|
|
@ -1473,7 +1473,7 @@ createDomainKey() {
|
|
|
|
|
|
|
|
|
|
|
|
_initpath "$domain" "$_cdl"
|
|
|
|
_initpath "$domain" "$_cdl"
|
|
|
|
|
|
|
|
|
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
|
|
|
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
|
|
|
|
if _createkey "$_cdl" "$CERT_KEY_PATH"; then
|
|
|
|
if _createkey "$_cdl" "$CERT_KEY_PATH"; then
|
|
|
|
_savedomainconf Le_Keylength "$_cdl"
|
|
|
|
_savedomainconf Le_Keylength "$_cdl"
|
|
|
|
_info "The domain key is here: $(__green $CERT_KEY_PATH)"
|
|
|
|
_info "The domain key is here: $(__green $CERT_KEY_PATH)"
|
|
|
@ -1483,7 +1483,7 @@ createDomainKey() {
|
|
|
|
return 1
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
else
|
|
|
|
if [ "$IS_RENEW" ]; then
|
|
|
|
if [ "$_ACME_IS_RENEW" ]; then
|
|
|
|
_info "Domain key exists, skip"
|
|
|
|
_info "Domain key exists, skip"
|
|
|
|
return 0
|
|
|
|
return 0
|
|
|
|
else
|
|
|
|
else
|
|
|
@ -1509,7 +1509,7 @@ createCSR() {
|
|
|
|
|
|
|
|
|
|
|
|
_initpath "$domain" "$_isEcc"
|
|
|
|
_initpath "$domain" "$_isEcc"
|
|
|
|
|
|
|
|
|
|
|
|
if [ -f "$CSR_PATH" ] && [ "$IS_RENEW" ] && [ -z "$FORCE" ]; then
|
|
|
|
if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then
|
|
|
|
_info "CSR exists, skip"
|
|
|
|
_info "CSR exists, skip"
|
|
|
|
return
|
|
|
|
return
|
|
|
|
fi
|
|
|
|
fi
|
|
|
@ -2585,7 +2585,7 @@ _initpath() {
|
|
|
|
. "$ACCOUNT_CONF_PATH"
|
|
|
|
. "$ACCOUNT_CONF_PATH"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$ACME_IN_CRON" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" ]; then
|
|
|
|
if [ ! "$_USER_PATH_EXPORTED" ]; then
|
|
|
|
if [ ! "$_USER_PATH_EXPORTED" ]; then
|
|
|
|
_USER_PATH_EXPORTED=1
|
|
|
|
_USER_PATH_EXPORTED=1
|
|
|
|
export PATH="$USER_PATH:$PATH"
|
|
|
|
export PATH="$USER_PATH:$PATH"
|
|
|
@ -2599,7 +2599,7 @@ _initpath() {
|
|
|
|
if [ -z "$ACME_DIRECTORY" ]; then
|
|
|
|
if [ -z "$ACME_DIRECTORY" ]; then
|
|
|
|
if [ "$STAGE" ]; then
|
|
|
|
if [ "$STAGE" ]; then
|
|
|
|
ACME_DIRECTORY="$DEFAULT_STAGING_CA"
|
|
|
|
ACME_DIRECTORY="$DEFAULT_STAGING_CA"
|
|
|
|
_info "Using stage ACME_DIRECTORY: $ACME_DIRECTORY"
|
|
|
|
_info "Using ACME_DIRECTORY: $ACME_DIRECTORY"
|
|
|
|
else
|
|
|
|
else
|
|
|
|
default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
|
|
|
|
default_acme_server=$(_readaccountconf "DEFAULT_ACME_SERVER")
|
|
|
|
_debug default_acme_server "$default_acme_server"
|
|
|
|
_debug default_acme_server "$default_acme_server"
|
|
|
@ -3387,7 +3387,7 @@ _on_issue_err() {
|
|
|
|
)
|
|
|
|
)
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
|
|
|
|
if [ "$_ACME_IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
|
|
|
|
_err "$_DNS_MANUAL_ERR"
|
|
|
|
_err "$_DNS_MANUAL_ERR"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
@ -3419,7 +3419,7 @@ _on_issue_success() {
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
#run renew hook
|
|
|
|
#run renew hook
|
|
|
|
if [ "$IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
|
|
|
|
if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then
|
|
|
|
_info "Run renew hook:'$_chk_renew_hook'"
|
|
|
|
_info "Run renew hook:'$_chk_renew_hook'"
