mirror of
https://github.com/hiskang/acme.sh
synced 2025-10-31 10:27:22 +00:00
Support domain alias mode
This commit is contained in:
neilpang
parent
da0bd5a9dc
commit
875625b147
@ -76,6 +76,7 @@ https://github.com/Neilpang/acmetest
|
|||||||
- Apache mode
|
- Apache mode
|
||||||
- Nginx mode ( Beta )
|
- Nginx mode ( Beta )
|
||||||
- DNS mode
|
- DNS mode
|
||||||
|
- [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode)
|
||||||
- [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode)
|
- [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
63
acme.sh
63
acme.sh
@ -105,6 +105,8 @@ _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
|
|||||||
|
|
||||||
_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
|
_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
|
||||||
|
|
||||||
|
_DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode"
|
||||||
|
|
||||||
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
||||||
|
|
||||||
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
||||||
@ -2845,8 +2847,9 @@ _clearupdns() {
|
|||||||
_debug "skip dns."
|
_debug "skip dns."
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
_info "Removing DNS records."
|
||||||
ventries=$(echo "$vlist" | tr ',' ' ')
|
ventries=$(echo "$vlist" | tr ',' ' ')
|
||||||
|
_alias_index=1
|
||||||
for ventry in $ventries; do
|
for ventry in $ventries; do
|
||||||
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
||||||
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
||||||
@ -2860,7 +2863,7 @@ _clearupdns() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$vtype" != "$VTYPE_DNS" ]; then
|
if [ "$vtype" != "$VTYPE_DNS" ]; then
|
||||||
_info "Skip $d for $vtype"
|
_debug "Skip $d for $vtype"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -2888,7 +2891,15 @@ _clearupdns() {
|
|||||||
if _startswith "$_dns_root_d" "*."; then
|
if _startswith "$_dns_root_d" "*."; then
|
||||||
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
||||||
fi
|
fi
|
||||||
txtdomain="_acme-challenge.$_dns_root_d"
|
|
||||||
|
_d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
|
||||||
|
_alias_index="$(_math "$_alias_index" + 1)"
|
||||||
|
_debug "_d_alias" "$_d_alias"
|
||||||
|
if [ "$_d_alias" ]; then
|
||||||
|
txtdomain="_acme-challenge.$_d_alias"
|
||||||
|
else
|
||||||
|
txtdomain="_acme-challenge.$_dns_root_d"
|
||||||
|
fi
|
||||||
|
|
||||||
if ! $rmcommand "$txtdomain" "$txt"; then
|
if ! $rmcommand "$txtdomain" "$txt"; then
|
||||||
_err "Error removing txt for domain:$txtdomain"
|
_err "Error removing txt for domain:$txtdomain"
|
||||||
@ -3370,7 +3381,7 @@ issue() {
|
|||||||
_post_hook="${11}"
|
_post_hook="${11}"
|
||||||
_renew_hook="${12}"
|
_renew_hook="${12}"
|
||||||
_local_addr="${13}"
|
_local_addr="${13}"
|
||||||
|
_challenge_alias="${14}"
|
||||||
#remove these later.
|
#remove these later.
|
||||||
if [ "$_web_roots" = "dns-cf" ]; then
|
if [ "$_web_roots" = "dns-cf" ]; then
|
||||||
_web_roots="dns_cf"
|
_web_roots="dns_cf"
|
||||||
@ -3423,7 +3434,13 @@ issue() {
|
|||||||
else
|
else
|
||||||
_cleardomainconf "Le_LocalAddress"
|
_cleardomainconf "Le_LocalAddress"
|
||||||
fi
|
fi
|
||||||
|
if [ "$_challenge_alias" ]; then
|
||||||
|
_savedomainconf "Le_ChallengeAlias" "$_challenge_alias"
|
||||||
|
else
|
||||||
|
_cleardomainconf "Le_ChallengeAlias"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
Le_API="$ACME_DIRECTORY"
|
Le_API="$ACME_DIRECTORY"
|
||||||
_savedomainconf "Le_API" "$Le_API"
|
_savedomainconf "Le_API" "$Le_API"
|
||||||
|
|
||||||
@ -3640,6 +3657,7 @@ $_authorizations_map"
|
|||||||
#add entry
|
#add entry
|
||||||
dnsadded=""
|
dnsadded=""
|
||||||
ventries=$(echo "$vlist" | tr "$dvsep" ' ')
|
ventries=$(echo "$vlist" | tr "$dvsep" ' ')
|
||||||
|
_alias_index=1;
|
||||||
for ventry in $ventries; do
|
for ventry in $ventries; do
|
||||||
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
d=$(echo "$ventry" | cut -d "$sep" -f 1)
|
||||||
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
|
||||||
@ -3657,7 +3675,14 @@ $_authorizations_map"
|
|||||||
if _startswith "$_dns_root_d" "*."; then
|
if _startswith "$_dns_root_d" "*."; then
|
||||||
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
|
||||||
fi
|
fi
|
||||||
txtdomain="_acme-challenge.$_dns_root_d"
|
_d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
|
||||||
|
_alias_index="$(_math "$_alias_index" + 1)"
|
||||||
|
_debug "_d_alias" "$_d_alias"
|
||||||
|
if [ "$_d_alias" ]; then
|
||||||
|
txtdomain="_acme-challenge.$_d_alias"
|
||||||
|
else
|
||||||
|
txtdomain="_acme-challenge.$_dns_root_d"
|
||||||
|
fi
|
||||||
_debug txtdomain "$txtdomain"
|
_debug txtdomain "$txtdomain"
|
||||||
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
|
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
|
||||||
_debug txt "$txt"
|
_debug txt "$txt"
|
||||||
@ -4210,7 +4235,7 @@ renew() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
IS_RENEW="1"
|
IS_RENEW="1"
|
||||||
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress"
|
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
|
||||||
res="$?"
