flywithu/acme.sh
1
0
Fork 0
mirror of https://github.com/hiskang/acme.sh synced 2025-11-03 20:07:43 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1316 from Neilpang/alias

Browse Source 
Alias
This commit is contained in:
neil 2018-03-01 22:38:05 +08:00 committed by GitHub
commit 61eaa44cf8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 67 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -76,6 +76,7 @@ https://github.com/Neilpang/acmetest
- Apache mode - Apache mode
- Nginx mode - Nginx mode
- DNS mode - DNS mode
- [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode)
- [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode) - [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode)

75
acme.sh
View File

@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
NO_VALUE="no" NO_VALUE="no"
W_TLS="tls" W_TLS="tls"
DNS_ALIAS_PREFIX="="
MODE_STATELESS="stateless" MODE_STATELESS="stateless"
@ -105,6 +106,8 @@ _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode" _STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
_DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode"
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR" _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@ -2859,8 +2862,9 @@ _clearupdns() {
_debug "skip dns." _debug "skip dns."
return return
fi fi
_info "Removing DNS records."
ventries=$(echo "$vlist" | tr ',' ' ') ventries=$(echo "$vlist" | tr ',' ' ')
_alias_index=1
for ventry in $ventries; do for ventry in $ventries; do
d=$(echo "$ventry" | cut -d "$sep" -f 1) d=$(echo "$ventry" | cut -d "$sep" -f 1)
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
@ -2874,7 +2878,7 @@ _clearupdns() {
fi fi
if [ "$vtype" != "$VTYPE_DNS" ]; then if [ "$vtype" != "$VTYPE_DNS" ]; then
_info "Skip $d for $vtype" _debug "Skip $d for $vtype"
continue continue
fi fi
@ -2902,7 +2906,19 @@ _clearupdns() {
if _startswith "$_dns_root_d" "*."; then if _startswith "$_dns_root_d" "*."; then
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')" _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
fi fi
txtdomain="_acme-challenge.$_dns_root_d"
_d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
_alias_index="$(_math "$_alias_index" + 1)"
_debug "_d_alias" "$_d_alias"
if [ "$_d_alias" ]; then
if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
else
txtdomain="_acme-challenge.$_d_alias"
fi
else
txtdomain="_acme-challenge.$_dns_root_d"
fi
if ! $rmcommand "$txtdomain" "$txt"; then if ! $rmcommand "$txtdomain" "$txt"; then
_err "Error removing txt for domain:$txtdomain" _err "Error removing txt for domain:$txtdomain"
@ -3384,7 +3400,7 @@ issue() {
_post_hook="${11}" _post_hook="${11}"
_renew_hook="${12}" _renew_hook="${12}"
_local_addr="${13}" _local_addr="${13}"
_challenge_alias="${14}"
#remove these later. #remove these later.
if [ "$_web_roots" = "dns-cf" ]; then if [ "$_web_roots" = "dns-cf" ]; then
_web_roots="dns_cf" _web_roots="dns_cf"
@ -3437,6 +3453,11 @@ issue() {
else else
_cleardomainconf "Le_LocalAddress" _cleardomainconf "Le_LocalAddress"
fi fi
if [ "$_challenge_alias" ]; then
_savedomainconf "Le_ChallengeAlias" "$_challenge_alias"
else
_cleardomainconf "Le_ChallengeAlias"
fi
Le_API="$ACME_DIRECTORY" Le_API="$ACME_DIRECTORY"
_savedomainconf "Le_API" "$Le_API" _savedomainconf "Le_API" "$Le_API"
@ -3658,6 +3679,7 @@ $_authorizations_map"
#add entry #add entry
dnsadded="" dnsadded=""
ventries=$(echo "$vlist" | tr "$dvsep" ' ') ventries=$(echo "$vlist" | tr "$dvsep" ' ')
_alias_index=1
for ventry in $ventries; do for ventry in $ventries; do
d=$(echo "$ventry" | cut -d "$sep" -f 1) d=$(echo "$ventry" | cut -d "$sep" -f 1)
