commit
2e9c4914a8
23
acme.sh
23
acme.sh
|
@ -48,8 +48,6 @@ LOCAL_ANY_ADDRESS="0.0.0.0"
|
||||||
|
|
||||||
DEFAULT_RENEW=60
|
DEFAULT_RENEW=60
|
||||||
|
|
||||||
DEFAULT_DNS_SLEEP=120
|
|
||||||
|
|
||||||
NO_VALUE="no"
|
NO_VALUE="no"
|
||||||
|
|
||||||
W_DNS="dns"
|
W_DNS="dns"
|
||||||
|
@ -3518,6 +3516,7 @@ updateaccount() {
|
||||||
_send_signed_request "$_accUri" "$updjson"
|
_send_signed_request "$_accUri" "$updjson"
|
||||||
|
|
||||||
if [ "$code" = '200' ]; then
|
if [ "$code" = '200' ]; then
|
||||||
|
echo "$response" >"$ACCOUNT_JSON_PATH"
|
||||||
_info "account update success for $_accUri."
|
_info "account update success for $_accUri."
|
||||||
else
|
else
|
||||||
_info "Error. The account was not updated."
|
_info "Error. The account was not updated."
|
||||||
|
@ -6223,7 +6222,7 @@ Parameters:
|
||||||
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
||||||
--apache Use apache mode.
|
--apache Use apache mode.
|
||||||
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
||||||
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
--dnssleep 300 The time in seconds to wait for all the txt records to take effect in dns api mode. It's not necessary to use this by default, $PROJECT_NAME polls dns status automatically.
|
||||||
|
|
||||||
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
|
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
|
||||||
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
|
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
|
||||||
|
@ -6318,7 +6317,7 @@ _installOnline() {
|
||||||
if ./$PROJECT_ENTRY install "$_nocron" "" "$_noprofile"; then
|
if ./$PROJECT_ENTRY install "$_nocron" "" "$_noprofile"; then
|
||||||
_info "Install success!"
|
_info "Install success!"
|
||||||
_initpath
|
_initpath
|
||||||
_saveaccountconf "UPGRADE_HASH" "$(_getMasterHash)"
|
_saveaccountconf "UPGRADE_HASH" "$(_getUpgradeHash)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cd ..
|
cd ..
|
||||||
|
@ -6328,19 +6327,27 @@ _installOnline() {
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
_getMasterHash() {
|
_getRepoHash() {
|
||||||
|
_hash_path=$1
|
||||||
|
shift
|
||||||
|
_hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path"
|
||||||
|
_get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4
|
||||||
|
}
|
||||||
|
|
||||||
|
_getUpgradeHash() {
|
||||||
_b="$BRANCH"
|
_b="$BRANCH"
|
||||||
if [ -z "$_b" ]; then
|
if [ -z "$_b" ]; then
|
||||||
_b="master"
|
_b="master"
|
||||||
fi
|
fi
|
||||||
_hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/heads/$_b"
|
_hash=$(_getRepoHash "heads/$_b")
|
||||||
_get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4
|
if [ -z "$_hash" ]; then _hash=$(_getRepoHash "tags/$_b"); fi
|
||||||
|
echo $_hash
|
||||||
}
|
}
|
||||||
|
|
||||||
upgrade() {
|
upgrade() {
|
||||||
if (
|
if (
|
||||||
_initpath
|
_initpath
|
||||||
[ -z "$FORCE" ] && [ "$(_getMasterHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0
|
[ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0
|
||||||
export LE_WORKING_DIR
|
export LE_WORKING_DIR
|
||||||
cd "$LE_WORKING_DIR"
|
cd "$LE_WORKING_DIR"
|
||||||
_installOnline "nocron" "noprofile"
|
_installOnline "nocron" "noprofile"
|
||||||
|
|
|
@ -47,24 +47,24 @@ deployer() {
|
||||||
#Set Header
|
#Set Header
|
||||||
export _H1="Content-Type: multipart/form-data; boundary=$delim"
|
export _H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||||
if [ "$type" = 'cert' ]; then
|
if [ "$type" = 'cert' ]; then
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
|
panos_url="${panos_url}?type=import"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\ncertificate"
|
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
||||||
fi
|
fi
|
||||||
if [ "$type" = 'key' ]; then
|
if [ "$type" = 'key' ]; then
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
|
panos_url="${panos_url}?type=import"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\nprivate-key"
|
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n\r\n123456"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||||
fi
|
fi
|
||||||
#Close multipart
|
#Close multipart
|
||||||
content="$content${nl}--$delim--${nl}"
|
content="$content${nl}--$delim--${nl}${nl}"
|
||||||
#Convert CRLF
|
#Convert CRLF
|
||||||
content=$(printf %b "$content")
|
content=$(printf %b "$content")
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
# SYNO_Scheme - defaults to http
|
# SYNO_Scheme - defaults to http
|
||||||
# SYNO_Hostname - defaults to localhost
|
# SYNO_Hostname - defaults to localhost
|
||||||
# SYNO_Port - defaults to 5000
|
# SYNO_Port - defaults to 5000
|
||||||
|
# SYNO_DID - device ID to skip OTP - defaults to empty
|
||||||
#
|
#
|
||||||
#returns 0 means success, otherwise error.
