plantroon
/
acme.sh
mirror of https://github.com/plantroon/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix param issues

This commit is contained in:
neil 2016-01-07 18:06:44 +08:00
parent 85fb3776eb
commit 0334473a58
1 changed files with 74 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
le.sh
View File

@ -57,7 +57,7 @@ createAccountKey() {
return return
else else
#generate account key #generate account key
openssl genrsa $length > $ACCOUNT_KEY_PATH openssl genrsa $length > "$ACCOUNT_KEY_PATH"
fi fi
} }
@ -76,14 +76,12 @@ createDomainKey() {
length=2048 length=2048
fi fi
_initpath $domain _initpath $domain
mkdir -p $WORKING_DIR/$domain
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
if [ -f "$CERT_KEY_PATH" ] ; then if [ -f "$CERT_KEY_PATH" ] ; then
_info "Domain key exists, skip" _info "Domain key exists, skip"
else else
#generate account key #generate account key
openssl genrsa $length > $CERT_KEY_PATH openssl genrsa $length > "$CERT_KEY_PATH"
fi fi
} }
@ -99,7 +97,7 @@ createCSR() {
domainlist=$2 domainlist=$2
if [ -f $CSR_PATH ] ; then if [ -f "$CSR_PATH" ] ; then
_info "CSR exists, skip" _info "CSR exists, skip"
return return
fi fi
@ -107,12 +105,12 @@ createCSR() {
if [ -z "$domainlist" ] ; then if [ -z "$domainlist" ] ; then
#single domain #single domain
_info "Single domain" $domain _info "Single domain" $domain
openssl req -new -sha256 -key $CERT_KEY_PATH -subj "/CN=$domain" > $CSR_PATH openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" > "$CSR_PATH"
else else
alt=DNS:$(echo $domainlist | sed "s/,/,DNS:/g") alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
#multi #multi
_info "Multi domain" $alt _info "Multi domain" "$alt"
openssl req -new -sha256 -key $CERT_KEY_PATH -subj "/CN=$domain" -reqexts SAN -config <(printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt") -out $CSR_PATH openssl req -new -sha256 -key "$CERT_KEY_PATH" -subj "/CN=$domain" -reqexts SAN -config <(printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n[SAN]\nsubjectAltName=$alt") -out "$CSR_PATH"
fi fi
} }
@ -193,15 +191,15 @@ _setopt() {
echo usage: $0 '"file" "opt" "=" "value" [";"]' echo usage: $0 '"file" "opt" "=" "value" [";"]'
return return
fi fi
if [ ! -f $__conf ] ; then if [ ! -f "$__conf" ] ; then
touch $__conf touch "$__conf"
fi fi
if grep -H -n "^$__opt$__sep" $__conf > /dev/null ; then if grep -H -n "^$__opt$__sep" "$__conf" > /dev/null ; then
_debug OK _debug OK
sed -i "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" $__conf sed -i "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" "$__conf"
else else
_debug APP _debug APP
echo "$__opt$__sep$__val$__end" >> $__conf echo "$__opt$__sep$__val$__end" >> "$__conf"
fi fi
_debug "$(grep -H -n "^$__opt$__sep" $__conf)" _debug "$(grep -H -n "^$__opt$__sep" $__conf)"
} }
@ -212,7 +210,7 @@ _startserver() {
if [ "$DEBUG" ] ; then if [ "$DEBUG" ] ; then
echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80
else else
echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 2>&1 > /dev/null echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 > /dev/null
