ _info "You need to add the TXT record manually."
fi
_info "$(__red "Add the following TXT record:")"
_info "$(__red "Domain: '$(__green "$txtdomain")'")"
_info "$(__red "TXT value: '$(__green "$txt")'")"
- _info "$(__red "Please be aware that you prepend _acme-challenge. before your domain")"
- _info "$(__red "so the resulting subdomain will be: $txtdomain")"
+ _info "$(__red "Please make sure to prepend '_acme-challenge.' to your domain")"
+ _info "$(__red "so that the resulting subdomain is: $txtdomain")"
continue
fi
(
if ! . "$d_api"; then
- _err "Load file $d_api error. Please check your api file and try again."
+ _err "Error loading file $d_api. Please check your API file and try again."
return 1
fi
addcommand="${_currentRoot}_add"
if ! _exists "$addcommand"; then
- _err "It seems that your api file is not correct, it must have a function named: $addcommand"
+ _err "It seems that your API file is incorrect. Make sure it has a function named: $addcommand"
return 1
fi
- _info "Adding txt value: $txt for domain: $txtdomain"
+ _info "Adding TXT value: $txt for domain: $txtdomain"
if ! $addcommand "$txtdomain" "$txt"; then
- _err "Error add txt for domain:$txtdomain"
+ _err "Error adding TXT record to domain: $txtdomain"
return 1
fi
- _info "The txt record is added: Success."
+ _info "The TXT record has been successfully added."
)
if [ "$?" != "0" ]; then
@@ -4874,7 +4872,7 @@ $_authorizations_map"
if [ "$dnsadded" = '0' ]; then
_savedomainconf "Le_Vlist" "$vlist"
- _debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
+ _debug "DNS record not yet added. Will save to $DOMAIN_CONF and exit."
_err "Please add the TXT records to the domains, and re-run with --renew."
_on_issue_err "$_post_hook"
_clearup
@@ -4887,23 +4885,23 @@ $_authorizations_map"
if [ "$dns_entries" ]; then
if [ -z "$Le_DNSSleep" ]; then
- _info "Let's check each DNS record now. Sleep 20 seconds first."
+ _info "Let's check each DNS record now. Sleeping for 20 seconds first."
_sleep 20
if ! _check_dns_entries; then
- _err "check dns error."
+ _err "Error checking DNS."
_on_issue_err "$_post_hook"
_clearup
return 1
fi
else
_savedomainconf "Le_DNSSleep" "$Le_DNSSleep"
- _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect"
+ _info "Sleeping for $(__green $Le_DNSSleep) seconds to wait for the the TXT records to take effect"
_sleep "$Le_DNSSleep"
fi
fi
NGINX_RESTORE_VLIST=""
- _debug "ok, let's start to verify"
+ _debug "OK, let's start verification"
_ncIndex=1
ventries=$(echo "$vlist" | tr "$dvsep" ' ')
@@ -4915,7 +4913,7 @@ $_authorizations_map"
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
_authz_url=$(echo "$ventry" | cut -d "$sep" -f 6)
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
- _info "$d is already verified, skip $vtype."
+ _info "$d is already verified, skipping $vtype."
continue
fi
@@ -4943,10 +4941,10 @@ $_authorizations_map"
sleep 1
_debug serverproc "$serverproc"
elif [ "$_currentRoot" = "$MODE_STATELESS" ]; then
- _info "Stateless mode for domain:$d"
+ _info "Stateless mode for domain: $d"
_sleep 1
elif _startswith "$_currentRoot" "$NGINX"; then
- _info "Nginx mode for domain:$d"
+ _info "Nginx mode for domain: $d"
#set up nginx server
FOUND_REAL_NGINX_CONF=""
BACKUP_NGINX_CONF=""
@@ -4979,26 +4977,26 @@ $_authorizations_map"
_debug wellknown_path "$wellknown_path"
- _debug "writing token:$token to $wellknown_path/$token"
+ _debug "Writing token: $token to $wellknown_path/$token"
mkdir -p "$wellknown_path"
if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then
- _err "$d:Can not write token to file : $wellknown_path/$token"
+ _err "$d: Cannot write token to file: $wellknown_path/$token"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
return 1
fi
if ! chmod a+r "$wellknown_path/$token"; then
- _debug "chmod failed, but we just continue."
+ _debug "chmod failed, will just continue."
fi
fi
elif [ "$vtype" = "$VTYPE_ALPN" ]; then
acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
_debug acmevalidationv1 "$acmevalidationv1"
if ! _starttlsserver "$d" "" "$Le_TLSPort" "$keyauthorization" "$_ncaddr" "$acmevalidationv1"; then
- _err "Start tls server error."
+ _err "Error starting TLS server."
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
@@ -5007,7 +5005,7 @@ $_authorizations_map"
fi
if ! __trigger_validation "$uri" "$keyauthorization" "$vtype"; then
- _err "$d:Can not get challenge: $response"
+ _err "$d: Cannot get challenge: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
@@ -5016,9 +5014,9 @@ $_authorizations_map"
if [ "$code" ] && [ "$code" != '202' ]; then
if [ "$code" = '200' ]; then
- _debug "trigger validation code: $code"
+ _debug "Trigger validation code: $code"
else
- _err "$d:Challenge error: $response"
+ _err "$d: Challenge error: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
@@ -5031,11 +5029,11 @@ $_authorizations_map"
MAX_RETRY_TIMES=30
fi
- _debug "Lets check the status of the authz"
+ _debug "Let's check the authz status"
while true; do
waittimes=$(_math "$waittimes" + 1)
if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ]; then
- _err "$d:Timeout"
+ _err "$d: Timeout"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
@@ -5055,13 +5053,13 @@ $_authorizations_map"
errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)"
_debug2 errordetail "$errordetail"
if [ "$errordetail" ]; then
- _err "Invalid status, $d:Verify error detail:$errordetail"
+ _err "$d: Invalid status. Verification error details: $errordetail"
else
- _err "Invalid status, $d:Verify error:$error"
+ _err "$d: Invalid status, Verification error: $error"
fi
if [ "$DEBUG" ]; then
if [ "$vtype" = "$VTYPE_HTTP" ]; then
- _debug "Debug: get token url."