|
#returns 0 means success, otherwise error.
|
||||||
|
|
||||||
|
@ -38,6 +39,7 @@ synology_dsm_deploy() {
|
||||||
_getdeployconf SYNO_Username
|
_getdeployconf SYNO_Username
|
||||||
_getdeployconf SYNO_Password
|
_getdeployconf SYNO_Password
|
||||||
_getdeployconf SYNO_Create
|
_getdeployconf SYNO_Create
|
||||||
|
_getdeployconf SYNO_DID
|
||||||
if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then
|
if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then
|
||||||
SYNO_Username=""
|
SYNO_Username=""
|
||||||
SYNO_Password=""
|
SYNO_Password=""
|
||||||
|
@ -79,7 +81,7 @@ synology_dsm_deploy() {
|
||||||
|
|
||||||
# Login, get the token from JSON and session id from cookie
|
# Login, get the token from JSON and session id from cookie
|
||||||
_info "Logging into $SYNO_Hostname:$SYNO_Port"
|
_info "Logging into $SYNO_Hostname:$SYNO_Port"
|
||||||
response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes")
|
response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes&device_id=$SYNO_DID")
|
||||||
token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
|
token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
|
||||||
_debug3 response "$response"
|
_debug3 response "$response"
|
||||||
|
|
||||||
|
@ -99,6 +101,7 @@ synology_dsm_deploy() {
|
||||||
# Now that we know the username and password are good, save them
|
# Now that we know the username and password are good, save them
|
||||||
_savedeployconf SYNO_Username "$SYNO_Username"
|
_savedeployconf SYNO_Username "$SYNO_Username"
|
||||||
_savedeployconf SYNO_Password "$SYNO_Password"
|
_savedeployconf SYNO_Password "$SYNO_Password"
|
||||||
|
_savedeployconf SYNO_DID "$SYNO_DID"
|
||||||
_debug token "$token"
|
_debug token "$token"
|
||||||
|
|
||||||
_info "Getting certificates in Synology DSM"
|
_info "Getting certificates in Synology DSM"
|
||||||
|
|
|
@ -23,6 +23,7 @@ dns_aws_add() {
|
||||||
|
|
||||||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
||||||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
||||||
|
AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
|
||||||
|
|
||||||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
||||||
_use_container_role || _use_instance_role
|
_use_container_role || _use_instance_role
|
||||||
|
@ -40,6 +41,7 @@ dns_aws_add() {
|
||||||
if [ -z "$_using_role" ]; then
|
if [ -z "$_using_role" ]; then
|
||||||
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
|
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
|
||||||
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
|
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
|
||||||
|
_saveaccountconf_mutable AWS_DNS_SLOWRATE "$AWS_DNS_SLOWRATE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_debug "First detect the root zone"
|
_debug "First detect the root zone"
|
||||||
|
@ -77,7 +79,13 @@ dns_aws_add() {
|
||||||
|
|
||||||
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
|
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
|
||||||
_info "TXT record updated successfully."
|
_info "TXT record updated successfully."