fi fi
done done
} }
@ -221,12 +219,12 @@ _stopserver() {
pid="$1" pid="$1"
if [ "$pid" ] ; then if [ "$pid" ] ; then
if [ "$DEBUG" ] ; then if [ "$DEBUG" ] ; then
kill -s 9 $pid 2>&1 kill -s 9 $pid
killall -s 9 nc 2>&1 killall -s 9 nc
else else
kill -s 9 $pid 2>&1 > /dev/null kill -s 9 $pid > /dev/null
wait $pid 2>/dev/null wait $pid 2>/dev/null
killall -s 9 nc 2>&1 > /dev/null killall -s 9 nc > /dev/null
fi fi
fi fi
} }
@ -236,23 +234,25 @@ _initpath() {
WORKING_DIR=~/.le WORKING_DIR=~/.le
fi fi
domain=$1 domain="$1"
mkdir -p $WORKING_DIR mkdir -p "$WORKING_DIR"
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc ACCOUNT_KEY_PATH="$WORKING_DIR/account.acc"
if [ -z "$domain" ] ; then if [ -z "$domain" ] ; then
return 0 return 0
fi fi
mkdir -p $WORKING_DIR/$domain mkdir -p "$WORKING_DIR/$domain"
CSR_PATH=$WORKING_DIR/$domain/$domain.csr
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key DOMAIN_CONF="$WORKING_DIR/$domain/$Le_Domain.conf"
CERT_PATH=$WORKING_DIR/$domain/$domain.cer
CA_CERT_PATH=$WORKING_DIR/$domain/ca.cer CSR_PATH="$WORKING_DIR/$domain/$domain.csr"
CERT_KEY_PATH="$WORKING_DIR/$domain/$domain.key"
CERT_PATH="$WORKING_DIR/$domain/$domain.cer"
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
} }
@ -261,22 +261,21 @@ issue() {
echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no" echo "Usage: le issue webroot|no a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
return 1 return 1
fi fi
Le_Webroot=$1 Le_Webroot="$1"
Le_Domain=$2 Le_Domain="$2"
Le_Alt=$3 Le_Alt="$3"
Le_Keylength=$4 Le_Keylength="$4"
Le_RealCertPath=$5 Le_RealCertPath="$5"
Le_RealKeyPath=$6 Le_RealKeyPath="$6"
Le_RealCACertPath=$7 Le_RealCACertPath="$7"
Le_ReloadCmd=$8 Le_ReloadCmd="$8"
if [ -z "$Le_Domain" ] ; then if [ -z "$Le_Domain" ] ; then
Le_Domain="$1" Le_Domain="$1"
fi fi
_initpath $Le_Domain _initpath $Le_Domain
DOMAIN_CONF=$WORKING_DIR/$Le_Domain/$Le_Domain.conf
if [ -f "$DOMAIN_CONF" ] ; then if [ -f "$DOMAIN_CONF" ] ; then
source "$DOMAIN_CONF" source "$DOMAIN_CONF"
if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then
@ -397,7 +396,7 @@ issue() {
if [ "$Le_Webroot" == "no" ] ; then if [ "$Le_Webroot" == "no" ] ; then
_info "Standalone mode server" _info "Standalone mode server"
_startserver "$keyauthorization" 2>&1 >/dev/null & _startserver "$keyauthorization" &
serverproc="$!" serverproc="$!"
sleep 2 sleep 2
_debug serverproc $serverproc _debug serverproc $serverproc
@ -463,26 +462,26 @@ issue() {
Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)" Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
_setopt $DOMAIN_CONF "Le_LinkCert" "=" "$Le_LinkCert" _setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert"
if [ "$Le_LinkCert" ] ; then if [ "$Le_LinkCert" ] ; then
echo -----BEGIN CERTIFICATE----- > $CERT_PATH echo -----BEGIN CERTIFICATE----- > "$CERT_PATH"
curl --silent $Le_LinkCert | base64 >> $CERT_PATH curl --silent "$Le_LinkCert" | base64 >> "$CERT_PATH"
echo -----END CERTIFICATE----- >> $CERT_PATH echo -----END CERTIFICATE----- >> "$CERT_PATH"
_info "Cert success." _info "Cert success."