+ _debug "Debug: GET token URL."
_get "http://$d/.well-known/acme-challenge/$token" "" 1
fi
fi
@@ -5080,24 +5078,24 @@ $_authorizations_map"
fi
if _contains "$status" "pending"; then
- _info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
+ _info "Pending. The CA is processing your order, please wait. ($waittimes/$MAX_RETRY_TIMES)"
elif _contains "$status" "processing"; then
- _info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
+ _info "Processing. The CA is processing your order, please wait. ($waittimes/$MAX_RETRY_TIMES)"
else
- _err "Unknown status: $status, $d:Verify error:$response"
+ _err "$d: Unknown status: $status. Verification error: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
return 1
fi
- _debug "sleep 2 secs to verify again"
+ _debug "Sleep 2 seconds before verifying again"
_sleep 2
- _debug "checking"
+ _debug "Checking"
_send_signed_request "$_authz_url"
if [ "$?" != "0" ]; then
- _err "Invalid code, $d:Verify error:$response"
+ _err "$d: Invalid code. Verification error: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
@@ -5108,18 +5106,18 @@ $_authorizations_map"
done
_clearup
- _info "Verify finished, start to sign."
+ _info "Verification finished, beginning signing."
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
- _info "Lets finalize the order."
+ _info "Let's finalize the order."
_info "Le_OrderFinalize" "$Le_OrderFinalize"
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
- _err "Sign failed."
+ _err "Signing failed."
_on_issue_err "$_post_hook"
return 1
fi
if [ "$code" != "200" ]; then
- _err "Sign failed, finalize code is not 200."
+ _err "Signing failed. Finalize code was not 200."
_err "$response"
_on_issue_err "$_post_hook"
return 1
@@ -5138,38 +5136,38 @@ $_authorizations_map"
Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
_debug Le_LinkCert "$Le_LinkCert"
if [ -z "$Le_LinkCert" ]; then
- _err "Sign error, can not find Le_LinkCert"
+ _err "A signing error occurred: could not find Le_LinkCert"
_err "$response"
_on_issue_err "$_post_hook"
return 1
fi
break
elif _contains "$response" "\"processing\""; then
- _info "Order status is processing, lets sleep and retry."
+ _info "Order status is 'processing', let's sleep and retry."
_retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r')
_debug "_retryafter" "$_retryafter"
if [ "$_retryafter" ]; then
- _info "Retry after: $_retryafter"
+ _info "Sleeping for $_retryafter seconds then retrying"
_sleep $_retryafter
else
_sleep 2
fi
else
- _err "Sign error, wrong status"
+ _err "Signing error: wrong status"
_err "$response"
_on_issue_err "$_post_hook"
return 1
fi
#the order is processing, so we are going to poll order status
if [ -z "$Le_LinkOrder" ]; then
- _err "Sign error, can not get order link location header"
+ _err "Signing error: could not get order link location header"
_err "responseHeaders" "$responseHeaders"
_on_issue_err "$_post_hook"
return 1
fi
_info "Polling order status: $Le_LinkOrder"
if ! _send_signed_request "$Le_LinkOrder"; then
- _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder."
+ _err "Signing failed. Could not make POST request to Le_LinkOrder for cert: $Le_LinkOrder."
_err "$response"
_on_issue_err "$_post_hook"
return 1
@@ -5178,7 +5176,7 @@ $_authorizations_map"
done
if [ -z "$Le_LinkCert" ]; then
- _err "Sign failed, can not get Le_LinkCert, retry time limit."
+ _err "Signing failed. Could not get Le_LinkCert, and stopped retrying after reaching the retry limit."
_err "$response"
_on_issue_err "$_post_hook"
return 1
@@ -5186,7 +5184,7 @@ $_authorizations_map"
_info "Downloading cert."
_info "Le_LinkCert" "$Le_LinkCert"
if ! _send_signed_request "$Le_LinkCert"; then
- _err "Sign failed, can not download cert:$Le_LinkCert."
+ _err "Signing failed. Could not download cert: $Le_LinkCert."