|
|
|
|
if ! (
|
|
|
|
if ! (
|
|
|
|
export CERT_PATH
|
|
|
|
export CERT_PATH
|
|
|
@ -4037,7 +4037,7 @@ issue() {
|
|
|
|
_challenge_alias="${14}"
|
|
|
|
_challenge_alias="${14}"
|
|
|
|
_preferred_chain="${15}"
|
|
|
|
_preferred_chain="${15}"
|
|
|
|
|
|
|
|
|
|
|
|
if [ ! "$IS_RENEW" ]; then
|
|
|
|
if [ -z "$_ACME_IS_RENEW" ]; then
|
|
|
|
_initpath "$_main_domain" "$_key_length"
|
|
|
|
_initpath "$_main_domain" "$_key_length"
|
|
|
|
mkdir -p "$DOMAIN_PATH"
|
|
|
|
mkdir -p "$DOMAIN_PATH"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
@ -4689,7 +4689,8 @@ $_authorizations_map"
|
|
|
|
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
|
|
|
|
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$ACME_VERSION" = "2" ]; then
|
|
|
|
if [ "$ACME_VERSION" = "2" ]; then
|
|
|
|
_info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize"
|
|
|
|
_info "Lets finalize the order."
|
|
|
|
|
|
|
|
_info "Le_OrderFinalize" "$Le_OrderFinalize"
|
|
|
|
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
|
|
|
|
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
|
|
|
|
_err "Sign failed."
|
|
|
|
_err "Sign failed."
|
|
|
|
_on_issue_err "$_post_hook"
|
|
|
|
_on_issue_err "$_post_hook"
|
|
|
@ -4760,7 +4761,8 @@ $_authorizations_map"
|
|
|
|
_on_issue_err "$_post_hook"
|
|
|
|
_on_issue_err "$_post_hook"
|
|
|
|
return 1
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
_info "Downloading cert, Le_LinkCert: $Le_LinkCert"
|
|
|
|
_info "Downloading cert."
|
|
|
|
|
|
|
|
_info "Le_LinkCert" "$Le_LinkCert"
|
|
|
|
if ! _send_signed_request "$Le_LinkCert"; then
|
|
|
|
if ! _send_signed_request "$Le_LinkCert"; then
|
|
|
|
_err "Sign failed, can not download cert:$Le_LinkCert."
|
|
|
|
_err "Sign failed, can not download cert:$Le_LinkCert."
|
|
|
|
_err "$response"
|
|
|
|
_err "$response"
|
|
|
@ -4842,7 +4844,7 @@ $_authorizations_map"
|
|
|
|
_info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
|
|
|
|
_info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [ ! "$USER_PATH" ] || [ ! "$ACME_IN_CRON" ]; then
|
|
|
|
if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then
|
|
|
|
USER_PATH="$PATH"
|
|
|
|
USER_PATH="$PATH"
|
|
|
|
_saveaccountconf "USER_PATH" "$USER_PATH"
|
|
|
|
_saveaccountconf "USER_PATH" "$USER_PATH"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
@ -5033,12 +5035,12 @@ renew() {
|
|
|
|
return "$RENEW_SKIP"
|
|
|
|
return "$RENEW_SKIP"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then
|
|
|
|
_info "Skip invalid cert for: $Le_Domain"
|
|
|
|
_info "Skip invalid cert for: $Le_Domain"
|
|
|
|
return $RENEW_SKIP
|
|
|
|
return $RENEW_SKIP
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
IS_RENEW="1"
|
|
|
|
_ACME_IS_RENEW="1"
|
|
|
|
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
|
|
|
|
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
|
|
|
|
Le_PreHook="$(_readdomainconf Le_PreHook)"
|
|
|
|
Le_PreHook="$(_readdomainconf Le_PreHook)"
|
|
|
|
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
|
|
|
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
|
|
@ -5054,7 +5056,7 @@ renew() {
|
|
|
|
res="$?"
