Merge remote-tracking branch 'remotes/Neilpang/master'
commit
f77f8d2320
|
@ -15,6 +15,7 @@ Do NOT require to be `root/sudoer`.
|
||||||
2. CentOS
|
2. CentOS
|
||||||
3. Windows (cygwin with curl, openssl and crontab included)
|
3. Windows (cygwin with curl, openssl and crontab included)
|
||||||
4. FreeBSD with bash
|
4. FreeBSD with bash
|
||||||
|
5. pfsense with bash and curl
|
||||||
|
|
||||||
|
|
||||||
#Supported Mode
|
#Supported Mode
|
||||||
|
|
77
le.sh
77
le.sh
|
@ -175,7 +175,8 @@ createCSR() {
|
||||||
if [ -z "$domainlist" ] ; then
|
if [ -z "$domainlist" ] ; then
|
||||||
#single domain
|
#single domain
|
||||||
_info "Single domain" $domain
|
_info "Single domain" $domain
|
||||||
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" > "$CSR_PATH"
|
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n" > "$DOMAIN_SSL_CONF"
|
||||||
|
openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -config "$DOMAIN_SSL_CONF" -out "$CSR_PATH"
|
||||||
else
|
else
|
||||||
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
|
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
|
||||||
#multi
|
#multi
|
||||||
|
@ -204,6 +205,18 @@ _time2str() {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_stat() {
|
||||||
|
#Linux
|
||||||
|
if stat -c '%U:%G' "$1" 2>/dev/null ; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
#BSD
|
||||||
|
if stat -f '%Su:%Sg' "$1" 2>/dev/null ; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
_send_signed_request() {
|
_send_signed_request() {
|
||||||
url=$1
|
url=$1
|
||||||
payload=$2
|
payload=$2
|
||||||
|
@ -285,14 +298,14 @@ _setopt() {
|
||||||
__val="$(echo $__val | sed 's/&/\\&/g')"
|
__val="$(echo $__val | sed 's/&/\\&/g')"
|
||||||
fi
|
fi
|
||||||
text="$(cat $__conf)"
|
text="$(cat $__conf)"
|
||||||
printf "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
|
echo "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
|
||||||
|
|
||||||
elif grep -H -n "^#$__opt$__sep" "$__conf" > /dev/null ; then
|
elif grep -H -n "^#$__opt$__sep" "$__conf" > /dev/null ; then
|
||||||
if [[ "$__val" == *"&"* ]] ; then
|
if [[ "$__val" == *"&"* ]] ; then
|
||||||
__val="$(echo $__val | sed 's/&/\\&/g')"
|
__val="$(echo $__val | sed 's/&/\\&/g')"
|
||||||
fi
|
fi
|
||||||
text="$(cat $__conf)"
|
text="$(cat $__conf)"
|
||||||
printf "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
|
echo "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" > "$__conf"
|
||||||
|
|
||||||
else
|
else
|
||||||
_debug APP
|
_debug APP
|
||||||
|
@ -376,7 +389,10 @@ _initpath() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
domain="$1"
|
domain="$1"
|
||||||
mkdir -p "$LE_WORKING_DIR"
|
if ! mkdir -p "$LE_WORKING_DIR" ; then
|
||||||
|
_err "Can not craete working dir: $LE_WORKING_DIR"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -z "$ACCOUNT_KEY_PATH" ] ; then
|
if [ -z "$ACCOUNT_KEY_PATH" ] ; then
|
||||||
ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key"
|
ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key"
|
||||||