_err "$response"
_on_issue_err "$_post_hook"
return 1
@@ -5199,15 +5197,15 @@ $_authorizations_map"
fi
if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then
if [ "$DEBUG" ]; then
- _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")"
+ _debug "Default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")"
fi
if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then
rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)"
_debug2 "rels" "$rels"
for rel in $rels; do
- _info "Try rel: $rel"
+ _info "Trying rel: $rel"
if ! _send_signed_request "$rel"; then
- _err "Sign failed, can not download cert:$rel"
+ _err "Signing failed, could not download cert: $rel"
_err "$response"
continue
fi
@@ -5241,7 +5239,7 @@ $_authorizations_map"
if [ -z "$Le_LinkCert" ] || ! _checkcert "$CERT_PATH"; then
response="$(echo "$response" | _dbase64 "multiline" | tr -d '\0' | _normalizeJson)"
- _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')"
+ _err "Signing failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')"
_on_issue_err "$_post_hook"
return 1
fi
@@ -5263,9 +5261,9 @@ $_authorizations_map"
fi
[ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
- [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"
+ [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full-chain cert is in: $(__green "$CERT_FULLCHAIN_PATH")"
if [ "$Le_ForceNewDomainKey" ] && [ -e "$Le_Next_Domain_Key" ]; then
- _info "Your pre-generated next key for future cert key change is in: $(__green "$Le_Next_Domain_Key")"
+ _info "Your pre-generated key for future cert key changes is in: $(__green "$Le_Next_Domain_Key")"
fi
Le_CertCreateTime=$(_time)
@@ -5315,8 +5313,8 @@ $_authorizations_map"
Le_NextRenewTime=$(_date2time "$_notAfter")
Le_NextRenewTimeStr="$_notAfter"
if [ "$_valid_to" ] && ! _startswith "$_valid_to" "+"; then
- _info "The domain is set to be valid to: $_valid_to"
- _info "It can not be renewed automatically"
+ _info "The domain is set to be valid until: $_valid_to"
+ _info "It cannot be renewed automatically"
_info "See: $_VALIDITY_WIKI"
else
_now=$(_time)
@@ -5359,7 +5357,7 @@ $_authorizations_map"
fi
if ! _on_issue_success "$_post_hook" "$_renew_hook"; then
- _err "Call hook error."
+ _err "Error calling hook."
return 1
fi
}
@@ -5395,9 +5393,9 @@ renew() {
_initpath "$Le_Domain" "$_isEcc"
_set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT}
- _info "$(__green "Renew: '$Le_Domain'")"
+ _info "$(__green "Renewing: '$Le_Domain'")"
if [ ! -f "$DOMAIN_CONF" ]; then
- _info "'$Le_Domain' is not an issued domain, skip."
+ _info "'$Le_Domain' is not an issued domain, skipping."
return $RENEW_SKIP
fi
@@ -5426,7 +5424,7 @@ renew() {
if [ "$_server" ]; then
Le_API="$_server"
fi
- _info "Renew to Le_API=$Le_API"
+ _info "Renewing using Le_API=$Le_API"
_clearAPI
_clearCA
@@ -5437,8 +5435,8 @@ renew() {
_initpath "$Le_Domain" "$_isEcc"
if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then
- _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")"
- _info "Add '$(__red '--force')' to force to renew."
+ _info "Skipping. Next renewal time is: $(__green "$Le_NextRenewTimeStr")"
+ _info "Add '$(__red '--force')' to force renewal."
if [ -z "$_ACME_IN_RENEWALL" ]; then
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then
_send_notify "Renew $Le_Domain skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP"
@@ -5448,7 +5446,7 @@ renew() {
fi
if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
- _info "Skip invalid cert for: $Le_Domain"
+ _info "Skipping invalid cert for: $Le_Domain"
return $RENEW_SKIP
fi
@@ -5514,7 +5512,7 @@ renewAll() {
for di in "${CERT_HOME}"/*.*/; do
_debug di "$di"
if ! [ -d "$di" ]; then
- _debug "Not a directory, skip: $di"
+ _debug "Not a directory, skipping: $di"
continue
fi
d=$(basename "$di")
@@ -5572,12 +5570,12 @@ renewAll() {
_error_msg="${_error_msg} $d
"
if [ "$_stopRenewOnError" ]; then
- _err "Error renew $d, stop now."
+ _err "Error renewing $d, stopping."
_ret="$rc"
break
else
_ret="$rc"
- _err "Error renew $d."
+ _err "Error renewing $d."
fi
fi
done
@@ -5588,13 +5586,13 @@ renewAll() {
_msg_subject="Renew"
if [ "$_error_msg" ]; then
_msg_subject="${_msg_subject} Error"
- _msg_data="Error certs:
+ _msg_data="Errored certs:
${_error_msg}
"
fi
if [ "$_success_msg" ]; then
_msg_subject="${_msg_subject} Success"
- _msg_data="${_msg_data}Success certs:
+ _msg_data="${_msg_data}Successful certs:
${_success_msg}
"
fi
@@ -5635,18 +5633,18 @@ signcsr() {
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
if [ "$?" != "0" ]; then
- _err "Can not read subject from csr: $_csrfile"
+ _err "Cannot read subject from CSR: $_csrfile"
return 1
fi
_debug _csrsubj "$_csrsubj"
if _contains "$_csrsubj" ' ' || ! _contains "$_csrsubj" '.'; then
- _info "It seems that the subject: $_csrsubj is not a valid domain name. Drop it."
+ _info "It seems that the subject $_csrsubj is not a valid domain name. Dropping it."