|
|
|
|
res="$?"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
IS_RENEW=""
|
|
|
|
_ACME_IS_RENEW=""
|
|
|
|
|
|
|
|
|
|
|
|
return "$res"
|
|
|
|
return "$res"
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -5094,7 +5096,7 @@ renewAll() {
|
|
|
|
_error_level="$NOTIFY_LEVEL_RENEW"
|
|
|
|
_error_level="$NOTIFY_LEVEL_RENEW"
|
|
|
|
_notify_code=0
|
|
|
|
_notify_code=0
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ "$ACME_IN_CRON" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" ]; then
|
|
|
|
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then
|
|
|
|
if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then
|
|
|
|
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
|
|
|
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
|
|
|
_send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0
|
|
|
|
_send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0
|
|
|
@ -5108,7 +5110,7 @@ renewAll() {
|
|
|
|
_error_level="$NOTIFY_LEVEL_SKIP"
|
|
|
|
_error_level="$NOTIFY_LEVEL_SKIP"
|
|
|
|
_notify_code=$RENEW_SKIP
|
|
|
|
_notify_code=$RENEW_SKIP
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ "$ACME_IN_CRON" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" ]; then
|
|
|
|
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then
|
|
|
|
if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then
|
|
|
|
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
|
|
|
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
|
|
|
_send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP"
|
|
|
|
_send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP"
|
|
|
@ -5123,7 +5125,7 @@ renewAll() {
|
|
|
|
_error_level="$NOTIFY_LEVEL_ERROR"
|
|
|
|
_error_level="$NOTIFY_LEVEL_ERROR"
|
|
|
|
_notify_code=1
|
|
|
|
_notify_code=1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ "$ACME_IN_CRON" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" ]; then
|
|
|
|
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then
|
|
|
|
if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then
|
|
|
|
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
|
|
|
if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then
|
|
|
|
_send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1
|
|
|
|
_send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1
|
|
|
@ -5144,7 +5146,7 @@ renewAll() {
|
|
|
|
done
|
|
|
|
done
|
|
|
|
_debug _error_level "$_error_level"
|
|
|
|
_debug _error_level "$_error_level"
|
|
|
|
_debug _set_level "$_set_level"
|
|
|
|
_debug _set_level "$_set_level"
|
|
|
|
if [ "$ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then
|
|
|
|
if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then
|
|
|
|
if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then
|
|
|
|
_msg_subject="Renew"
|
|
|
|
_msg_subject="Renew"
|
|
|
|
if [ "$_error_msg" ]; then
|
|
|
|
if [ "$_error_msg" ]; then
|
|
|
@ -5442,7 +5444,7 @@ _installcert() {
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$_real_cert" ]; then
|
|
|
|
if [ "$_real_cert" ]; then
|
|
|
|
_info "Installing cert to:$_real_cert"
|
|
|
|
_info "Installing cert to:$_real_cert"
|
|
|
|
if [ -f "$_real_cert" ] && [ ! "$IS_RENEW" ]; then
|
|
|
|
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
|
|
|
cp "$_real_cert" "$_backup_path/cert.bak"
|
|
|
|
cp "$_real_cert" "$_backup_path/cert.bak"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
cat "$CERT_PATH" >"$_real_cert" || return 1
|
|
|
|
cat "$CERT_PATH" >"$_real_cert" || return 1
