github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity
5,994 Commits
9 Branches
45 Tags
18 MiB
Commit Graph

600 Commits (dev)

Author SHA1 Message Date
Ludovic Ortega 1bfd4672e1
fix: remove double square brackets 2024-11-12 22:10:34 +01:00
Ludovic Ortega 08807b498e
fix: bad copy/paste 
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
 2024-11-10 13:30:18 +01:00
Ludovic Ortega e8a453c567
fix: lint 
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
 2024-11-10 13:21:09 +01:00
ms264556 717802611a remove dead code 2024-11-10 22:43:57 +13:00
ms264556 b6a77e0231 Ruckus - use _get() and _post() 2024-11-10 22:12:38 +13:00
Ludovic Ortega 21b966c8e6
fix: don't check for subversion that can lead to error 
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
 2024-11-10 02:56:40 +01:00
Ludovic Ortega 64a1e88982
feat: add support for docker apps 
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
 2024-11-10 02:41:38 +01:00
Ludovic Ortega 34c8b882c6
fix: helm chart seems available only on truenas scale 
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
 2024-11-10 00:34:26 +01:00
Ludovic Ortega fa420d70cc
fix: verify truenas os version 2024-11-10 00:13:53 +01:00
Ludovic Ortega 2c67934191
fix(truenas): builtin service deprecation 2024-11-09 23:29:52 +01:00
neil 7362e8de4d fix format 2024-10-13 17:41:22 +02:00
Shirasawa 76719d1bf5
fix: fix ali_dcdn function naming typo 2024-09-25 00:27:04 +08:00
PMExtra 89342bcb75 add ali_dcdn deploy hook 2024-09-23 15:11:52 +08:00
PMExtra 2ea37e6a0d refactor(ali): check the result of prepare_ali_credentials 2024-09-20 14:55:33 +08:00
PMExtra ea2330b49f refactor(ali): move the loading script into ali_cdn_deploy 2024-09-20 14:54:07 +08:00
PMExtra 610bb2b85c refactor(ali): set API endpoint for each action 2024-09-19 16:30:04 +08:00
PMExtra fca6e9b932 refactor: Alibaba Cloud API 2024-09-19 15:49:42 +08:00
neil 2d282597ca fix format 2024-09-15 14:30:12 +02:00
neil beb31ab2fa
Merge pull request #5246 from 3VAbdAVE/dev 
Updating unifi deploy hook - remove keytool requirement
 2024-09-15 13:43:18 +02:00
neil e6461380c6
Merge pull request #5205 from PMExtra/feature/ali_cdn 
feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment
 2024-09-13 13:58:52 +02:00
3VAbdAVE d8637b2c0f fixes #3359 
Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12.

Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller.

Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
 2024-08-15 11:25:23 -04:00
neil bb8386ab85
Merge pull request #5245 from nathanejohnson/master 
RouterOS - make deploy more resilient
 2024-08-15 19:57:44 +08:00
Nathan Johnson e711d168df RouterOS - make deploy more resilient 
In the case where importing the cert and key removes the files from disk
the existing deploy will fail when it tries to remove those files.  This
still attempts to remove the files but catches the error and moves on instead
of bombing like before.

Similarly, if the deploy had failed before, subsequent deploys would fail
because the script already existed, so it would not be able to create
the script.  This first attempts to remove the script if it exists, and then
creates the script.
 2024-08-09 16:38:09 -05:00
neil 11aef82993
Merge pull request #5139 from scruel/scruel-patch-1 
feat: guide user to run script as root to create temp admin user
 2024-07-19 11:16:44 +08:00
Scruel Tao 60569fdd83
fix(deploy): respect api path with synology Auth API 
fix #5184
 2024-07-14 15:04:43 +08:00
PMExtra 945b7de76f feat(deploy_ali_cdn): improve upper-case 2024-07-11 18:41:39 +08:00
PMExtra 3c35eadbc4 feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment 2024-07-11 18:29:20 +08:00
Marek Wester e0c63d58b2 improve compatibility with FreeBSD 
it is related to this bug report: opnsense/plugins#3525

