mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-27 07:21:53 +00:00
commit
2f0d0e7c7a
162
acme.sh
162
acme.sh
@ -146,6 +146,8 @@ _DNS_ALIAS_WIKI="https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode"
|
|||||||
|
|
||||||
_DNS_MANUAL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode"
|
_DNS_MANUAL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode"
|
||||||
|
|
||||||
|
_DNS_API_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnsapi"
|
||||||
|
|
||||||
_NOTIFY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/notify"
|
_NOTIFY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/notify"
|
||||||
|
|
||||||
_SUDO_WIKI="https://github.com/acmesh-official/acme.sh/wiki/sudo"
|
_SUDO_WIKI="https://github.com/acmesh-official/acme.sh/wiki/sudo"
|
||||||
@ -156,6 +158,8 @@ _ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
|
|||||||
|
|
||||||
_SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
|
_SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
|
||||||
|
|
||||||
|
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
|
||||||
|
|
||||||
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
||||||
|
|
||||||
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
||||||
@ -3985,6 +3989,20 @@ _check_dns_entries() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#file
|
||||||
|
_get_cert_issuer() {
|
||||||
|
_cfile="$1"
|
||||||
|
echo $(openssl x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2)
|
||||||
|
}
|
||||||
|
|
||||||
|
#cert issuer
|
||||||
|
_match_issuer() {
|
||||||
|
_cfile="$1"
|
||||||
|
_missuer="$2"
|
||||||
|
_fissuer=$(_get_cert_issuer $_cfile)
|
||||||
|
[ "$_missuer" = "$_fissuer" ]
|
||||||
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ]; then
|
if [ -z "$2" ]; then
|
||||||
@ -4017,16 +4035,7 @@ issue() {
|
|||||||
_renew_hook="${12}"
|
_renew_hook="${12}"
|
||||||
_local_addr="${13}"
|
_local_addr="${13}"
|
||||||
_challenge_alias="${14}"
|
_challenge_alias="${14}"
|
||||||
#remove these later.
|
_preferred_chain="${15}"
|
||||||
if [ "$_web_roots" = "dns-cf" ]; then
|
|
||||||
_web_roots="dns_cf"
|
|
||||||
fi
|
|
||||||
if [ "$_web_roots" = "dns-dp" ]; then
|
|
||||||
_web_roots="dns_dp"
|
|
||||||
fi
|
|
||||||
if [ "$_web_roots" = "dns-cx" ]; then
|
|
||||||
_web_roots="dns_cx"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! "$IS_RENEW" ]; then
|
if [ ! "$IS_RENEW" ]; then
|
||||||
_initpath "$_main_domain" "$_key_length"
|
_initpath "$_main_domain" "$_key_length"
|
||||||
@ -4079,6 +4088,11 @@ issue() {
|
|||||||
else
|
else
|
||||||
_cleardomainconf "Le_ChallengeAlias"
|
_cleardomainconf "Le_ChallengeAlias"
|
||||||
fi
|
fi
|
||||||
|
if [ "$_preferred_chain" ]; then
|
||||||
|
_savedomainconf "Le_Preferred_Chain" "$_preferred_chain" "base64"
|
||||||
|
else
|
||||||
|
_cleardomainconf "Le_Preferred_Chain"
|
||||||
|
fi
|
||||||
|
|
||||||
Le_API="$ACME_DIRECTORY"
|
Le_API="$ACME_DIRECTORY"
|
||||||
_savedomainconf "Le_API" "$Le_API"
|
_savedomainconf "Le_API" "$Le_API"
|
||||||
@ -4746,7 +4760,7 @@ $_authorizations_map"
|
|||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_info "Download cert, Le_LinkCert: $Le_LinkCert"
|
_info "Downloading cert, Le_LinkCert: $Le_LinkCert"
|
||||||
if ! _send_signed_request "$Le_LinkCert"; then
|
if ! _send_signed_request "$Le_LinkCert"; then
|
||||||
_err "Sign failed, can not download cert:$Le_LinkCert."
|
_err "Sign failed, can not download cert:$Le_LinkCert."
