1. Support short names for `--server` parameter, The valid values are: letsencrypt, letsencrypt_test, buypass, buypass_test and zerossl

2. Support Zerossl.com acme protocol.
3. Add "--set-default-ca  --server xxxx" command to set the default CA to use.
pull/3100/head
neil 2020-08-11 23:28:52 +08:00
parent e932be0fb3
commit 7d20db93d3
1 changed files with 78 additions and 15 deletions

93
acme.sh
View File

@ -23,11 +23,27 @@ _SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY"
LETSENCRYPT_CA_V1="https://acme-v01.api.letsencrypt.org/directory" LETSENCRYPT_CA_V1="https://acme-v01.api.letsencrypt.org/directory"
LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory" LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory"
LETSENCRYPT_CA_V2="https://acme-v02.api.letsencrypt.org/directory" CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory"
LETSENCRYPT_STAGING_CA_V2="https://acme-staging-v02.api.letsencrypt.org/directory" CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
DEFAULT_CA=$LETSENCRYPT_CA_V2 CA_BUYPASS="https://api.buypass.com/acme/directory"
DEFAULT_STAGING_CA=$LETSENCRYPT_STAGING_CA_V2 CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
DEFAULT_CA=$CA_LETSENCRYPT_V2
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
CA_NAMES="
letsencrypt
letsencrypt_test,letsencrypttest
buypass
buypass_test,buypasstest
zerossl
"
CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL"
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)" DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
DEFAULT_ACCOUNT_EMAIL="" DEFAULT_ACCOUNT_EMAIL=""
@ -140,6 +156,8 @@ _SUDO_WIKI="https://github.com/acmesh-official/acme.sh/wiki/sudo"
_REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert" _REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"
_ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR" _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@ -2577,16 +2595,22 @@ _initpath() {
fi fi
if [ "$ACME_VERSION" = "2" ]; then if [ "$ACME_VERSION" = "2" ]; then
DEFAULT_CA="$LETSENCRYPT_CA_V2" DEFAULT_CA="$CA_LETSENCRYPT_V2"
DEFAULT_STAGING_CA="$LETSENCRYPT_STAGING_CA_V2" DEFAULT_STAGING_CA="$CA_LETSENCRYPT_V2_TEST"
fi fi
if [ -z "$ACME_DIRECTORY" ]; then if [ -z "$ACME_DIRECTORY" ]; then
if [ -z "$STAGE" ]; then default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
ACME_DIRECTORY="$DEFAULT_CA" _debug default_acme_server "$default_acme_server"
if [ "$default_acme_server" ]; then
ACME_DIRECTORY="$default_acme_server"
else else
ACME_DIRECTORY="$DEFAULT_STAGING_CA" if [ -z "$STAGE" ]; then
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY" ACME_DIRECTORY="$DEFAULT_CA"
else
ACME_DIRECTORY="$DEFAULT_STAGING_CA"
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY"
fi
fi fi
fi fi
@ -6301,6 +6325,7 @@ Commands:
--createCSR, -ccsr Create CSR , professional use. --createCSR, -ccsr Create CSR , professional use.
--deactivate Deactivate the domain authz, professional use. --deactivate Deactivate the domain authz, professional use.
--set-notify Set the cron notification hook, level or mode. --set-notify Set the cron notification hook, level or mode.
--set-default-ca Used with '--server' , to set the default CA to use to use.
Parameters: Parameters:
@ -6344,7 +6369,7 @@ Parameters:
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command. --cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations. --config-home Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too. --useragent Specifies the user agent string. it will be saved for future use too.
--accountemail Specifies the account email, only valid for the '--install' and '--update-account' command. --accountemail, -m Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey Specifies the account key path, only valid for the '--install' command. --accountkey Specifies the account key path, only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days. --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
@ -6510,6 +6535,39 @@ _checkSudo() {
return 0 return 0
} }
#server
_selectServer() {
_server="$1"
_server_lower="$(echo "$_server" | _lower_case)"
_sindex=0
for snames in $CA_NAMES; do
snames="$(echo "$snames" | _lower_case)"
_sindex="$(_math $_sindex + 1)"
_debug2 "_selectServer try snames" "$snames"
for sname in $(echo "$snames" | tr ',' ' '); do
if [ "$_server_lower" = "$sname" ]; then
_debug2 "_selectServer match $sname"
_serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
_debug "Selected server: $_serverdir"
ACME_DIRECTORY="$_serverdir"
export ACME_DIRECTORY
return
fi
done
done
ACME_DIRECTORY="$_server"
export ACME_DIRECTORY
}
#set default ca to $ACME_DIRECTORY
setdefaultca() {
if [ -z "$ACME_DIRECTORY" ]; then
_err "Please give a --server parameter."
return 1
fi
_saveaccountconf "DEFAULT_ACME_SERVER" "$ACME_DIRECTORY"
}
_process() { _process() {
_CMD="" _CMD=""
_domain="" _domain=""
@ -6652,6 +6710,9 @@ _process() {
--set-notify) --set-notify)
_CMD="setnotify" _CMD="setnotify"
;; ;;
--set-default-ca)
_CMD="setdefaultca"
;;
--domain | -d) --domain | -d)
_dvalue="$2" _dvalue="$2"
@ -6690,9 +6751,8 @@ _process() {
STAGE="1" STAGE="1"
;; ;;
--server) --server)
ACME_DIRECTORY="$2" _server="$2"
_server="$ACME_DIRECTORY" _selectServer "$_server"
export ACME_DIRECTORY
shift shift
;; ;;
--debug) --debug)
@ -6849,7 +6909,7 @@ _process() {
USER_AGENT="$_useragent" USER_AGENT="$_useragent"
shift shift
;; ;;
--accountemail) --accountemail | -m)
_accountemail="$2" _accountemail="$2"
ACCOUNT_EMAIL="$_accountemail" ACCOUNT_EMAIL="$_accountemail"
shift shift
@ -7179,6 +7239,9 @@ _process() {
setnotify) setnotify)
setnotify "$_notify_hook" "$_notify_level" "$_notify_mode" setnotify "$_notify_hook" "$_notify_level" "$_notify_mode"
;; ;;
setdefaultca)
setdefaultca
;;
*) *)
if [ "$_CMD" ]; then if [ "$_CMD" ]; then
_err "Invalid command: $_CMD" _err "Invalid command: $_CMD"