cat $CERT_PATH cat "$CERT_PATH"
_info "Your cert is in $CERT_PATH" _info "Your cert is in $CERT_PATH"
fi fi
_setopt $DOMAIN_CONF "Le_Domain" "=" "$Le_Domain" _setopt "$DOMAIN_CONF" "Le_Domain" "=" "$Le_Domain"
_setopt $DOMAIN_CONF "Le_Alt" "=" "$Le_Alt" _setopt "$DOMAIN_CONF" "Le_Alt" "=" "$Le_Alt"
_setopt $DOMAIN_CONF "Le_Webroot" "=" "$Le_Webroot" _setopt "$DOMAIN_CONF" "Le_Webroot" "=" "$Le_Webroot"
_setopt $DOMAIN_CONF "Le_Keylength" "=" "$Le_Keylength" _setopt "$DOMAIN_CONF" "Le_Keylength" "=" "$Le_Keylength"
_setopt $DOMAIN_CONF "Le_RealCertPath" "=" "\"$Le_RealCertPath\"" _setopt "$DOMAIN_CONF" "Le_RealCertPath" "=" "\"$Le_RealCertPath\""
_setopt $DOMAIN_CONF "Le_RealCACertPath" "=" "\"$Le_RealCACertPath\"" _setopt "$DOMAIN_CONF" "Le_RealCACertPath" "=" "\"$Le_RealCACertPath\""
_setopt $DOMAIN_CONF "Le_RealKeyPath" "=" "\"$Le_RealKeyPath\"" _setopt "$DOMAIN_CONF" "Le_RealKeyPath" "=" "\"$Le_RealKeyPath\""
_setopt $DOMAIN_CONF "Le_ReloadCmd" "=" "\"$Le_ReloadCmd\"" _setopt "$DOMAIN_CONF" "Le_ReloadCmd" "=" "\"$Le_ReloadCmd\""
if [ -z "$Le_LinkCert" ] ; then if [ -z "$Le_LinkCert" ] ; then
response="$(echo $response | base64 -d)" response="$(echo $response | base64 -d)"
@ -491,60 +490,60 @@ issue() {
fi fi
Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g') Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
_setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer" _setopt "$DOMAIN_CONF" "Le_LinkIssuer" "=" "$Le_LinkIssuer"
if [ "$Le_LinkIssuer" ] ; then if [ "$Le_LinkIssuer" ] ; then
echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH echo -----BEGIN CERTIFICATE----- > "$CA_CERT_PATH"
curl --silent $Le_LinkIssuer | base64 >> $CA_CERT_PATH curl --silent "$Le_LinkIssuer" | base64 >> "$CA_CERT_PATH"
echo -----END CERTIFICATE----- >> $CA_CERT_PATH echo -----END CERTIFICATE----- >> "$CA_CERT_PATH"
_info "The intermediate CA cert is in $CA_CERT_PATH" _info "The intermediate CA cert is in $CA_CERT_PATH"
fi fi
Le_CertCreateTime=$(date -u "+%s") Le_CertCreateTime=$(date -u "+%s")
_setopt $DOMAIN_CONF "Le_CertCreateTime" "=" "$Le_CertCreateTime" _setopt "$DOMAIN_CONF" "Le_CertCreateTime" "=" "$Le_CertCreateTime"
Le_CertCreateTimeStr=$(date -u "+%Y-%m-%d %H:%M:%S UTC") Le_CertCreateTimeStr=$(date -u "+%Y-%m-%d %H:%M:%S UTC")
_setopt $DOMAIN_CONF "Le_CertCreateTimeStr" "=" "\"$Le_CertCreateTimeStr\"" _setopt "$DOMAIN_CONF" "Le_CertCreateTimeStr" "=" "\"$Le_CertCreateTimeStr\""