|
||||||
_err "$response"
|
_err "$response"
|
||||||
@ -4755,17 +4769,36 @@ $_authorizations_map"
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$response" >"$CERT_PATH"
|
echo "$response" >"$CERT_PATH"
|
||||||
|
_split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH"
|
||||||
|
|
||||||
if [ "$(grep -- "$BEGIN_CERT" "$CERT_PATH" | wc -l)" -gt "1" ]; then
|
if [ "$_preferred_chain" ]; then
|
||||||
_debug "Found cert chain"
|
_cert_issuer=$(_get_cert_issuer "$CA_CERT_PATH")
|
||||||
cat "$CERT_PATH" >"$CERT_FULLCHAIN_PATH"
|
_debug _cert_issuer "$_cert_issuer"
|
||||||
_end_n="$(grep -n -- "$END_CERT" "$CERT_FULLCHAIN_PATH" | _head_n 1 | cut -d : -f 1)"
|
if ! _match_issuer "$CA_CERT_PATH" "$_preferred_chain"; then
|
||||||
_debug _end_n "$_end_n"
|
rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)"
|
||||||
sed -n "1,${_end_n}p" "$CERT_FULLCHAIN_PATH" >"$CERT_PATH"
|
_debug2 "rels" "$rels"
|
||||||
_end_n="$(_math $_end_n + 1)"
|
for rel in $rels; do
|
||||||
sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH"
|
_info "Try rel: $rel"
|
||||||
|
if ! _send_signed_request "$rel"; then
|
||||||
|
_err "Sign failed, can not download cert:$rel"
|
||||||
|
_err "$response"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
_relcert="$CERT_PATH.alt"
|
||||||
|
_relfullchain="$CERT_FULLCHAIN_PATH.alt"
|
||||||
|
_relca="$CA_CERT_PATH.alt"
|
||||||
|
echo "$response" >"$_relcert"
|
||||||
|
_split_cert_chain "$_relcert" "$_relfullchain" "$_relca"
|
||||||
|
if _match_issuer "$_relca" "$_preferred_chain"; then
|
||||||
|
_info "Matched issuer in: $rel"
|
||||||
|
cat $_relcert >"$CERT_PATH"
|
||||||
|
cat $_relfullchain >"$CERT_FULLCHAIN_PATH"
|
||||||
|
cat $_relca >"$CA_CERT_PATH"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
|
if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
|
||||||
_err "Sign failed. $response"
|
_err "Sign failed. $response"
|
||||||
@ -4934,6 +4967,22 @@ $_authorizations_map"
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#in_out_cert out_fullchain out out_ca
|
||||||
|
_split_cert_chain() {
|
||||||
|
_certf="$1"
|
||||||
|
_fullchainf="$2"
|
||||||
|
_caf="$3"
|
||||||
|
if [ "$(grep -- "$BEGIN_CERT" "$_certf" | wc -l)" -gt "1" ]; then
|
||||||
|
_debug "Found cert chain"
|
||||||
|
cat "$_certf" >"$_fullchainf"
|
||||||
|
_end_n="$(grep -n -- "$END_CERT" "$_fullchainf" | _head_n 1 | cut -d : -f 1)"
|
||||||
|
_debug _end_n "$_end_n"
|
||||||
|
sed -n "1,${_end_n}p" "$_fullchainf" >"$_certf"
|
||||||
|
_end_n="$(_math $_end_n + 1)"
|
||||||
|
sed -n "${_end_n},9999p" "$_fullchainf" >"$_caf"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
#domain [isEcc]
|
#domain [isEcc]
|
||||||
renew() {
|
renew() {
|
||||||
Le_Domain="$1"
|
Le_Domain="$1"
|
||||||
@ -4994,7 +5043,7 @@ renew() {
|
|||||||
Le_PreHook="$(_readdomainconf Le_PreHook)"
|
Le_PreHook="$(_readdomainconf Le_PreHook)"
|
||||||
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
||||||
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
|
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
|
||||||
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
|
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain"
|
||||||
res="$?"
|
res="$?"
