Skip to content
Permalink
Browse files

Merge pull request #2571 from Neilpang/dev

sync
  • Loading branch information...
Neilpang committed Nov 3, 2019
2 parents 54143ae + eb62387 commit 3d2df3ba93dfcb3eb4510fadd2d33a43f74ff586
@@ -5,7 +5,7 @@
如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
If it is a bug report:
- make sure you are able to repro it on the latest released version.
- make sure you are able to repro it on the latest released version.
You can install the latest version by: `acme.sh --upgrade`
- Search the existing issues.
@@ -28,11 +28,11 @@ script:
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
- cd ..
- git clone https://github.com/Neilpang/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
- git clone --depth 1 https://github.com/Neilpang/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
- if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
- if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi

matrix:
fast_finish: true


@@ -3,6 +3,7 @@ FROM alpine:3.10
RUN apk update -f \
&& apk --no-cache add -f \
openssl \
openssh-client \
coreutils \
bind-tools \
curl \
65 acme.sh
@@ -153,15 +153,15 @@ fi

__green() {
if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[1;31;32m%b\033[0m' "$1"
printf '\33[1;32m%b\33[0m' "$1"
return
fi
printf -- "%b" "$1"
}

__red() {
if [ "${__INTERACTIVE}${ACME_NO_COLOR:-0}" = "10" -o "${ACME_FORCE_COLOR}" = "1" ]; then
printf '\033[1;31;40m%b\033[0m' "$1"
printf '\33[1;31m%b\33[0m' "$1"
return
fi
printf -- "%b" "$1"
@@ -178,7 +178,7 @@ _printargs() {
printf -- "%s" "$1='$2'"
fi
printf "\n"
# return the saved exit status
# return the saved exit status
return "$_exitstatus"
}

@@ -265,6 +265,37 @@ _usage() {
printf "\n" >&2
}

__debug_bash_helper() {
# At this point only do for --debug 3
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -lt "$DEBUG_LEVEL_3" ]; then
echo ""
return
fi
# Return extra debug info when running with bash, otherwise return empty
# string.
if [ -z "${BASH_VERSION}" ]; then
echo ""
return
fi
# We are a bash shell at this point, return the filename, function name, and
# line number as a string
_dbh_saveIFS=$IFS
IFS=" "
# Must use eval or syntax error happens under dash
# Use 'caller 1' as we want one level up the stack as we should be called
# by one of the _debug* functions
eval "_dbh_called=($(caller 1))"
IFS=$_dbh_saveIFS
_dbh_file=${_dbh_called[2]}
if [ -n "${_script_home}" ]; then
# Trim off the _script_home directory name
_dbh_file=${_dbh_file#$_script_home/}
fi
_dbh_function=${_dbh_called[1]}
_dbh_lineno=${_dbh_called[0]}
printf "%-40s " "$_dbh_file:${_dbh_function}:${_dbh_lineno}"
}

_debug() {
if [ "${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}" -ge "$LOG_LEVEL_1" ]; then
_log "$@"
@@ -273,7 +304,8 @@ _debug() {
_syslog "$SYSLOG_DEBUG" "$@"
fi
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_1" ]; then
_printargs "$@" >&2
_bash_debug=$(__debug_bash_helper)
_printargs "${_bash_debug}$@" >&2
fi
}

@@ -306,7 +338,8 @@ _debug2() {
_syslog "$SYSLOG_DEBUG" "$@"
fi
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
_printargs "$@" >&2
_bash_debug=$(__debug_bash_helper)
_printargs "${_bash_debug}$@" >&2
fi
}

@@ -338,7 +371,8 @@ _debug3() {
_syslog "$SYSLOG_DEBUG" "$@"
fi
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_3" ]; then
_printargs "$@" >&2
_bash_debug=$(__debug_bash_helper)
_printargs "${_bash_debug}$@" >&2
fi
}

@@ -3678,7 +3712,7 @@ _ns_purge_cf() {

#checks if cf server is available
_ns_is_available_cf() {
if _get "https://cloudflare-dns.com"; then
if _get "https://cloudflare-dns.com" >/dev/null 2>&1; then
return 0
else
return 1
@@ -4047,7 +4081,18 @@ $_authorizations_map"
fi

if [ "$ACME_VERSION" = "2" ]; then
response="$(echo "$_authorizations_map" | grep "^$(_idn "$d")," | sed "s/$d,//")"
_idn_d="$(_idn "$d")"
_candindates="$(echo "$_authorizations_map" | grep "^$_idn_d,")"
_debug2 _candindates "$_candindates"
if [ "$(echo "$_candindates" | wc -l)" -gt 1 ]; then
for _can in $_candindates; do
if _startswith "$(echo "$_can" | tr '.' '|')" "$(echo "$_idn_d" | tr '.' '|'),"; then
_candindates="$_can"
break
fi
done
fi
response="$(echo "$_candindates" | sed "s/$_idn_d,//")"
_debug2 "response" "$response"
if [ -z "$response" ]; then
_err "get to authz error."
@@ -6059,7 +6104,7 @@ _send_notify() {
_set_notify_hook() {
_nhooks="$1"

_test_subject="Hello, this is notification from $PROJECT_NAME"
_test_subject="Hello, this is a notification from $PROJECT_NAME"
_test_content="If you receive this message, your notification works."