|
|
|
@ -5454,7 +5456,7 @@ _installcert() {
|
|
|
|
echo "" >>"$_real_ca"
|
|
|
|
echo "" >>"$_real_ca"
|
|
|
|
cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
|
|
|
|
cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
|
|
|
|
else
|
|
|
|
else
|
|
|
|
if [ -f "$_real_ca" ] && [ ! "$IS_RENEW" ]; then
|
|
|
|
if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
|
|
|
cp "$_real_ca" "$_backup_path/ca.bak"
|
|
|
|
cp "$_real_ca" "$_backup_path/ca.bak"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
cat "$CA_CERT_PATH" >"$_real_ca" || return 1
|
|
|
|
cat "$CA_CERT_PATH" >"$_real_ca" || return 1
|
|
|
@ -5463,7 +5465,7 @@ _installcert() {
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$_real_key" ]; then
|
|
|
|
if [ "$_real_key" ]; then
|
|
|
|
_info "Installing key to:$_real_key"
|
|
|
|
_info "Installing key to:$_real_key"
|
|
|
|
if [ -f "$_real_key" ] && [ ! "$IS_RENEW" ]; then
|
|
|
|
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
|
|
|
cp "$_real_key" "$_backup_path/key.bak"
|
|
|
|
cp "$_real_key" "$_backup_path/key.bak"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ -f "$_real_key" ]; then
|
|
|
|
if [ -f "$_real_key" ]; then
|
|
|
@ -5476,7 +5478,7 @@ _installcert() {
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$_real_fullchain" ]; then
|
|
|
|
if [ "$_real_fullchain" ]; then
|
|
|
|
_info "Installing full chain to:$_real_fullchain"
|
|
|
|
_info "Installing full chain to:$_real_fullchain"
|
|
|
|
if [ -f "$_real_fullchain" ] && [ ! "$IS_RENEW" ]; then
|
|
|
|
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
|
|
|
cp "$_real_fullchain" "$_backup_path/fullchain.bak"
|
|
|
|
cp "$_real_fullchain" "$_backup_path/fullchain.bak"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
|
|
|
|
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
|
|
|
@ -6093,7 +6095,7 @@ install() {
|
|
|
|
_debug "Skip install cron job"
|
|
|
|
_debug "Skip install cron job"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$ACME_IN_CRON" != "1" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" != "1" ]; then
|
|
|
|
if ! _precheck "$_nocron"; then
|
|
|
|
if ! _precheck "$_nocron"; then
|
|
|
|
_err "Pre-check failed, can not install."
|
|
|
|
_err "Pre-check failed, can not install."
|
|
|
|
return 1
|
|
|
|
return 1
|
|
|
@ -6150,7 +6152,7 @@ install() {
|
|
|
|
|
|
|
|
|
|
|
|
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
|
_info "Installed to $LE_WORKING_DIR/$PROJECT_ENTRY"
|
|
|
|
|
|
|
|
|
|
|
|
if [ "$ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
|
|
|
|
if [ "$_ACME_IN_CRON" != "1" ] && [ -z "$_noprofile" ]; then
|
|
|
|
_installalias "$_c_home"
|
|
|
|
_installalias "$_c_home"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
@ -6248,7 +6250,7 @@ _uninstallalias() {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
cron() {
|
|
|
|
cron() {
|
|
|
|
export ACME_IN_CRON=1
|
|
|
|
export _ACME_IN_CRON=1
|
|
|
|
_initpath
|
|
|
|
_initpath
|
|
|
|
_info "$(__green "===Starting cron===")"
|
|
|
|
_info "$(__green "===Starting cron===")"
|
|
|
|
if [ "$AUTO_UPGRADE" = "1" ]; then
|
|
|
|
if [ "$AUTO_UPGRADE" = "1" ]; then
|
|
|
@ -6269,7 +6271,7 @@ cron() {
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
renewAll
|
|
|
|
renewAll
|
|
|
|
_ret="$?"
|
|
|
|
_ret="$?"
|
|
|
|
ACME_IN_CRON=""
|
|
|
|
_ACME_IN_CRON=""
|
|
|
|
_info "$(__green "===End cron===")"
|
|
|
|
_info "$(__green "===End cron===")"
|
|
|
|
exit $_ret
|
|
|
|
exit $_ret
|
|
|
|
}
|
|
|
|
}
|
|
|
|