Merge pull request #20 from Neilpang/dev

supprt apache server plugin
pull/26/head
Neil 2016-01-10 11:01:28 +08:00
commit 2bf1d93afd
2 changed files with 129 additions and 10 deletions

View File

@ -1,12 +1,12 @@
# le
Simplest shell script for LetsEncrypt free Certificate client
This is a shell version from https://github.com/diafygi/acme-tiny
Pure written in bash, no dependencies to python , acme-tiny or LetsEncrypt official client (https://github.com/letsencrypt/letsencrypt)
Just one script, to issue, renew your certificates automatically.
This is a shell version from https://github.com/diafygi/acme-tiny, but without any dependencies.
Probably it's the smallest&easiest&smartest shell script to automatically issue&renew the free certificates from LetsEncrypt.
@ -15,6 +15,11 @@ Probably it's the smallest&easiest&smartest shell script to automatically issue
2. CentOS
#Supported Mode
1. Webroot mode
2. Standalone mode
3. Apache mode
#How to use
1. Clone this project: https://github.com/Neilpang/le.git
@ -37,7 +42,7 @@ root@xvm:~# le
Usage: issue|renew|renewAll|createAccountKey|createDomainKey|createCSR|install|uninstall
root@xvm:~# le issue
Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
Usage: le issue webroot|no|apache a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no
```
@ -77,6 +82,17 @@ The tcp `80` port must be free to listen, otherwise you will be prompted to free
le issue no aa.com www.aa.com,cp.aa.com
```
# Use Apache mode:
If you are running a web server, apache or nginx, it its recommended to use the Webroot mode.
Particularly, if you are running an apache server, you can use apache mode instead. Which doesn't write any file to your web root folder.
Just set string "apache" to the first argument, it will use apache plugin automatically.
```
le issue apache aa.com www.aa.com
```
All the other arguments are the same with previous.
#Under the Hood

117
le.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
PROJECT="https://github.com/Neilpang/le"
DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
@ -234,7 +234,15 @@ _stopserver() {
_initpath() {
if [ -z "$WORKING_DIR" ]; then
WORKING_DIR=~/.le
WORKING_DIR=$HOME/.le
fi
if [ -z "$ACME_DIR" ] ; then
ACME_DIR="/home/.acme"
fi
if [ -z "$APACHE_CONF_BACKUP_DIR" ] ; then
APACHE_CONF_BACKUP_DIR="$WORKING_DIR/"
fi
domain="$1"
@ -256,9 +264,91 @@ _initpath() {
CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
}
_apachePath() {
httpdroot="$(apachectl -V | grep HTTPD_ROOT= | cut -d = -f 2 | sed s/\"//g)"
httpdconfname="$(apachectl -V | grep SERVER_CONFIG_FILE= | cut -d = -f 2 | sed s/\"//g)"
httpdconf="$httpdroot/$httpdconfname"
if [ ! -f $httpdconf ] ; then
_err "Apache Config file not found" $httpdconf
return 1
fi
return 0
}
_restoreApache() {
_initpath
if ! _apachePath ; then
return 1
fi
if [ ! -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname" ] ; then
_debug "No config file to restore."
return 0
fi
cp -p "$APACHE_CONF_BACKUP_DIR/$httpdconfname" "$httpdconf"
if ! apachectl -t ; then
_err "Sorry, restore apache config error, please contact me."
return 1;
fi
rm -f "$APACHE_CONF_BACKUP_DIR/$httpdconfname"
return 0
}
_setApache() {
_initpath
if ! _apachePath ; then
return 1
fi
#backup the conf
_debug "Backup apache config file" $httpdconf
cp -p $httpdconf $APACHE_CONF_BACKUP_DIR/
_info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname"
_info "In case there is an error that can not be restored automatically, you may try restore it yourself."
_info "The backup file will be deleted on sucess, just forget it."
#add alias
echo "
Alias /.well-known/acme-challenge $ACME_DIR
<Directory $ACME_DIR >
Order allow,deny
Allow from all
</Directory>
" >> $httpdconf
if ! apachectl -t ; then
_err "Sorry, apache config error, please contact me."
_restoreApache
return 1;
fi
if [ ! -d "$ACME_DIR" ] ; then
mkdir -p "$ACME_DIR"
chmod 755 "$ACME_DIR"
fi
if ! apachectl graceful ; then
_err "Sorry, apachectl graceful error, please contact me."
_restoreApache
return 1;
fi
return 0
}
_clearup () {
_stopserver $serverproc
_restoreApache
}
issue() {
if [ -z "$1" ] ; then
echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
@ -330,6 +420,14 @@ issue() {
return 1
fi
fi
if [ "$Le_Webroot" == "apache" ] ; then
if ! _setApache ; then
_err "set up apache error. Report error to me."
return 1
fi
wellknown_path="$ACME_DIR"
fi
createAccountKey $Le_Domain $Le_Keylength
@ -373,6 +471,7 @@ issue() {
_info "Already registered"
else
_err "Register account Error."
_clearup
return 1
fi
@ -388,6 +487,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
_err "new-authz error: $response"
_clearup
return 1
fi
@ -410,7 +510,9 @@ issue() {
sleep 2
_debug serverproc $serverproc
else
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
if [ -z "$wellknown_path" ] ; then
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
fi
_debug wellknown_path "$wellknown_path"
mkdir -p "$wellknown_path"
@ -425,7 +527,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
_err "$d:Challenge error: $resource"
_stopserver $serverproc
_clearup
return 1
fi
@ -436,7 +538,7 @@ issue() {
if ! _get $uri ; then
_err "$d:Verify error:$resource"
_stopserver $serverproc
_clearup
return 1
fi
@ -449,7 +551,7 @@ issue() {
if [ "$status" == "invalid" ] ; then
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
_err "$d:Verify error:$error"
_stopserver $serverproc
_clearup
return 1;
fi
@ -457,7 +559,7 @@ issue() {
_info "Pending"
else
_err "$d:Verify error:$response"
_stopserver $serverproc
_clearup
return 1
fi
@ -488,6 +590,7 @@ issue() {
if [ -z "$Le_LinkCert" ] ; then
response="$(echo $response | base64 -d)"
_err "Sign failed: $(echo "$response" | grep -o '"detail":"[^"]*"')"
_clearup
return 1
fi