if [ ! "$Le_RenewalDays" ] ; then if [ ! "$Le_RenewalDays" ] ; then
Le_RenewalDays=50 Le_RenewalDays=50
fi fi
_setopt $DOMAIN_CONF "Le_RenewalDays" "=" "$Le_RenewalDays" _setopt "$DOMAIN_CONF" "Le_RenewalDays" "=" "$Le_RenewalDays"
Le_NextRenewTime=$(date -u -d "+$Le_RenewalDays day" "+%s") Le_NextRenewTime=$(date -u -d "+$Le_RenewalDays day" "+%s")
_setopt $DOMAIN_CONF "Le_NextRenewTime" "=" "$Le_NextRenewTime" _setopt "$DOMAIN_CONF" "Le_NextRenewTime" "=" "$Le_NextRenewTime"
Le_NextRenewTimeStr=$(date -u -d "+$Le_RenewalDays day" "+%Y-%m-%d %H:%M:%S UTC") Le_NextRenewTimeStr=$(date -u -d "+$Le_RenewalDays day" "+%Y-%m-%d %H:%M:%S UTC")
_setopt $DOMAIN_CONF "Le_NextRenewTimeStr" "=" "\"$Le_NextRenewTimeStr\"" _setopt "$DOMAIN_CONF" "Le_NextRenewTimeStr" "=" "\"$Le_NextRenewTimeStr\""
if [ "$Le_RealCertPath" ] ; then if [ "$Le_RealCertPath" ] ; then
if [ -f "$Le_RealCertPath" ] ; then if [ -f "$Le_RealCertPath" ] ; then
rm -f $Le_RealCertPath rm -f "$Le_RealCertPath"
fi fi
ln -s $CERT_PATH $Le_RealCertPath ln -s "$CERT_PATH" "$Le_RealCertPath"
fi fi
if [ "$Le_RealCACertPath" ] ; then if [ "$Le_RealCACertPath" ] ; then
if [ -f "$Le_RealCACertPath" ] ; then if [ -f "$Le_RealCACertPath" ] ; then
rm -f $Le_RealCACertPath rm -f "$Le_RealCACertPath"
fi fi
ln -s $CA_CERT_PATH $Le_RealCACertPath ln -s "$CA_CERT_PATH" "$Le_RealCACertPath"
fi fi
if [ "$Le_RealKeyPath" ] ; then if [ "$Le_RealKeyPath" ] ; then
if [ -f "$Le_RealKeyPath" ] ; then if [ -f "$Le_RealKeyPath" ] ; then
rm -f $Le_RealKeyPath rm -f "$Le_RealKeyPath"
fi fi
ln -s $CERT_KEY_PATH $Le_RealKeyPath ln -s "$CERT_KEY_PATH" "$Le_RealKeyPath"
fi fi
if [ "$Le_ReloadCmd" ] ; then if [ "$Le_ReloadCmd" ] ; then
_info "Run Le_ReloadCmd: $Le_ReloadCmd" _info "Run Le_ReloadCmd: $Le_ReloadCmd"
$Le_ReloadCmd "$Le_ReloadCmd"
fi fi
} }
@ -623,14 +622,11 @@ install() {
_info "Installing to $WORKING_DIR" _info "Installing to $WORKING_DIR"
mkdir -p $WORKING_DIR/
cp le.sh $WORKING_DIR/
chmod +x $WORKING_DIR/le.sh
if [ ! -f /bin/le.sh ] ; then if [ ! -f /bin/le.sh ] ; then
ln -s $WORKING_DIR/le.sh /bin/le.sh cp le.sh "/bin/"
ln -s $WORKING_DIR/le.sh /bin/le chmod +x "/bin/le.sh"
ln -s "/bin/le.sh" /bin/le
fi fi
_info "Installing cron job" _info "Installing cron job"
@ -682,12 +678,6 @@ showhelp() {
if [ -z "$1" ] ; then if [ -z "$1" ] ; then
showhelp showhelp
else
"$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9"
fi fi
$1 $2 $3 $4 $5 $6 $7 $8