|
||||||
if [ "$res" != "0" ]; then
|
if [ "$res" != "0" ]; then
|
||||||
return "$res"
|
return "$res"
|
||||||
@ -5228,13 +5277,17 @@ showcsr() {
|
|||||||
_info "KeyLength=$_csrkeylength"
|
_info "KeyLength=$_csrkeylength"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#listraw domain
|
||||||
list() {
|
list() {
|
||||||
_raw="$1"
|
_raw="$1"
|
||||||
|
_domain="$2"
|
||||||
_initpath
|
_initpath
|
||||||
|
|
||||||
_sep="|"
|
_sep="|"
|
||||||
if [ "$_raw" ]; then
|
if [ "$_raw" ]; then
|
||||||
|
if [ -z "$_domain" ]; then
|
||||||
printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}CA${_sep}Created${_sep}Renew"
|
printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}CA${_sep}Created${_sep}Renew"
|
||||||
|
fi
|
||||||
for di in "${CERT_HOME}"/*.*/; do
|
for di in "${CERT_HOME}"/*.*/; do
|
||||||
d=$(basename "$di")
|
d=$(basename "$di")
|
||||||
_debug d "$d"
|
_debug d "$d"
|
||||||
@ -5247,15 +5300,21 @@ list() {
|
|||||||
if [ -f "$DOMAIN_CONF" ]; then
|
if [ -f "$DOMAIN_CONF" ]; then
|
||||||
. "$DOMAIN_CONF"
|
. "$DOMAIN_CONF"
|
||||||
_ca="$(_getCAShortName "$Le_API")"
|
_ca="$(_getCAShortName "$Le_API")"
|
||||||
|
if [ -z "$_domain" ]; then
|
||||||
printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$_ca${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
|
printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$_ca${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
|
||||||
|
else
|
||||||
|
if [ "$_domain" = "$d" ]; then
|
||||||
|
cat "$DOMAIN_CONF"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
)
|
)
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
if _exists column; then
|
if _exists column; then
|
||||||
list "raw" | column -t -s "$_sep"
|
list "raw" "$_domain" | column -t -s "$_sep"
|
||||||
else
|
else
|
||||||
list "raw" | tr "$_sep" '\t'
|
list "raw" "$_domain" | tr "$_sep" '\t'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -6369,19 +6428,34 @@ Commands:
|
|||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
||||||
--challenge-alias domain.tld The challenge domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
|
--challenge-alias domain.tld The challenge domain alias for DNS alias mode.
|
||||||
--domain-alias domain.tld The domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
|
See: $_DNS_ALIAS_WIKI
|
||||||
|
|
||||||
|
--domain-alias domain.tld The domain alias for DNS alias mode.
|
||||||
|
See: $_DNS_ALIAS_WIKI
|
||||||
|
|
||||||
|
--preferred-chain CHAIN If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
|
||||||
|
If no match, the default offered chain will be used. (default: empty)
|
||||||
|
See: $_PREFERRED_CHAIN_WIKI
|
||||||
|
|
||||||
--force, -f Used to force to install or force to renew a cert immediately.
|
--force, -f Used to force to install or force to renew a cert immediately.
|
||||||
--staging, --test Use staging server, just for test.
|
--staging, --test Use staging server, just for test.
|
||||||
--debug Output debug info.
|
--debug Output debug info.
|
||||||
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
|
--output-insecure Output all the sensitive messages.
|
||||||
|
By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
|
||||||
|
|
||||||
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
||||||
--standalone Use standalone mode.
|
--standalone Use standalone mode.
|
||||||
--alpn Use standalone alpn mode.
|
--alpn Use standalone alpn mode.
|
||||||
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
--stateless Use stateless mode.
|
||||||
|
See: $_STATELESS_WIKI
|
||||||
|
|
||||||
--apache Use apache mode.
|
--apache Use apache mode.
|
||||||
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
--dns [dns_hook] Use dns mode or dns api.
|
||||||
--dnssleep 300 The time in seconds to wait for all the txt records to take effect in dns api mode. It's not necessary to use this by default, $PROJECT_NAME polls dns status automatically.
|
See: $_DNS_API_WIKI
|
||||||
|
|
||||||
|
--dnssleep 300 The time in seconds to wait for all the txt records to propagate in dns api mode.
|
||||||
|
It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically.
|
||||||
|
|
||||||
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
|
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
|
||||||
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
|
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
|
||||||
@ -6402,7 +6476,9 @@ Parameters:
|
|||||||
|
|
||||||
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
|
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
|
||||||
|
|
||||||
--server SERVER ACME Directory Resource URI. See: $_SERVER_WIKI (default: $DEFAULT_CA)
|
--server SERVER ACME Directory Resource URI. (default: $DEFAULT_CA)
|
||||||
|
See: $_SERVER_WIKI
|
||||||
|
|
||||||
--accountconf Specifies a customized account config file.
|
--accountconf Specifies a customized account config file.
|
||||||
--home Specifies the home dir for $PROJECT_NAME.
|
--home Specifies the home dir for $PROJECT_NAME.
|
||||||
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
||||||
@ -6419,7 +6495,9 @@ Parameters:
|
|||||||
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
||||||
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
|
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate.
|
||||||
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl.
|
||||||
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
--nocron Only valid for '--install' command, which means: do not install the default cron job.
|
||||||
|
In this case, the certs will not be renewed automatically.
|
||||||
|
|
||||||
--noprofile Only valid for '--install' command, which means: do not install aliases to user profile.
|
--noprofile Only valid for '--install' command, which means: do not install aliases to user profile.
|
||||||
--no-color Do not output color text.
|
--no-color Do not output color text.
|
||||||
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
|
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
|
||||||
@ -6436,7 +6514,9 @@ Parameters:
|
|||||||
--listen-v6 Force standalone/tls server to listen at ipv6.