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2) keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
@ -3675,7 +3697,18 @@ $_authorizations_map"
if _startswith "$_dns_root_d" "*."; then if _startswith "$_dns_root_d" "*."; then
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')" _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
fi fi
txtdomain="_acme-challenge.$_dns_root_d" _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
_alias_index="$(_math "$_alias_index" + 1)"
_debug "_d_alias" "$_d_alias"
if [ "$_d_alias" ]; then
if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
else
txtdomain="_acme-challenge.$_d_alias"
fi
else
txtdomain="_acme-challenge.$_dns_root_d"
fi
_debug txtdomain "$txtdomain" _debug txtdomain "$txtdomain"
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)" txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
_debug txt "$txt" _debug txt "$txt"
@ -4228,7 +4261,7 @@ renew() {
fi fi
IS_RENEW="1" IS_RENEW="1"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
res="$?" res="$?"
if [ "$res" != "0" ]; then if [ "$res" != "0" ]; then
return "$res" return "$res"
@ -4292,6 +4325,17 @@ signcsr() {
return 1 return 1
fi fi
_real_cert="$3"
_real_key="$4"
_real_ca="$5"
_reload_cmd="$6"
_real_fullchain="$7"
_pre_hook="${8}"
_post_hook="${9}"
_renew_hook="${10}"
_local_addr="${11}"
_challenge_alias="${12}"
_csrsubj=$(_readSubjectFromCSR "$_csrfile") _csrsubj=$(_readSubjectFromCSR "$_csrfile")
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_err "Can not read subject from csr: $_csrfile" _err "Can not read subject from csr: $_csrfile"
@ -4337,7 +4381,7 @@ signcsr() {
_info "Copy csr to: $CSR_PATH" _info "Copy csr to: $CSR_PATH"
cp "$_csrfile" "$CSR_PATH" cp "$_csrfile" "$CSR_PATH"
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias"
} }
@ -5312,6 +5356,8 @@ Commands:
Parameters: Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc. --domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias domain.tld The challenge domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
--domain-alias domain.tld The domain alias for DNS alias mode: $_DNS_ALIAS_WIKI
--force, -f Used to force to install or force to renew a cert immediately. --force, -f Used to force to install or force to renew a cert immediately.
--staging, --test Use staging server, just for test. --staging, --test Use staging server, just for test.
--debug Output debug info. --debug Output debug info.
@ -5463,6 +5509,7 @@ _process() {
_domain="" _domain=""
_altdomains="$NO_VALUE" _altdomains="$NO_VALUE"
_webroot="" _webroot=""
_challenge_alias=""
_keylength="" _keylength=""
_accountkeylength="" _accountkeylength=""
_cert_file="" _cert_file=""
@ -5652,6 +5699,16 @@ _process() {
fi fi
shift shift
;; ;;
--challenge-alias)
cvalue="$2"
_challenge_alias="$_challenge_alias$cvalue,"
shift
;;
--domain-alias)
cvalue="$DNS_ALIAS_PREFIX$2"
_challenge_alias="$_challenge_alias$cvalue,"
shift
;;
--standalone) --standalone)
wvalue="$NO_VALUE" wvalue="$NO_VALUE"
if [ -z "$_webroot" ]; then if [ -z "$_webroot" ]; then
@ -5973,13 +6030,13 @@ _process() {
uninstall) uninstall "$_nocron" ;; uninstall) uninstall "$_nocron" ;;
upgrade) upgrade ;; upgrade) upgrade ;;
issue) issue)
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
;; ;;
deploy) deploy)
deploy "$_domain" "$_deploy_hook" "$_ecc" deploy "$_domain" "$_deploy_hook" "$_ecc"
;; ;;
signcsr) signcsr)
signcsr "$_csr" "$_webroot" signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
;; ;;
showcsr) showcsr)
showcsr "$_csr" "$_domain" showcsr "$_csr" "$_domain"