_csrsubj=""
fi
_csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile")
if [ "$?" != "0" ]; then
- _err "Can not read domain list from csr: $_csrfile"
+ _err "Cannot read domain list from CSR: $_csrfile"
return 1
fi
_debug "_csrdomainlist" "$_csrdomainlist"
@@ -5659,20 +5657,20 @@ signcsr() {
fi
if [ -z "$_csrsubj" ]; then
- _err "Can not read subject from csr: $_csrfile"
+ _err "Cannot read subject from CSR: $_csrfile"
return 1
fi
_csrkeylength=$(_readKeyLengthFromCSR "$_csrfile")
if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then
- _err "Can not read key length from csr: $_csrfile"
+ _err "Cannot read key length from CSR: $_csrfile"
return 1
fi
_initpath "$_csrsubj" "$_csrkeylength"
mkdir -p "$DOMAIN_PATH"
- _info "Copy csr to: $CSR_PATH"
+ _info "Copying CSR to: $CSR_PATH"
cp "$_csrfile" "$CSR_PATH"
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain"
@@ -5691,18 +5689,18 @@ showcsr() {
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
if [ "$?" != "0" ]; then
- _err "Can not read subject from csr: $_csrfile"
+ _err "Cannot read subject from CSR: $_csrfile"
return 1
fi
if [ -z "$_csrsubj" ]; then
- _info "The Subject is empty"
+ _info "The subject is empty"
fi
_info "Subject=$_csrsubj"
_csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile")
if [ "$?" != "0" ]; then
- _err "Can not read domain list from csr: $_csrfile"
+ _err "Cannot read domain list from CSR: $_csrfile"
return 1
fi
_debug "_csrdomainlist" "$_csrdomainlist"
@@ -5711,7 +5709,7 @@ showcsr() {
_csrkeylength=$(_readKeyLengthFromCSR "$_csrfile")
if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then
- _err "Can not read key length from csr: $_csrfile"
+ _err "Cannot read key length from CSR: $_csrfile"
return 1
fi
_info "KeyLength=$_csrkeylength"
@@ -5767,29 +5765,29 @@ _deploy() {
for _d_api in $(echo "$_hooks" | tr ',' " "); do
_deployApi="$(_findHook "$_d" $_SUB_FOLDER_DEPLOY "$_d_api")"
if [ -z "$_deployApi" ]; then
- _err "The deploy hook $_d_api is not found."
+ _err "The deploy hook $_d_api was not found."
return 1
fi
_debug _deployApi "$_deployApi"
if ! (
if ! . "$_deployApi"; then
- _err "Load file $_deployApi error. Please check your api file and try again."
+ _err "Error loading file $_deployApi. Please check your API file and try again."
return 1
fi
d_command="${_d_api}_deploy"
if ! _exists "$d_command"; then
- _err "It seems that your api file is not correct, it must have a function named: $d_command"
+ _err "It seems that your API file is not correct. Make sure it has a function named: $d_command"
return 1
fi
if ! $d_command "$_d" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then
- _err "Error deploy for domain:$_d"
+ _err "Error deploying for domain: $_d"
return 1
fi
); then
- _err "Deploy error."
+ _err "Error encountered while deploying."
return 1
else
_info "$(__green Success)"
@@ -5810,7 +5808,7 @@ deploy() {
_initpath "$_d" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then
_err "The domain '$_d' is not a cert name. You must use the cert name to specify the cert to install."
- _err "Can not find path:'$DOMAIN_PATH'"
+ _err "Cannot find path: '$DOMAIN_PATH'"
return 1
fi
@@ -5839,7 +5837,7 @@ installcert() {
_initpath "$_main_domain" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then
_err "The domain '$_main_domain' is not a cert name. You must use the cert name to specify the cert to install."
- _err "Can not find path:'$DOMAIN_PATH'"
+ _err "Cannot find path: '$DOMAIN_PATH'"
return 1
fi
@@ -5934,7 +5932,7 @@ _installcert() {
fi
if [ "$_reload_cmd" ]; then
- _info "Run reload cmd: $_reload_cmd"
+ _info "Running reload cmd: $_reload_cmd"
if (
export CERT_PATH
export CERT_KEY_PATH
@@ -5945,9 +5943,9 @@ _installcert() {
export Le_Next_Domain_Key
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
); then
- _info "$(__green "Reload success")"
+ _info "$(__green "Reload successful")"
else
- _err "Reload error for :$Le_Domain"
+ _err "Reload error for: $Le_Domain"
fi
fi
@@ -5975,25 +5973,25 @@ _install_win_taskscheduler() {
return 1
fi
if ! _exists schtasks; then
- _err "schtasks.exe is not found, are you on Windows?"
+ _err "schtasks.exe was not found, are you on Windows?"
return 1
fi
_winbash="$(cygpath -w $(which bash))"
_debug _winbash "$_winbash"
if [ -z "$_winbash" ]; then
- _err "can not find bash path"
+ _err "Cannot find bash path"
return 1
fi
_myname="$(whoami)"
_debug "_myname" "$_myname"
if [ -z "$_myname" ]; then
- _err "can not find my user name"
+ _err "Can not find own username"
return 1
fi
_debug "_lesh" "$_lesh"
- _info "To install scheduler task in your Windows account, you must input your windows password."
- _info "$PROJECT_NAME doesn't save your password."
+ _info "To install the scheduler task to your Windows account, you must input your Windows password."
+ _info "$PROJECT_NAME will not save your password."
_info "Please input your Windows password for: $(__green "$_myname")"
_password="$(__read_password)"
#SCHTASKS.exe '/create' '/SC' 'DAILY' '/TN' "$_WINDOWS_SCHEDULER_NAME" '/F' '/ST' "00:$_randomminute" '/RU' "$_myname" '/RP' "$_password" '/TR' "$_winbash -l -c '$_lesh --cron --home \"$LE_WORKING_DIR\" $_centry'" >/dev/null
@@ -6004,11 +6002,11 @@ _install_win_taskscheduler() {
_uninstall_win_taskscheduler() {
if ! _exists schtasks; then
- _err "schtasks.exe is not found, are you on Windows?"
+ _err "schtasks.exe was not found, are you on Windows?"
return 1
fi
if ! echo SCHTASKS /query /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null; then
- _debug "scheduler $_WINDOWS_SCHEDULER_NAME is not found."