FreeBSD's sed doesn't have the -z option, so empty certificates are delivered to vault when running the script on FreeBSD.
 2024-06-15 23:19:04 +02:00
Scruel Tao 1dbc58d4e0
chore: optimize more msgs 2024-05-08 14:01:43 +08:00
Scruel Tao 47ccb28482
chore: typo 2024-05-08 04:46:51 +08:00
Scruel Tao 744dea00ca
feat: guide user to run script as root to create temp admin user 
Message text and comment optimized
 2024-05-08 02:56:21 +08:00
Scruel Tao cd01104de9
fix(deploy_dsm): ensure grep get the error code 
Added grep -o option to ensure the script won't get other digits as the error code result
 2024-04-25 13:39:05 +08:00
Scruel Tao 9ff89b570f
fix(deploy_dsm): missing gerp -P option on busybox 
Fixes:  #5105
 2024-04-25 04:02:49 +08:00
neil 9863e7ea6e
Merge pull request #5023 from scruel/patch-dsm-deploy 
Patch Synology DSM deploy: support DSM 6.x & user-friendly refactor.
 2024-04-21 09:45:41 +02:00
neil c51104f956 fix format 2024-03-31 20:33:57 +02:00
neil cc5c722e29
Merge pull request #5072 from aSauerwein/master 
feature: add template option for panos deploy hook
 2024-03-31 20:15:18 +02:00
asauerwein 4fcddd1893 add template option 2024-03-31 09:16:21 +02:00
neil 2728d2aa6e fix format 2024-03-18 21:09:49 +01:00
neil 0588fc6b7c
Merge pull request #4581 from wlallemand/haproxy-hot-update 
haproxy deploy hook updates existing certificate over stats socket
 2024-03-18 21:07:12 +01:00
Scruel Tao 6af5293315 doc: adjust 2024-02-28 02:00:07 +08:00
Scruel Tao ff090d2f74 fix lint 2024-02-26 23:45:19 +08:00
Scruel Tao 68e3a12a91 feat: improve robustness of the usage of DSM tool `synogroup` 2024-02-26 23:38:44 +08:00
Scruel Tao 50eda6b678 fix: lint 2024-02-26 21:07:15 +08:00
Scruel Tao 192ec598a3 feat: add `SYNO_LOCAL_HOSTNAME` to prevent remote deploy via temp admin method 2024-02-26 21:03:26 +08:00
Scruel Tao 5b449999a5 refactor: unify variable naming convention again (revert some changes) 2024-02-26 20:55:49 +08:00
Scruel Tao afed62f6de fix: should save `SYNO_UseTempAdmin` only after login success. 2024-02-26 07:05:00 +08:00
Scruel Tao 59d1e16f9c feat: bypass enforce temp admin 2FA 2024-02-26 06:23:47 +08:00
Scruel Tao dbe0d477d6 feat: more user-friendly logic & error messages. 2024-02-26 06:23:46 +08:00
Scruel Tao 7248560169 feat: support DSM 6.x 2024-02-26 06:23:45 +08:00
Scruel Tao f840f7d75b refactor: unify variable naming convention 2024-02-26 06:23:42 +08:00
Scruel Tao cf3839ecec
doc(deploy): update usage doc 2024-02-22 12:38:51 +08:00
neil aa8cf76fb1
Merge pull request #4706 from scruel/syno-patch 
Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic
 2024-02-13 09:57:51 +08:00
neil 2e58cf1168
Merge pull request #4940 from dario-pilori/fix-routeros-7 
Fix RouterOS deploy hook for 7
 2024-01-04 23:15:36 +01:00
Dario Pilori 3ca97d7258
Remove whitespace in script name in routeros.sh deploy hook 2024-01-04 18:28:05 +01:00
LordDarkneo 6992659ba9
Update synology_dsm.sh 2023-12-22 14:36:52 -05:00
LordDarkneo 05696d443a
Update synology_dsm.sh 
#2727 issue when logging out on older version - using variables to unlog only for CERT user
 2023-12-22 14:34:35 -05:00
LordDarkneo f59a925897
Update synology_dsm.sh 
Issue for lougout
 2023-12-22 09:09:29 -05:00
William Lallemand e09d45c844 haproxy; don't use '*' in the filename for wildcard domain 
By default acme.sh uses the '*' character in the filename for wildcard.
That can be confusing within HAProxy since the * character in front of a
filename in the stat socket is used to specified an uncommitted
transaction.