|
@ -389,12 +405,15 @@ _initpath() {
|
||||||
domainhome="$LE_WORKING_DIR/$domain"
|
domainhome="$LE_WORKING_DIR/$domain"
|
||||||
mkdir -p "$domainhome"
|
mkdir -p "$domainhome"
|
||||||
|
|
||||||
|
if [ -z "$DOMAIN_PATH" ] ; then
|
||||||
|
DOMAIN_PATH="$domainhome"
|
||||||
|
fi
|
||||||
if [ -z "$DOMAIN_CONF" ] ; then
|
if [ -z "$DOMAIN_CONF" ] ; then
|
||||||
DOMAIN_CONF="$domainhome/$Le_Domain.conf"
|
DOMAIN_CONF="$domainhome/$domain.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$DOMAIN_SSL_CONF" ] ; then
|
if [ -z "$DOMAIN_SSL_CONF" ] ; then
|
||||||
DOMAIN_SSL_CONF="$domainhome/$Le_Domain.ssl.conf"
|
DOMAIN_SSL_CONF="$domainhome/$domain.ssl.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$CSR_PATH" ] ; then
|
if [ -z "$CSR_PATH" ] ; then
|
||||||
|
@ -812,7 +831,7 @@ issue() {
|
||||||
mkdir -p "$wellknown_path"
|
mkdir -p "$wellknown_path"
|
||||||
echo -n "$keyauthorization" > "$wellknown_path/$token"
|
echo -n "$keyauthorization" > "$wellknown_path/$token"
|
||||||
|
|
||||||
webroot_owner=$(stat -c '%U:%G' $Le_Webroot)
|
webroot_owner=$(_stat $Le_Webroot)
|
||||||
_debug "Changing owner/group of .well-known to $webroot_owner"
|
_debug "Changing owner/group of .well-known to $webroot_owner"
|
||||||
chown -R $webroot_owner "$Le_Webroot/.well-known"
|
chown -R $webroot_owner "$Le_Webroot/.well-known"
|
||||||
|
|
||||||
|
@ -987,6 +1006,7 @@ renewAll() {
|
||||||
|
|
||||||
Le_ReloadCmd=""
|
Le_ReloadCmd=""
|
||||||
|
|
||||||
|
DOMAIN_PATH=""
|
||||||
DOMAIN_CONF=""
|
DOMAIN_CONF=""
|
||||||
DOMAIN_SSL_CONF=""
|
DOMAIN_SSL_CONF=""
|
||||||
CSR_PATH=""
|
CSR_PATH=""
|
||||||
|
@ -1050,7 +1070,7 @@ installcert() {
|
||||||
|
|
||||||
if [ "$Le_ReloadCmd" ] ; then
|
if [ "$Le_ReloadCmd" ] ; then
|
||||||
_info "Run Le_ReloadCmd: $Le_ReloadCmd"
|
_info "Run Le_ReloadCmd: $Le_ReloadCmd"
|
||||||
eval $Le_ReloadCmd
|
(cd "$DOMAIN_PATH" && eval "$Le_ReloadCmd")
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1067,7 +1087,12 @@ installcronjob() {
|
||||||
fi
|
fi
|
||||||
crontab -l | { cat; echo "0 0 * * * LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"; } | crontab -
|
crontab -l | { cat; echo "0 0 * * * LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"; } | crontab -
|
||||||
fi
|
fi
|
||||||
return 0
|
if [ "$?" != "0" ] ; then
|
||||||
|
_err "Install cron job failed. You need to manually renew your certs."
|
||||||
|
_err "Or you can add cronjob by yourself:"
|
||||||
|
_err "LE_WORKING_DIR=\"$LE_WORKING_DIR\" $lesh cron > /dev/null"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
uninstallcronjob() {
|
uninstallcronjob() {
|
||||||
|
@ -1128,6 +1153,7 @@ _initconf() {
|
||||||
echo "#Account configurations:
|
echo "#Account configurations:
|
||||||
#Here are the supported macros, uncomment them to make them take effect.
|
#Here are the supported macros, uncomment them to make them take effect.
|
||||||
#ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account.
|
#ACCOUNT_EMAIL=aaa@aaa.com # the account email used to register account.