+ _debug "scheduler $_WINDOWS_SCHEDULER_NAME was not found."
else
_info "Removing $_WINDOWS_SCHEDULER_NAME"
echo SCHTASKS /delete /f /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null
@@ -6027,10 +6025,10 @@ installcronjob() {
_script="$(_readlink "$_SCRIPT_")"
_debug _script "$_script"
if [ -f "$_script" ]; then
- _info "Using the current script from: $_script"
+ _info "Usinging the current script from: $_script"
lesh="$_script"
else
- _err "Can not install cronjob, $PROJECT_ENTRY not found."
+ _err "Cannot install cronjob, $PROJECT_ENTRY not found."
return 1
fi
fi
@@ -6047,18 +6045,18 @@ installcronjob() {
if ! _exists "$_CRONTAB"; then
if _exists cygpath && _exists schtasks.exe; then
- _info "It seems you are on Windows, let's install Windows scheduler task."
+ _info "It seems you are on Windows, let's install the Windows scheduler task."
if _install_win_taskscheduler "$lesh" "$_c_entry" "$random_minute"; then
- _info "Install Windows scheduler task success."
+ _info "Successfully installed Windows scheduler task."
return 0
else
- _err "Install Windows scheduler task failed."
+ _err "Failed to install Windows scheduler task."
return 1
fi
fi
- _err "crontab/fcrontab doesn't exist, so, we can not install cron jobs."
- _err "All your certs will not be renewed automatically."
- _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday."
+ _err "crontab/fcrontab doesn't exist, so we cannot install cron jobs."
+ _err "Your certs will not be renewed automatically."
+ _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' every day."
return 1
fi
_info "Installing cron job"
@@ -6074,8 +6072,8 @@ installcronjob() {
} | $_CRONTAB_STDIN
fi
if [ "$?" != "0" ]; then
- _err "Install cron job failed. You need to manually renew your certs."
- _err "Or you can add cronjob by yourself:"
+ _err "Failed to install cron job. You need to manually renew your certs."
+ _err "Alternatively, you can add a cron job by yourself:"
_err "$lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null"
return 1
fi
@@ -6089,12 +6087,12 @@ uninstallcronjob() {
if ! _exists "$_CRONTAB"; then
if _exists cygpath && _exists schtasks.exe; then
- _info "It seems you are on Windows, let's uninstall Windows scheduler task."
+ _info "It seems you are on Windows, let's uninstall the Windows scheduler task."
if _uninstall_win_taskscheduler; then
- _info "Uninstall Windows scheduler task success."
+ _info "Successfully uninstalled Windows scheduler task."
return 0
else
- _err "Uninstall Windows scheduler task failed."
+ _err "Failed to uninstall Windows scheduler task."
return 1
fi
fi
@@ -6134,12 +6132,12 @@ revoke() {
fi
_initpath "$Le_Domain" "$_isEcc"
if [ ! -f "$DOMAIN_CONF" ]; then
- _err "$Le_Domain is not a issued domain, skip."
+ _err "$Le_Domain is not an issued domain, skipping."
return 1
fi
if [ ! -f "$CERT_PATH" ]; then
- _err "Cert for $Le_Domain $CERT_PATH is not found, skip."
+ _err "Cert for $Le_Domain $CERT_PATH was not found, skipping."
return 1
fi
@@ -6163,7 +6161,7 @@ revoke() {
cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)"
if [ -z "$cert" ]; then
- _err "Cert for $Le_Domain is empty found, skip."
+ _err "Cert for $Le_Domain is empty, skipping."
return 1
fi
@@ -6173,31 +6171,31 @@ revoke() {
uri="${ACME_REVOKE_CERT}"
- _info "Try account key first."
+ _info "Trying account key first."
if _send_signed_request "$uri" "$data" "" "$ACCOUNT_KEY_PATH"; then
if [ -z "$response" ]; then
- _info "Revoke success."
+ _info "Successfully revoked."
rm -f "$CERT_PATH"
cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked"
cat "$CSR_PATH" >"$CSR_PATH.revoked"
return 0
else
- _err "Revoke error."
+ _err "Error revoking."
_debug "$response"
fi
fi
if [ -f "$CERT_KEY_PATH" ]; then
- _info "Try domain key."
+ _info "Trying domain key."
if _send_signed_request "$uri" "$data" "" "$CERT_KEY_PATH"; then
if [ -z "$response" ]; then
- _info "Revoke success."
+ _info "Successfully revoked."
rm -f "$CERT_PATH"
cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked"
cat "$CSR_PATH" >"$CSR_PATH.revoked"
return 0
else
- _err "Revoke error by domain key."
+ _err "Error revoking using domain key."
_err "$response"
fi
fi
@@ -6221,19 +6219,19 @@ remove() {
_removed_conf="$DOMAIN_CONF.removed"
if [ ! -f "$DOMAIN_CONF" ]; then
if [ -f "$_removed_conf" ]; then
- _err "$Le_Domain is already removed, You can remove the folder by yourself: $DOMAIN_PATH"
+ _err "$Le_Domain has already been removed. You can remove the folder by yourself: $DOMAIN_PATH"
else
- _err "$Le_Domain is not a issued domain, skip."
+ _err "$Le_Domain is not an issued domain, skipping."
fi
return 1
fi
if mv "$DOMAIN_CONF" "$_removed_conf"; then
- _info "$Le_Domain is removed, the key and cert files are in $(__green $DOMAIN_PATH)"
+ _info "$Le_Domain has been removed. The key and cert files are in $(__green $DOMAIN_PATH)"
_info "You can remove them by yourself."
return 0
else
- _err "Remove $Le_Domain failed."