This patch replace the '*' by a '_' in the filename.
This is only done when using the default filename, the name can still be
forced with an asterisk.
 2023-12-01 15:35:31 +01:00
William Lallemand 36fc321096 haproxy: use the master CLI for hot update 
DEPLOY_HAPROXY_MASTER_CLI allows to use the HAProxy master CLI instead
of a stats socket for DEPLOY_HAPROXY_HOT_UPDATE="yes"

The syntax of the master CLI is slightly different, a prefix with the
process number need to be added before any command.

This patch uses ${_cmdpfx} in front of every socat commands which is
filled when the master CLI is used.
 2023-11-30 15:22:51 +01:00
William Lallemand 98a7a01dbb haproxy: deploy script can add a new certificate over the stats socket 
DEPLOY_HAPROXY_HOT_UPDATE="yes" now allows to add a new certificate
within HAProxy instead of updating an existing one.

In order to work, the ${DEPLOY_HAPROXY_PEM_PATH} value must be used as a
parameter to the "crt" keyword in the haproxy configuration.

The patch uses the following commands over HAProxy stats socket:
- show ssl cert
- new ssl cert
- set ssl cert
- commit ssl cert
- add ssl crt-list
 2023-11-30 14:00:44 +01:00
William Lallemand 0f7be90500 haproxy: deploy script can update existing certificate over stats socket 
Since version 2.2, HAProxy is able to update dynamically certificates,
without a reload.

This patch uses socat to push the certificate into HAProxy in order to
achieve hot update. With this method, reloading is not required.
This should be used only to update an existing certificate in haproxy.

2 new variables are available:

- DEPLOY_HAPROXY_HOT_UPDATE="yes" update over the stats socket instead
  of reloading

- DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock" set the path on
  the stats socket.
 2023-11-30 14:00:44 +01:00
William Lallemand 7aaf4432d4 haproxy: sanitize the PEM in the deploy script 
Sanitize the PEM of the haproxy deploy script by removing the '\n', this
way it could be injected directly over the CLI.
 2023-11-30 14:00:41 +01:00
neil 884a8995b4
Merge pull request #4853 from Max13/deploy/proxmoxve 
Fix typo in proxmoxve deploy hook
 2023-11-22 09:19:51 +01:00
Adnan RIHAN 00dbc3881f
Fixed variables 2023-11-01 20:02:16 +01:00
podguzovvasily 8ca5ca6594
Update haproxy.sh 
resolved issue with HAProxy https://github.com/acmesh-official/acme.sh/issues/4788
according https://serversforhackers.com/c/letsencrypt-with-haproxy
 2023-10-24 16:58:47 +03:00
Keith Chiem ed72b090af deploy hook for Ruckus ZoneDirector / Unleashed 2023-10-18 20:32:39 -07:00
Romeo Dumitrescu 87a7bde618 fix: Synology DSM API path regex 
Fix the regex for looking up the API path value from the Synology API query.
 2023-09-25 18:43:01 +03:00
Scruel Tao 29b2960805
Optimze comment & remove tail space 2023-09-07 15:01:37 +08:00
Scruel Tao f7f3a0bf0d
Merge branch 'dev' into syno-patch 2023-09-07 14:57:53 +08:00
Martin Arndt b793dbf977
Fix device ID property name for DSM 6 2023-08-11 17:55:45 +02:00
Martin Arndt d52b38777a
Fix Auth API access for DSM 6 2023-08-09 19:52:37 +02:00
Scruel Tao ba468bb5e4
Fix for shfmt check 2023-07-20 13:38:36 +08:00
Scruel Tao cf86d57a9f
Fix for shfmt check 2023-07-20 13:34:57 +08:00
Scruel Tao 9e958f4e32
Fix shellcheck 2023-07-20 13:09:21 +08:00
Scruel Tao c7f6f20c9d
Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic 
1. Fix the broken logic in (Sorry for including fix commit in same PR, I'm feeling quite tired and would like to go to sleep right away...)
2. Provides new method to obtain credential info for authentication, it will create a temp admin user if SYNO_USE_TEMP_ADMIN is set, instead of requiring the user's own credentials which will be saved in disk.