|
||||||
|
#ACCOUNT_KEY_PATH=\"/path/to/account.key\"
|
||||||
|
|
||||||
#STAGE=1 # Use the staging api
|
#STAGE=1 # Use the staging api
|
||||||
#FORCE=1 # Force to issue cert
|
#FORCE=1 # Force to issue cert
|
||||||
|
@ -1137,29 +1163,32 @@ _initconf() {
|
||||||
#######################
|
#######################
|
||||||
#Cloudflare:
|
#Cloudflare:
|
||||||
#api key
|
#api key
|
||||||
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
#CF_Key=\"sdfsdfsdfljlbjkljlkjsdfoiwje\"
|
||||||
#account email
|
#account email
|
||||||
#CF_Email="xxxx@sss.com"
|
#CF_Email=\"xxxx@sss.com\"
|
||||||
|
|
||||||
#######################
|
#######################
|
||||||
#Dnspod.cn:
|
#Dnspod.cn:
|
||||||
#api key id
|
#api key id
|
||||||
#DP_Id="1234"
|
#DP_Id=\"1234\"
|
||||||
#api key
|
#api key
|
||||||
#DP_Key="sADDsdasdgdsf"
|
#DP_Key=\"sADDsdasdgdsf\"
|
||||||
|
|
||||||
#######################
|
#######################
|
||||||
#Cloudxns.com:
|
#Cloudxns.com:
|
||||||
#CX_Key="1234"
|
#CX_Key=\"1234\"
|
||||||
#
|
#
|
||||||
#CX_Secret="sADDsdasdgdsf"
|
#CX_Secret=\"sADDsdasdgdsf\"
|
||||||
|
|
||||||
" > $ACCOUNT_CONF_PATH
|
" > $ACCOUNT_CONF_PATH
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
install() {
|
install() {
|
||||||
_initpath
|
if ! _initpath ; then
|
||||||
|
_err "Install failed."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
#check if there is sudo installed, AND if the current user is a sudoer.
|
#check if there is sudo installed, AND if the current user is a sudoer.
|
||||||
if command -v sudo > /dev/null ; then
|
if command -v sudo > /dev/null ; then
|
||||||
|
@ -1199,9 +1228,14 @@ install() {
|
||||||
|
|
||||||
_info "Installing to $LE_WORKING_DIR"
|
_info "Installing to $LE_WORKING_DIR"
|
||||||
|
|
||||||
_info "Installed to $LE_WORKING_DIR/le.sh"
|
cp le.sh "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/le.sh"
|
||||||
cp le.sh $LE_WORKING_DIR/
|
|
||||||
chmod +x $LE_WORKING_DIR/le.sh
|
if [ "$?" != "0" ] ; then
|
||||||
|
_err "Install failed, can not copy le.sh"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info "Installed to $LE_WORKING_DIR/le.sh"
|
||||||
|
|
||||||
_profile="$(_detect_profile)"
|
_profile="$(_detect_profile)"
|
||||||
if [ "$_profile" ] ; then
|
if [ "$_profile" ] ; then
|
||||||
|
@ -1211,7 +1245,7 @@ install() {
|
||||||
alias le=\"$LE_WORKING_DIR/le.sh\"
|
alias le=\"$LE_WORKING_DIR/le.sh\"
|
||||||
alias le.sh=\"$LE_WORKING_DIR/le.sh\"
|
alias le.sh=\"$LE_WORKING_DIR/le.sh\"
|
||||||
" > "$LE_WORKING_DIR/le.env"
|
" > "$LE_WORKING_DIR/le.env"
|
||||||
|
echo "" >> "$_profile"
|
||||||
_setopt "$_profile" "source \"$LE_WORKING_DIR/le.env\""
|
_setopt "$_profile" "source \"$LE_WORKING_DIR/le.env\""
|
||||||
_info "OK, Close and reopen your terminal to start using le"
|
_info "OK, Close and reopen your terminal to start using le"
|
||||||
else
|
else
|
||||||
|
@ -1240,7 +1274,8 @@ uninstall() {
|
||||||
|
|
||||||
_profile="$(_detect_profile)"
|
_profile="$(_detect_profile)"
|
||||||
if [ "$_profile" ] ; then
|
if [ "$_profile" ] ; then
|
||||||
sed -i /le.env/d "$_profile"
|
text="$(cat $_profile)"
|
||||||
|
echo "$text" | sed "s|^source.*le.env.*$||" > "$_profile"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -f $LE_WORKING_DIR/le.sh
|
rm -f $LE_WORKING_DIR/le.sh
|
||||||
|
|
Loading…
Reference in New Issue