|
||||||
_sleep 1
|
if [ -n "$AWS_DNS_SLOWRATE" ]; then
|
||||||
|
_info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
|
||||||
|
_sleep "$AWS_DNS_SLOWRATE"
|
||||||
|
else
|
||||||
|
_sleep 1
|
||||||
|
fi
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
_sleep 1
|
_sleep 1
|
||||||
|
@ -91,6 +99,7 @@ dns_aws_rm() {
|
||||||
|
|
||||||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
|
||||||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
|
||||||
|
AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
|
||||||
|
|
||||||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
||||||
_use_container_role || _use_instance_role
|
_use_container_role || _use_instance_role
|
||||||
|
@ -125,7 +134,13 @@ dns_aws_rm() {
|
||||||
|
|
||||||
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
|
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
|
||||||
_info "TXT record deleted successfully."
|
_info "TXT record deleted successfully."
|
||||||
_sleep 1
|
if [ -n "$AWS_DNS_SLOWRATE" ]; then
|
||||||
|
_info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
|
||||||
|
_sleep "$AWS_DNS_SLOWRATE"
|
||||||
|
else
|
||||||
|
_sleep 1
|
||||||
|
fi
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
_sleep 1
|
_sleep 1
|
||||||
|
|
|
@ -53,7 +53,7 @@ dns_dp_rm() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
|
if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
|
||||||
_err "Record.Lis error."
|
_err "Record.Lis error."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -70,12 +70,12 @@ dns_dp_rm() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then
|
if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&record_id=$record_id"; then
|
||||||
_err "Record.Remove error."
|
_err "Record.Remove error."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_contains "$response" "Action completed successful"
|
_contains "$response" "successful"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,11 +89,11 @@ add_record() {
|
||||||
|
|
||||||
_info "Adding record"
|
_info "Adding record"
|
||||||
|
|
||||||
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
|
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists"
|
_contains "$response" "successful" || _contains "$response" "Domain record already exists"
|
||||||
}
|
}
|
||||||
|
|
||||||
#################### Private functions below ##################################
|
#################### Private functions below ##################################
|
||||||
|
@ -113,11 +113,11 @@ _get_root() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&domain=$h"; then
|
if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain=$h"; then
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if _contains "$response" "Action completed successful"; then
|
if _contains "$response" "successful"; then
|
||||||
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
|
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
|
||||||
_debug _domain_id "$_domain_id"
|
_debug _domain_id "$_domain_id"
|
||||||
if [ "$_domain_id" ]; then
|
if [ "$_domain_id" ]; then
|
||||||
|
|
|
@ -55,6 +55,7 @@ dns_inwx_rm() {
|
||||||
|
|
||||||
INWX_User="${INWX_User:-$(_readaccountconf_mutable INWX_User)}"
|
INWX_User="${INWX_User:-$(_readaccountconf_mutable INWX_User)}"
|
||||||
INWX_Password="${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}"
|
INWX_Password="${INWX_Password:-$(_readaccountconf_mutable INWX_Password)}"
|
||||||
|
INWX_Shared_Secret="${INWX_Shared_Secret:-$(_readaccountconf_mutable INWX_Shared_Secret)}"
|
||||||
if [ -z "$INWX_User" ] || [ -z "$INWX_Password" ]; then
|
if [ -z "$INWX_User" ] || [ -z "$INWX_Password" ]; then
|
||||||
INWX_User=""
|
INWX_User=""
|
||||||
INWX_Password=""
|
INWX_Password=""
|
||||||
|
@ -63,10 +64,6 @@ dns_inwx_rm() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#save the api key and email to the account conf file.
|
|
||||||
_saveaccountconf_mutable INWX_User "$INWX_User"
|
|
||||||
_saveaccountconf_mutable INWX_Password "$INWX_Password"
|
|
||||||
|
|
||||||
_debug "First detect the root zone"
|
_debug "First detect the root zone"
|
||||||
if ! _get_root "$fulldomain"; then
|
if ! _get_root "$fulldomain"; then
|
||||||
_err "invalid domain"
|
_err "invalid domain"
|
||||||
|
|
Loading…
Reference in New Issue