I do really don't like to have plaintext credentials be saved in disk, and I noticed that you've spent a lot of time fighting with 2FA related stuffs, so why not just get rid of the whole old way. :)
 2023-07-20 02:48:29 +08:00
sg1888 1984f44ffe Shell formatting 2023-07-18 20:18:12 +00:00
sg1888 02de281e40 Removed unused variable 2023-07-18 20:15:46 +00:00
sg1888 ae035deb92 Fixed shell check errors 2023-07-18 20:10:31 +00:00
sg1888 edd1b60c3d Removed ability to specify API key to facilitate future multiple host functionality. 2023-07-18 19:43:47 +00:00
sg1888 62a2ce1d35 Merge remote-tracking branch 'upstream/dev' into panos-ecc-fix 2023-07-12 00:22:03 +00:00
sg1888 b556908cab Modified ECC file test 2023-07-12 00:03:21 +00:00
sg1888 e69a19db5c Incorporated partial commit to address issue #4198 2023-07-11 23:56:41 +00:00
sg1888 d86414febb Excluded scopes for api key test 2023-07-11 23:41:24 +00:00
sg1888 832318fab1 Merge remote-tracking branch 'upstream/master' into panos-ecc-fix 2023-07-11 20:25:43 +00:00
Martin Arndt 0d7b831661
Fix variable initialization 2023-07-04 16:58:14 +02:00
Martin Arndt 0c9e4f67a8
Update synology_dsm.sh 
Split "[ && ]" into "[ ] && [ ]" to make ShellCheck happy
 2023-07-04 15:55:44 +02:00
Martin Arndt db3f131dfc
Re-add deprecated SYNO_TOTP_SECRET part for legacy compatibility 
As requested in acmesh-official/acme.sh/pull/4646 by Neil Pang
 2023-07-04 15:47:19 +02:00
Martin Arndt d7f58c64f8
Merge branch 'acmesh-official:master' into patch-1 2023-07-04 14:57:19 +02:00
Martin Arndt 0548ad2fc6
Fix debug output of session ID 2023-05-28 22:33:15 +02:00
Martin Arndt 623d615cd7
Remove external OTP dependency from synology_dsm.sh 
Also adapt to DSM 7's API improvements.
 2023-05-28 21:42:53 +02:00
sg1888 126df9647b Modified keytest to perform a partial empty commit 2023-05-24 18:51:57 +00:00
sg1888 2e2e7cd054 Added ability to force commit to firewall. Username is now also mandatory 2023-05-17 20:06:06 +00:00
sg1888 0ebc9f7a44 Fixed typo 2023-05-15 01:46:21 +00:00
sg1888 a8fba65cbd Cleaned up verbiage. Added ability to store / update user variable. Added ability to use user/pass OR key 2023-05-15 01:43:54 +00:00
sg1888 7623025b90 Fixes for POSIX sh shell 2023-04-24 18:45:50 +00:00
neilpang b937665b90 minor 2023-04-23 13:18:17 +08:00
neilpang a7bc2293c0 fix https://github.com/acmesh-official/acme.sh/issues/4612#issuecomment-1518929996 2023-04-23 13:16:12 +08:00
sg1888 df753e2619 Added functionality to save and reuse API key 2023-04-12 22:00:53 +00:00
sg1888 cbb7082afd Fixed bug with wildcard certs and ecc keys 2023-03-31 00:33:44 +00:00
neilpang 2690c05781 fix format 2023-01-28 15:28:06 +08:00