mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-25 06:31:42 +00:00
commit
a58ef94a9c
12
acme.sh
12
acme.sh
@ -1134,12 +1134,17 @@ _readSubjectAltNamesFromCSR() {
|
|||||||
|
|
||||||
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then
|
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then
|
||||||
_debug "AltNames contains subject"
|
_debug "AltNames contains subject"
|
||||||
_dnsAltnames="$(printf "%s" "$_dnsAltnames," | sed "s/DNS:$_csrsubj,//g")"
|
_excapedAlgnames="$(echo "$_dnsAltnames" | tr '*' '#')"
|
||||||
|
_debug _excapedAlgnames "$_excapedAlgnames"
|
||||||
|
_escapedSubject="$(echo "$_csrsubj" | tr '*' '#')"
|
||||||
|
_debug _escapedSubject "$_escapedSubject"
|
||||||
|
_dnsAltnames="$(echo "$_excapedAlgnames," | sed "s/DNS:$_escapedSubject,//g" | tr '#' '*' | sed "s/,\$//g")"
|
||||||
|
_debug _dnsAltnames "$_dnsAltnames"
|
||||||
else
|
else
|
||||||
_debug "AltNames doesn't contain subject"
|
_debug "AltNames doesn't contain subject"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
printf "%s" "$_dnsAltnames" | sed "s/DNS://g"
|
echo "$_dnsAltnames" | sed "s/DNS://g"
|
||||||
}
|
}
|
||||||
|
|
||||||
#_csrfile
|
#_csrfile
|
||||||
@ -1516,7 +1521,8 @@ _calcjwk() {
|
|||||||
JWK_HEADERPLACE_PART1='{"nonce": "'
|
JWK_HEADERPLACE_PART1='{"nonce": "'
|
||||||
JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"'
|
JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"'
|
||||||
else
|
else
|
||||||
_err "Only RSA or EC key is supported."
|
_err "Only RSA or EC key is supported. keyfile=$keyfile"
|
||||||
|
_debug2 "$(cat "$keyfile")"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -146,13 +146,17 @@ Finally, make the DNS server and update Key available to `acme.sh`
|
|||||||
export NSUPDATE_SERVER="dns.example.com"
|
export NSUPDATE_SERVER="dns.example.com"
|
||||||
export NSUPDATE_KEY="/path/to/your/nsupdate.key"
|
export NSUPDATE_KEY="/path/to/your/nsupdate.key"
|
||||||
```
|
```
|
||||||
|
and optionally (depending on DNS server)
|
||||||
|
```
|
||||||
|
export NSUPDATE_ZONE="example.com"
|
||||||
|
```
|
||||||
|
|
||||||
Ok, let's issue a cert now:
|
Ok, let's issue a cert now:
|
||||||
```
|
```
|
||||||
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
|
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
The `NSUPDATE_SERVER`, `NSUPDATE_KEY`, and `NSUPDATE_ZONE` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
|
|
||||||
## 8. Use LuaDNS domain API
|
## 8. Use LuaDNS domain API
|
||||||
|
@ -13,12 +13,24 @@ dns_nsupdate_add() {
|
|||||||
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
|
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
|
||||||
_saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
|
_saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
|
||||||
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
|
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
|
||||||
|
_saveaccountconf NSUPDATE_ZONE "${NSUPDATE_ZONE}"
|
||||||
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
|
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
|
||||||
nsupdate -k "${NSUPDATE_KEY}" <<EOF
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
|
||||||
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
|
||||||
|
if [ -z "${NSUPDATE_ZONE}" ]; then
|
||||||
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
||||||
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
||||||
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
||||||
send
|
send
|
||||||
EOF
|
EOF
|
||||||
|
else
|
||||||
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
||||||
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
||||||
|
zone ${NSUPDATE_ZONE}.
|
||||||
|
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
||||||
|
send
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
_err "error updating domain"
|
_err "error updating domain"
|
||||||
return 1
|
return 1
|
||||||
@ -34,11 +46,22 @@ dns_nsupdate_rm() {
|
|||||||
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
||||||
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
|
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
|
||||||
_info "removing ${fulldomain}. txt"
|
_info "removing ${fulldomain}. txt"
|
||||||
nsupdate -k "${NSUPDATE_KEY}" <<EOF
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_1" ] && nsdebug="-d"
|
||||||
|
[ -n "$DEBUG" ] && [ "$DEBUG" -ge "$DEBUG_LEVEL_2" ] && nsdebug="-D"
|
||||||
|
if [ -z "${NSUPDATE_ZONE}" ]; then
|
||||||
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
||||||
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
||||||
update delete ${fulldomain}. txt
|
update delete ${fulldomain}. txt
|
||||||
send
|
send
|
||||||
EOF
|
EOF
|
||||||
|
else
|
||||||
|
nsupdate -k "${NSUPDATE_KEY}" $nsdebug <<EOF
|
||||||
|
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
|
||||||
|
zone ${NSUPDATE_ZONE}.
|
||||||
|
update delete ${fulldomain}. txt
|
||||||
|
send
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
_err "error updating domain"
|
_err "error updating domain"
|
||||||
return 1
|
return 1
|
||||||
|
Loading…
Reference in New Issue
Block a user