|
res="$?"
|
||||||
if [ "$res" != "0" ]; then
|
if [ "$res" != "0" ]; then
|
||||||
return "$res"
|
return "$res"
|
||||||
@ -4274,6 +4299,17 @@ signcsr() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
_real_cert="$3"
|
||||||
|
_real_key="$4"
|
||||||
|
_real_ca="$5"
|
||||||
|
_reload_cmd="$6"
|
||||||
|
_real_fullchain="$7"
|
||||||
|
_pre_hook="${8}"
|
||||||
|
_post_hook="${9}"
|
||||||
|
_renew_hook="${10}"
|
||||||
|
_local_addr="${11}"
|
||||||
|
_challenge_alias="${12}"
|
||||||
|
|
||||||
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
|
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
_err "Can not read subject from csr: $_csrfile"
|
_err "Can not read subject from csr: $_csrfile"
|
||||||
@ -4319,7 +4355,7 @@ signcsr() {
|
|||||||
_info "Copy csr to: $CSR_PATH"
|
_info "Copy csr to: $CSR_PATH"
|
||||||
cp "$_csrfile" "$CSR_PATH"
|
cp "$_csrfile" "$CSR_PATH"
|
||||||
|
|
||||||
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength"
|
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5293,6 +5329,7 @@ Commands:
|
|||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc.
|
||||||
|
--challenge-alias domain.tld The domain alis for DNS alias mode: $_DNS_ALIAS_WIKI
|
||||||
--force, -f Used to force to install or force to renew a cert immediately.
|
--force, -f Used to force to install or force to renew a cert immediately.
|
||||||
--staging, --test Use staging server, just for test.
|
--staging, --test Use staging server, just for test.
|
||||||
--debug Output debug info.
|
--debug Output debug info.
|
||||||
@ -5443,6 +5480,7 @@ _process() {
|
|||||||
_domain=""
|
_domain=""
|
||||||
_altdomains="$NO_VALUE"
|
_altdomains="$NO_VALUE"
|
||||||
_webroot=""
|
_webroot=""
|
||||||
|
_challenge_alias=""
|
||||||
_keylength=""
|
_keylength=""
|
||||||
_accountkeylength=""
|
_accountkeylength=""
|
||||||
_cert_file=""
|
_cert_file=""
|
||||||
@ -5632,6 +5670,11 @@ _process() {
|
|||||||
fi
|
fi
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--challenge-alias)
|
||||||
|
cvalue="$2"
|
||||||
|
_challenge_alias="$_challenge_alias$cvalue,"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
--standalone)
|
--standalone)
|
||||||
wvalue="$NO_VALUE"
|
wvalue="$NO_VALUE"
|
||||||
if [ -z "$_webroot" ]; then
|
if [ -z "$_webroot" ]; then
|
||||||
@ -5953,13 +5996,13 @@ _process() {
|
|||||||
uninstall) uninstall "$_nocron" ;;
|
uninstall) uninstall "$_nocron" ;;
|
||||||
upgrade) upgrade ;;
|
upgrade) upgrade ;;
|
||||||
issue)
|
issue)
|
||||||
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address"
|
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
|
||||||
;;
|
;;
|
||||||
deploy)
|
deploy)
|
||||||
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
||||||
;;
|
;;
|
||||||
signcsr)
|
signcsr)
|
||||||
signcsr "$_csr" "$_webroot"
|
signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
|
||||||
;;
|
;;
|
||||||
showcsr)
|
showcsr)
|
||||||
showcsr "$_csr" "$_domain"
|
showcsr "$_csr" "$_domain"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user