+ _err "Failed to remove $Le_Domain."
return 1
fi
}
@@ -6263,7 +6261,7 @@ _deactivate() {
_identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
- _err "Can not get domain new order."
+ _err "Cannot get new order for domain."
return 1
fi
_authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^\]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')"
@@ -6278,7 +6276,7 @@ _deactivate() {
authzUri="$_authorizations_seg"
_debug2 "authzUri" "$authzUri"
if ! _send_signed_request "$authzUri"; then
- _err "get to authz error."
+ _err "Error making GET request for authz."
_err "_authorizations_seg" "$_authorizations_seg"
_err "authzUri" "$authzUri"
_clearup
@@ -6301,7 +6299,7 @@ _deactivate() {
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
_debug entry "$entry"
if [ -z "$entry" ]; then
- _err "Error, can not get domain token $d"
+ _err "$d: Cannot get domain token"
return 1
fi
token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
@@ -6319,13 +6317,13 @@ _deactivate() {
_d_i=0
_d_max_retry=$(echo "$entries" | wc -l)
while [ "$_d_i" -lt "$_d_max_retry" ]; do
- _info "Deactivate: $_d_domain"
+ _info "Deactivating $_d_domain"
_d_i="$(_math $_d_i + 1)"
entry="$(echo "$entries" | sed -n "${_d_i}p")"
_debug entry "$entry"
if [ -z "$entry" ]; then
- _info "No more valid entry found."
+ _info "No more valid entries found."
break
fi
@@ -6337,27 +6335,27 @@ _deactivate() {
_debug uri "$uri"
if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then
- _info "Skip $_vtype"
+ _info "Skipping $_vtype"
continue
fi
- _info "Deactivate: $_vtype"
+ _info "Deactivating $_vtype"
_djson="{\"status\":\"deactivated\"}"
if _send_signed_request "$authzUri" "$_djson" && _contains "$response" '"deactivated"'; then
- _info "Deactivate: $_vtype success."
+ _info "Successfully deactivated $_vtype."
else
- _err "Can not deactivate $_vtype."
+ _err "Could not deactivate $_vtype."
break
fi
done
_debug "$_d_i"
if [ "$_d_i" -eq "$_d_max_retry" ]; then
- _info "Deactivated success!"
+ _info "Successfully deactivated!"
else
- _err "Deactivate failed."
+ _err "Deactivation failed."
fi
}
@@ -6438,17 +6436,17 @@ _precheck() {
_nocron="$1"
if ! _exists "curl" && ! _exists "wget"; then
- _err "Please install curl or wget first, we need to access http resources."
+ _err "Please install curl or wget first to enable access to HTTP resources."
return 1
fi
if [ -z "$_nocron" ]; then
if ! _exists "crontab" && ! _exists "fcrontab"; then
if _exists cygpath && _exists schtasks.exe; then
- _info "It seems you are on Windows, we will install Windows scheduler task."
+ _info "It seems you are on Windows, we will install the Windows scheduler task."
else
- _err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'."
- _err "We need to set cron job to renew the certs automatically."
+ _err "It is recommended to install crontab first. Try to install 'cron', 'crontab', 'crontabs' or 'vixie-cron'."
+ _err "We need to set a cron job to renew the certs automatically."
_err "Otherwise, your certs will not be able to be renewed automatically."
if [ -z "$FORCE" ]; then
_err "Please add '--force' and try install again to go without crontab."
@@ -6467,8 +6465,8 @@ _precheck() {
if ! _exists "socat"; then
_err "It is recommended to install socat first."
- _err "We use socat for standalone server if you use standalone mode."
- _err "If you don't use standalone mode, just ignore this warning."
+ _err "We use socat for the standalone server, which is used for standalone mode."
+ _err "If you don't want to use standalone mode, you may ignore this warning."
fi
return 0
@@ -6516,9 +6514,9 @@ _installalias() {
_debug "Found profile: $_profile"
_info "Installing alias to '$_profile'"
_setopt "$_profile" ". \"$_envfile\""
- _info "OK, Close and reopen your terminal to start using $PROJECT_NAME"
+ _info "Close and reopen your terminal to start using $PROJECT_NAME"
else
- _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME"
+ _info "No profile has been found, you will need to change your working directory to $LE_WORKING_DIR to use $PROJECT_NAME"
fi
#for csh
@@ -6567,12 +6565,12 @@ install() {
return 1
fi
if [ "$_nocron" ]; then
- _debug "Skip install cron job"
+ _debug "Skipping cron job installation"
fi
if [ "$_ACME_IN_CRON" != "1" ]; then
if ! _precheck "$_nocron"; then
- _err "Pre-check failed, can not install."
+ _err "Pre-check failed, cannot install."
return 1
fi
fi
@@ -6602,7 +6600,7 @@ install() {
if [ ! -d "$LE_WORKING_DIR" ]; then
if ! mkdir -p "$LE_WORKING_DIR"; then
- _err "Can not create working dir: $LE_WORKING_DIR"
+ _err "Cannot create working dir: $LE_WORKING_DIR"
return 1
fi
@@ -6611,7 +6609,7 @@ install() {
if [ ! -d "$LE_CONFIG_HOME" ]; then
if ! mkdir -p "$LE_CONFIG_HOME"; then
- _err "Can not create config dir: $LE_CONFIG_HOME"
+ _err "Cannot create config dir: $LE_CONFIG_HOME"
return 1
fi
@@ -6621,7 +6619,7 @@ install() {
cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY"
if [ "$?" != "0" ]; then
- _err "Install failed, can not copy $PROJECT_ENTRY"
+ _err "Installation failed, cannot copy $PROJECT_ENTRY"
return 1
fi
@@ -6667,7 +6665,7 @@ install() {
fi
fi
if [ "$_bash_path" ]; then
- _info "Good, bash is found, so change the shebang to use bash as preferred."
