Merge pull request #2137 from Neilpang/dev

Dev
This commit is contained in:
neil 2019-03-05 21:50:47 +08:00 committed by GitHub
commit 08357e3cb0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 22 deletions

46
acme.sh
View File

@ -66,6 +66,9 @@ END_CERT="-----END CERTIFICATE-----"
CONTENT_TYPE_JSON="application/jose+json"
RENEW_SKIP=2
B64CONF_START="__ACME_BASE64__START_"
B64CONF_END="__ACME_BASE64__END_"
ECC_SEP="_"
ECC_SUFFIX="${ECC_SEP}ecc"
@ -1964,12 +1967,16 @@ _setopt() {
_debug3 "$(grep -n "^$__opt$__sep" "$__conf")"
}
#_save_conf file key value
#_save_conf file key value base64encode
#save to conf
_save_conf() {
_s_c_f="$1"
_sdkey="$2"
_sdvalue="$3"
_b64encode="$4"
if [ "$_b64encode" ]; then
_sdvalue="${B64CONF_START}$(printf "%s" "${_sdvalue}" | _base64)${B64CONF_END}"
fi
if [ "$_s_c_f" ]; then
_setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'"
else
@ -1994,19 +2001,20 @@ _read_conf() {
_r_c_f="$1"
_sdkey="$2"
if [ -f "$_r_c_f" ]; then
(
eval "$(grep "^$_sdkey *=" "$_r_c_f")"
eval "printf \"%s\" \"\$$_sdkey\""
)
_sdv="$(grep "^$_sdkey *=" "$_r_c_f" | cut -d = -f 2-1000 | tr -d "'")"
if _startswith "$_sdv" "${B64CONF_START}" && _endswith "$_sdv" "${B64CONF_END}"; then
_sdv="$(echo "$_sdv" | sed "s/${B64CONF_START}//" | sed "s/${B64CONF_END}//" | _dbase64)"
fi
printf "%s" "$_sdv"
else
_debug "config file is empty, can not read $_sdkey"
fi
}
#_savedomainconf key value
#_savedomainconf key value base64encode
#save to domain.conf
_savedomainconf() {
_save_conf "$DOMAIN_CONF" "$1" "$2"
_save_conf "$DOMAIN_CONF" "$@"
}
#_cleardomainconf key
@ -2019,14 +2027,14 @@ _readdomainconf() {
_read_conf "$DOMAIN_CONF" "$1"
}
#_saveaccountconf key value
#_saveaccountconf key value base64encode
_saveaccountconf() {
_save_conf "$ACCOUNT_CONF_PATH" "$1" "$2"
_save_conf "$ACCOUNT_CONF_PATH" "$@"
}
#key value
#key value base64encode
_saveaccountconf_mutable() {
_save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2"
_save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2" "$3"
#remove later
_clearaccountconf "$1"
}
@ -3642,9 +3650,9 @@ issue() {
_savedomainconf "Le_Alt" "$_alt_domains"
_savedomainconf "Le_Webroot" "$_web_roots"
_savedomainconf "Le_PreHook" "$_pre_hook"
_savedomainconf "Le_PostHook" "$_post_hook"
_savedomainconf "Le_RenewHook" "$_renew_hook"
_savedomainconf "Le_PreHook" "$_pre_hook" "base64"
_savedomainconf "Le_PostHook" "$_post_hook" "base64"
_savedomainconf "Le_RenewHook" "$_renew_hook" "base64"
if [ "$_local_addr" ]; then
_savedomainconf "Le_LocalAddress" "$_local_addr"
@ -4455,7 +4463,7 @@ $_authorizations_map"
_savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
return 1
@ -4522,6 +4530,10 @@ renew() {
fi
IS_RENEW="1"
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
Le_PreHook="$(_readdomainconf Le_PreHook)"
Le_PostHook="$(_readdomainconf Le_PostHook)"
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
res="$?"
if [ "$res" != "0" ]; then
@ -4802,7 +4814,7 @@ installcert() {
_savedomainconf "Le_RealCertPath" "$_real_cert"
_savedomainconf "Le_RealCACertPath" "$_real_ca"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
@ -4886,7 +4898,7 @@ _installcert() {
export CERT_KEY_PATH
export CA_CERT_PATH
export CERT_FULLCHAIN_PATH
export Le_Domain
export Le_Domain="$_main_domain"
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
); then
_info "$(__green "Reload success")"

View File

@ -349,10 +349,10 @@ $ export QINIU_SK="bar"
$ acme.sh --deploy -d example.com --deploy-hook qiniu
```
假如您部署的证书为泛域名证书,您还需要设置 `QINIU_CDN_DOMAIN` 变量,指定实际需要部署的域名:
假如您部署的证书为泛域名证书,您还需要设置 `QINIU_CDN_DOMAIN` 变量,指定实际需要部署的域名(请注意泛域名前的点)
```sh
$ export QINIU_CDN_DOMAIN="cdn.example.com"
$ export QINIU_CDN_DOMAIN=".cdn.example.com"
$ acme.sh --deploy -d example.com --deploy-hook qiniu
```
@ -375,10 +375,10 @@ $ acme.sh --deploy -d example.com --deploy-hook qiniu
(Optional), If you are using wildcard certificate,
you may need export `QINIU_CDN_DOMAIN` to specify which domain
you want to update:
you want to update (please note the leading dot):
```sh
$ export QINIU_CDN_DOMAIN="cdn.example.com"
$ export QINIU_CDN_DOMAIN=".cdn.example.com"
$ acme.sh --deploy -d example.com --deploy-hook qiniu
```

View File

@ -87,6 +87,6 @@ qiniu_deploy() {
}
_make_access_token() {
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64)"
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64 | tr -- '+/' '-_')"
echo "$QINIU_AK:$_token"
}