flywithu/acme.sh
1
0
Fork 0
mirror of https://github.com/hiskang/acme.sh synced 2025-10-30 18:07:15 +00:00
Code Issues Releases Wiki Activity

support Standalone server

Browse Source
This commit is contained in:
neil 2016-01-05 21:54:38 +08:00
parent 7d076cfcea
commit 67afa94047
1 changed files with 70 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
le.sh
View File

@ -1,17 +1,12 @@
#!/bin/bash #!/bin/bash
WORKING_DIR=~/.le
CURL_HEADER=""
HEADER=""
HEADERPLACE=""
ACCOUNT_EMAIL=""
DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
API=$DEFAULT_CA API="$DEFAULT_CA"
AGREEMENT="$DEFAULT_AGREEMENT"
_debug() { _debug() {
@ -213,8 +208,35 @@ _setopt() {
_debug "$(grep -H -n "^$__opt$__sep" $__conf)" _debug "$(grep -H -n "^$__opt$__sep" $__conf)"
} }
_startserver() {
content="$1"
while true ; do
if [ -z "$DEBUG" ] ; then
echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 > /dev/null
else
echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80
fi
done
}
_stopserver() {
pid="$1"
if [ "$pid" ] ; then
if [ -z "$DEBUG" ] ; then
kill -s 9 $pid 2>&1
killall -s 9 nc 2>&1
else
kill -s 9 $pid 2>&1 > /dev/null
killall -s 9 nc 2>&1 > /dev/null
fi
fi
}
_initpath() { _initpath() {
if [ -z "$WORKING_DIR" ]; then
WORKING_DIR=~/.le WORKING_DIR=~/.le
fi
domain=$1 domain=$1
mkdir -p $WORKING_DIR mkdir -p $WORKING_DIR
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
@ -260,10 +282,24 @@ issue() {
fi fi
fi fi
if [ -z "$Le_Webroot" ] ; then if [ "$Le_Webroot" == "no" ] ; then
echo Usage: $0 webroot a.com [b.com,c.com] [key-length] _info "Standalone mode."
if ! command -v "nc" > /dev/null ; then
_err "Please install netcat(nc) tools first."
return 1 return 1
fi fi
if ! command -v "netstat" > /dev/null ; then
_err "Please install netstat first."
return 1
fi
netprc="$(netstat -antpl | grep ':80 ')"
if [ "$netprc" ] ; then
_err "$netprc"
_err "tcp port 80 is already used by $(echo "$netprc" | cut -d '/' -f 2)"
_err "Please stop it first"
return 1
fi
fi
createAccountKey $Le_Domain $Le_Keylength createAccountKey $Le_Domain $Le_Keylength
@ -294,9 +330,9 @@ issue() {
_info "Registering account" _info "Registering account"
regjson='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}' regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}'
if [ "$ACCOUNT_EMAIL" ] ; then if [ "$ACCOUNT_EMAIL" ] ; then
regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}' regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
fi fi
_send_signed_request "$API/acme/new-reg" "$regjson" _send_signed_request "$API/acme/new-reg" "$regjson"
@ -337,13 +373,20 @@ issue() {
keyauthorization="$token.$thumbprint" keyauthorization="$token.$thumbprint"
_debug keyauthorization "$keyauthorization" _debug keyauthorization "$keyauthorization"
if [ "$Le_Webroot" == "no" ] ; then
_info "Standalone mode server"
_startserver "$keyauthorization" & 2>&1 >/dev/null
serverproc="$!"
sleep 2
_debug serverproc $serverproc
else
wellknown_path="$Le_Webroot/.well-known/acme-challenge" wellknown_path="$Le_Webroot/.well-known/acme-challenge"
_debug wellknown_path "$wellknown_path" _debug wellknown_path "$wellknown_path"
mkdir -p "$wellknown_path" mkdir -p "$wellknown_path"
wellknown_path="$wellknown_path/$token" wellknown_path="$wellknown_path/$token"
echo -n "$keyauthorization" > $wellknown_path echo -n "$keyauthorization" > $wellknown_path
fi
wellknown_url="http://$d/.well-known/acme-challenge/$token" wellknown_url="http://$d/.well-known/acme-challenge/$token"
_debug wellknown_url "$wellknown_url" _debug wellknown_url "$wellknown_url"
@ -352,6 +395,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
_err "challenge error: $d" _err "challenge error: $d"
_stopserver $serverproc
return 1 return 1
fi fi
@ -362,6 +406,7 @@ issue() {
if ! _get $uri ; then if ! _get $uri ; then
_err "Verify error:$resource" _err "Verify error:$resource"
_stopserver $serverproc
return 1 return 1
fi fi
@ -374,6 +419,7 @@ issue() {
if [ "$status" == "invalid" ] ; then if [ "$status" == "invalid" ] ; then
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
_err "Verify error:$error" _err "Verify error:$error"
_stopserver $serverproc
return 1; return 1;
fi fi
@ -381,10 +427,12 @@ issue() {
_info "Verify pending:$d" _info "Verify pending:$d"
else else
_err "Verify error:$response" _err "Verify error:$response"
_stopserver $serverproc
return 1 return 1
fi fi
done done
_stopserver $serverproc
done done
_info "Verify finished, start to sign." _info "Verify finished, start to sign."