+ _info "bash has been found. Changing the shebang to use bash as preferred."
_shebang='#!'"$_bash_path"
_setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang"
for subf in $_SUB_FOLDERS; do
@@ -6698,7 +6696,7 @@ uninstall() {
_uninstallalias
rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY"
- _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\", you can remove them by yourself."
+ _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\". You can remove them by yourself."
}
@@ -6736,7 +6734,7 @@ cron() {
export LE_WORKING_DIR
(
if ! upgrade; then
- _err "Cron:Upgrade failed!"
+ _err "Cron: Upgrade failed!"
return 1
fi
)
@@ -6746,7 +6744,7 @@ cron() {
__INTERACTIVE="1"
fi
- _info "Auto upgraded to: $VER"
+ _info "Automatically upgraded to: $VER"
fi
renewAll
_ret="$?"
@@ -6768,12 +6766,12 @@ _send_notify() {
_nerror="$4"
if [ "$NOTIFY_LEVEL" = "$NOTIFY_LEVEL_DISABLE" ]; then
- _debug "The NOTIFY_LEVEL is $NOTIFY_LEVEL, disabled, just return."
+ _debug "The NOTIFY_LEVEL is $NOTIFY_LEVEL, which means it's disabled, so will just return."
return 0
fi
if [ -z "$_nhooks" ]; then
- _debug "The NOTIFY_HOOK is empty, just return."
+ _debug "The NOTIFY_HOOK is empty, will just return."
return 0
fi
@@ -6790,29 +6788,29 @@ _send_notify() {
_info "Sending via: $_n_hook"
_debug "Found $_n_hook_file for $_n_hook"
if [ -z "$_n_hook_file" ]; then
- _err "Can not find the hook file for $_n_hook"
+ _err "Cannot find the hook file for $_n_hook"
continue
fi
if ! (
if ! . "$_n_hook_file"; then
- _err "Load file $_n_hook_file error. Please check your api file and try again."
+ _err "Error loading file $_n_hook_file. Please check your API file and try again."
return 1
fi
d_command="${_n_hook}_send"
if ! _exists "$d_command"; then
- _err "It seems that your api file is not correct, it must have a function named: $d_command"
+ _err "It seems that your API file is not correct. Make sure it has a function named: $d_command"
return 1
fi
if ! $d_command "$_nsubject" "$_ncontent" "$_nerror"; then
- _err "Error send message by $d_command"
+ _err "Error sending message using $d_command"
return 1
fi
return 0
); then
- _err "Set $_n_hook_file error."
+ _err "Error setting $_n_hook_file."
_send_err=1
else
_info "$_n_hook $(__green Success)"
@@ -6869,7 +6867,7 @@ setnotify() {
if [ "$_nhook" ]; then
_info "Set notify hook to: $_nhook"
if [ "$_nhook" = "$NO_VALUE" ]; then
- _info "Clear notify hook"
+ _info "Clearing notify hook"
_clearaccountconf "NOTIFY_HOOK"
else
if _set_notify_hook "$_nhook"; then
@@ -6877,7 +6875,7 @@ setnotify() {
_saveaccountconf "NOTIFY_HOOK" "$NOTIFY_HOOK"
return 0
else
- _err "Can not set notify hook to: $_nhook"
+ _err "Cannot set notify hook to: $_nhook"
return 1
fi
fi
@@ -6897,7 +6895,7 @@ Commands:
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
--issue Issue a cert.
--deploy Deploy the cert to your server.
- -i, --install-cert Install the issued cert to apache/nginx or any other server.
+ -i, --install-cert Install the issued cert to Apache/nginx or any other server.
-r, --renew Renew a cert.
--renew-all Renew all the certs.
--revoke Revoke a cert.
@@ -6953,7 +6951,7 @@ Parameters:
--stateless Use stateless mode.
See: $_STATELESS_WIKI
- --apache Use apache mode.
+ --apache Use Apache mode.
--dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
See: $_DNS_API_WIKI
@@ -6968,7 +6966,7 @@ Parameters:
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
- These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
+ These parameters are to install the cert to nginx/Apache or any other server after issue/renew a cert:
--cert-file <file> Path to copy the cert file to after issue/renew.
--key-file <file> Path to copy the key file to after issue/renew.
@@ -7092,12 +7090,12 @@ _getUpgradeHash() {
upgrade() {
if (
_initpath
- [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0
+ [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already up to date!" && exit 0
export LE_WORKING_DIR
cd "$LE_WORKING_DIR"
installOnline "--nocron" "--noprofile"
); then
- _info "Upgrade success!"
+ _info "Upgrade successful!"
exit 0
else
_err "Upgrade failed!"
@@ -7213,7 +7211,7 @@ _getCAShortName() {
#set default ca to $ACME_DIRECTORY
setdefaultca() {
if [ -z "$ACME_DIRECTORY" ]; then
- _err "Please give a --server parameter."
+ _err "Please provide a --server parameter."
return 1
fi
_saveaccountconf "DEFAULT_ACME_SERVER" "$ACME_DIRECTORY"
@@ -7225,7 +7223,7 @@ setdefaultchain() {
_initpath
_preferred_chain="$1"
if [ -z "$_preferred_chain" ]; then
- _err "Please give a '--preferred-chain value' value."