|
--listen-v6 Force standalone/tls server to listen at ipv6.
|
||||||
--openssl-bin Specifies a custom openssl bin location.
|
--openssl-bin Specifies a custom openssl bin location.
|
||||||
--use-wget Force to use wget, if you have both curl and wget installed.
|
--use-wget Force to use wget, if you have both curl and wget installed.
|
||||||
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode: $_DNS_MANUAL_WIKI
|
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode.
|
||||||
|
See: $_DNS_MANUAL_WIKI
|
||||||
|
|
||||||
--branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to.
|
--branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to.
|
||||||
|
|
||||||
--notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
|
--notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
|
||||||
@ -6444,11 +6524,15 @@ Parameters:
|
|||||||
1: send notifications only when there is an error.
|
1: send notifications only when there is an error.
|
||||||
2: send notifications when a cert is successfully renewed, or there is an error.
|
2: send notifications when a cert is successfully renewed, or there is an error.
|
||||||
3: send notifications when a cert is skipped, renewed, or error.
|
3: send notifications when a cert is skipped, renewed, or error.
|
||||||
|
|
||||||
--notify-mode 0|1 Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
|
--notify-mode 0|1 Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
|
||||||
0: Bulk mode. Send all the domain's notifications in one message(mail).
|
0: Bulk mode. Send all the domain's notifications in one message(mail).
|
||||||
1: Cert mode. Send a message for every single cert.
|
1: Cert mode. Send a message for every single cert.
|
||||||
|
|
||||||
--notify-hook [hookname] Set the notify hook
|
--notify-hook [hookname] Set the notify hook
|
||||||
--revoke-reason [0-10] The reason for '--revoke' command. See: $_REVOKE_WIKI
|
--revoke-reason [0-10] The reason for '--revoke' command.
|
||||||
|
See: $_REVOKE_WIKI
|
||||||
|
|
||||||
|
|
||||||
"
|
"
|
||||||
}
|
}
|
||||||
@ -6595,6 +6679,9 @@ _selectServer() {
|
|||||||
#url
|
#url
|
||||||
_getCAShortName() {
|
_getCAShortName() {
|
||||||
caurl="$1"
|
caurl="$1"
|
||||||
|
if [ -z "$caurl" ]; then
|
||||||
|
caurl="$DEFAULT_CA"
|
||||||
|
fi
|
||||||
caurl_lower="$(echo $caurl | _lower_case)"
|
caurl_lower="$(echo $caurl | _lower_case)"
|
||||||
_sindex=0
|
_sindex=0
|
||||||
for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do
|
for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do
|
||||||
@ -6676,6 +6763,7 @@ _process() {
|
|||||||
_revoke_reason=""
|
_revoke_reason=""
|
||||||
_eab_kid=""
|
_eab_kid=""
|
||||||
_eab_hmac_key=""
|
_eab_hmac_key=""
|
||||||
|
_preferred_chain=""
|
||||||
while [ ${#} -gt 0 ]; do
|
while [ ${#} -gt 0 ]; do
|
||||||
case "${1}" in
|
case "${1}" in
|
||||||
|
|
||||||
@ -7166,6 +7254,10 @@ _process() {
|
|||||||
_eab_hmac_key="$2"
|
_eab_hmac_key="$2"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--preferred-chain)
|
||||||
|
_preferred_chain="$2"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
_err "Unknown parameter : $1"
|
_err "Unknown parameter : $1"
|
||||||
return 1
|
return 1
|
||||||
@ -7232,7 +7324,7 @@ _process() {
|
|||||||
uninstall) uninstall "$_nocron" ;;
|
uninstall) uninstall "$_nocron" ;;
|
||||||
upgrade) upgrade ;;
|
upgrade) upgrade ;;
|
||||||
issue)
|
issue)
|
||||||
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
|
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain"
|
||||||
;;
|
;;
|
||||||
deploy)
|
deploy)
|
||||||
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
||||||
@ -7271,7 +7363,7 @@ _process() {
|
|||||||
deactivateaccount
|
deactivateaccount
|
||||||
;;
|
;;
|
||||||
list)
|
list)
|
||||||
list "$_listraw"
|
list "$_listraw" "$_domain"
|
||||||
;;
|
;;
|
||||||
installcronjob) installcronjob "$_confighome" ;;
|
installcronjob) installcronjob "$_confighome" ;;
|
||||||
uninstallcronjob) uninstallcronjob ;;
|
uninstallcronjob) uninstallcronjob ;;
|
||||||
|
Loading…
Reference in New Issue
Block a user