+ _err "Please provide a value for '--preferred-chain'."
return 1
fi
mkdir -p "$CA_DIR"
@@ -7423,7 +7421,7 @@ _process() {
return 1
fi
if _is_idn "$_dvalue" && ! _exists idn; then
- _err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first."
+ _err "It seems that $_dvalue is an IDN (Internationalized Domain Names), please install the 'idn' command first."
return 1
fi
@@ -7785,7 +7783,7 @@ _process() {
--notify-level)
_nlevel="$2"
if _startswith "$_nlevel" "-"; then
- _err "'$_nlevel' is not a integer for '$1'"
+ _err "'$_nlevel' is not an integer for '$1'"
return 1
fi
_notify_level="$_nlevel"
@@ -7794,7 +7792,7 @@ _process() {
--notify-mode)
_nmode="$2"
if _startswith "$_nmode" "-"; then
- _err "'$_nmode' is not a integer for '$1'"
+ _err "'$_nmode' is not an integer for '$1'"
return 1
fi
_notify_mode="$_nmode"
@@ -7803,7 +7801,7 @@ _process() {
--notify-source)
_nsource="$2"
if _startswith "$_nsource" "-"; then
- _err "'$_nsource' is not valid host name for '$1'"
+ _err "'$_nsource' is not a valid host name for '$1'"
return 1
fi
_notify_source="$_nsource"
@@ -7812,7 +7810,7 @@ _process() {
--revoke-reason)
_revoke_reason="$2"
if _startswith "$_revoke_reason" "-"; then
- _err "'$_revoke_reason' is not a integer for '$1'"
+ _err "'$_revoke_reason' is not an integer for '$1'"
return 1
fi
shift
@@ -7830,7 +7828,7 @@ _process() {
shift
;;
*)
- _err "Unknown parameter : $1"
+ _err "Unknown parameter: $1"
return 1
;;
esac
@@ -7847,7 +7845,7 @@ _process() {
if [ "$__INTERACTIVE" ] && ! _checkSudo; then
if [ -z "$FORCE" ]; then
#Use "echo" here, instead of _info. it's too early
- echo "It seems that you are using sudo, please read this link first:"
+ echo "It seems that you are using sudo, please read this page first:"
echo "$_SUDO_WIKI"
return 1
fi
@@ -7877,7 +7875,7 @@ _process() {
fi
SYS_LOG="$_syslog"
else
- _err "The 'logger' command is not found, can not enable syslog."
+ _err "The 'logger' command was not found, cannot enable syslog."
_clearaccountconf "SYS_LOG"
SYS_LOG=""
fi
@@ -8004,7 +8002,7 @@ _process() {
_saveaccountconf "SYS_LOG" "$_syslog"
fi
else
- _err "The 'logger' command is not found, can not enable syslog."
+ _err "The 'logger' command was not found, cannot enable syslog."
_clearaccountconf "SYS_LOG"
SYS_LOG=""
fi
From d81fc155cb01360e273c15447226a415d90aa950 Mon Sep 17 00:00:00 2001
From: neil <gitpc@neilpang.com>
Date: Sun, 14 Jul 2024 13:50:35 +0800
Subject: [PATCH 5/7] add timeout for _getRepoHash
https://github.com/acmesh-official/acme.sh/issues/5200
---
acme.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/acme.sh b/acme.sh
index 7134a633..c3564e68 100755
--- a/acme.sh
+++ b/acme.sh
@@ -7082,7 +7082,7 @@ _getRepoHash() {
_hash_path=$1
shift
_hash_url="${PROJECT_API:-https://api.github.com/repos/acmesh-official}/$PROJECT_NAME/git/refs/$_hash_path"
- _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4
+ _get "$_hash_url" "" 30 | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4
}
_getUpgradeHash() {
From 60569fdd8375d5a8f67d3a965e604e494c0d9e0e Mon Sep 17 00:00:00 2001
From: Scruel Tao <me@scruel.com>
Date: Sun, 14 Jul 2024 15:04:43 +0800
Subject: [PATCH 6/7] fix(deploy): respect api path with synology Auth API
fix #5184
---
deploy/synology_dsm.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh
index 342fb32e..b98105c2 100644
--- a/deploy/synology_dsm.sh
+++ b/deploy/synology_dsm.sh
@@ -169,7 +169,7 @@ synology_dsm_deploy() {
_debug3 H1 "${_H1}"
fi
- response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
+ response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/$api_path?enable_syno_token=yes")
_debug3 response "$response"
# ## END ## - DEPRECATED, for backward compatibility
# If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP.
@@ -218,7 +218,7 @@ synology_dsm_deploy() {
otp_enforce_option=""
fi
fi
- response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
+ response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option"
_info "Restored previous enforce 2FA-OTP option."
From 7ae0d0caa30a882f320028d4e2943ab060b40897 Mon Sep 17 00:00:00 2001
From: allddd <117767298+allddd@users.noreply.github.com>
Date: Thu, 18 Jul 2024 21:57:22 +0200
Subject: [PATCH 7/7] dns_porkbun: remove stray backslashes
---
dnsapi/dns_porkbun.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh
index c260c898..0a443855 100644
--- a/dnsapi/dns_porkbun.sh
+++ b/dnsapi/dns_porkbun.sh
@@ -93,7 +93,7 @@ dns_porkbun_rm() {
_err "Delete record error."
return 1
fi
- echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null
+ echo "$response" | tr -d " " | grep '"status":"SUCCESS"' >/dev/null
fi
}