_send_notify "$_test_subject" "$_test_content" "$_nhooks" 0
@@ -6215,7 +6260,7 @@ Parameters:
--branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
0: disabled, no notification will be sent.
0: disabled, no notification will be sent.
1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error.
@@ -77,15 +77,15 @@ gcore_cdn_deploy() {
_debug _regex "$_regex"
_resource=$(echo "$_response" | sed 's/},{/},\n{/g' | _egrep_o "$_regex")
_debug _resource "$_resource"
_regex=".*\"id\":\([0-9]*\),.*$"
_regex=".*\"id\":\([0-9]*\).*\"rules\".*$"
_debug _regex "$_regex"
_resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _resourceId "$_resourceId"
_regex=".*\"sslData\":\([0-9]*\)}.*$"
_regex=".*\"sslData\":\([0-9]*\).*$"
_debug _regex "$_regex"
_sslDataOld=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _sslDataOld "$_sslDataOld"
_regex=".*\"originGroup\":\([0-9]*\),.*$"
_regex=".*\"originGroup\":\([0-9]*\).*$"
_debug _regex "$_regex"
_originGroup=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _originGroup "$_originGroup"
@@ -101,7 +101,7 @@ gcore_cdn_deploy() {
_debug _request "$_request"
_response=$(_post "$_request" "https://api.gcdn.co/sslData")
_debug _response "$_response"
_regex=".*\"id\":\([0-9]*\),.*$"
_regex=".*\"id\":\([0-9]*\).*$"
_debug _regex "$_regex"
_sslDataAdd=$(echo "$_response" | sed -n "s/$_regex/\1/p")
_debug _sslDataAdd "$_sslDataAdd"
@@ -1,6 +1,6 @@
#!/usr/bin/env sh

# Script to create certificate to qiniu.com
# Script to create certificate to qiniu.com
#
# This deployment required following variables
# export QINIU_AK="QINIUACCESSKEY"
@@ -85,7 +85,7 @@ routeros_deploy() {
scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key"
_info "Trying to push cert '$_cfullchain' to router"
scp "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer"
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive
source=\"## generated by routeros deploy script in acme.sh
\n/certificate remove [ find name=$_cdomain.cer_0 ]
\n/certificate remove [ find name=$_cdomain.cer_1 ]
@@ -2,10 +2,10 @@

# Here is a script to deploy cert to hashicorp vault
# (https://www.vaultproject.io/)
#
#
# it requires the vault binary to be available in PATH, and the following
# environment variables:
#
#
# VAULT_PREFIX - this contains the prefix path in vault
# VAULT_ADDR - vault requires this to find your vault server
#
@@ -6,6 +6,8 @@
#AWS_SECRET_ACCESS_KEY="xxxxxxx"

#This is the Amazon Route53 api wrapper for acme.sh
#All `_sleep` commands are included to avoid Route53 throttling, see
#https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests

AWS_HOST="route53.amazonaws.com"
AWS_URL="https://$AWS_HOST"
@@ -43,6 +45,7 @@ dns_aws_add() {
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
_sleep 1
return 1
fi
_debug _domain_id "$_domain_id"
@@ -51,6 +54,7 @@ dns_aws_add() {

_info "Getting existing records for $fulldomain"
if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then
_sleep 1
return 1
fi

@@ -63,6 +67,7 @@ dns_aws_add() {

if [ "$_resource_record" ] && _contains "$response" "$txtvalue"; then
_info "The TXT record already exists. Skipping."
_sleep 1
return 0
fi

@@ -72,9 +77,10 @@ dns_aws_add() {

if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
_info "TXT record updated successfully."
_sleep 1
return 0
fi

_sleep 1
return 1
}

@@ -93,6 +99,7 @@ dns_aws_rm() {
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
_sleep 1
return 1
fi
_debug _domain_id "$_domain_id"
@@ -101,6 +108,7 @@ dns_aws_rm() {

_info "Getting existing records for $fulldomain"
if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then
_sleep 1
return 1
fi

@@ -109,16 +117,18 @@ dns_aws_rm() {
_debug "_resource_record" "$_resource_record"
else
_debug "no records exist, skip"
_sleep 1
return 0
fi

_aws_tmpl_xml="<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\"><ChangeBatch><Changes><Change><Action>DELETE</Action><ResourceRecordSet><ResourceRecords>$_resource_record</ResourceRecords><Name>$fulldomain.</Name><Type>TXT</Type><TTL>300</TTL></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>"

if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
_info "TXT record deleted successfully."
_sleep 1
return 0
fi

_sleep 1
return 1

}
@@ -9,7 +9,7 @@
#
# User must provide login data and URL to DirectAdmin incl. port.
# You can create login key, by using the Login Keys function
# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
# - CMD_API_DNS_CONTROL
# - CMD_API_SHOW_DOMAINS
#
@@ -1,11 +1,11 @@
#!/usr/bin/env sh

# Official Let's Encrypt API for do.de / Domain-Offensive
#
#
# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers
# This API is also available to private customers/individuals
#
# Provide the required LetsEncrypt token like this:
#
# Provide the required LetsEncrypt token like this:
# DO_LETOKEN="FmD408PdqT1E269gUK57"

DO_API="https://www.do.de/api/letsencrypt"
@@ -147,11 +147,11 @@ _dd_soap() {

# build SOAP XML
_xml='<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:tns="urn:'$_urn'"
xmlns:types="urn:'$_urn'/encodedTypes"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:tns="urn:'$_urn'"
xmlns:types="urn:'$_urn'/encodedTypes"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'"$body"'</soap:Body>
</soap:Envelope>'
@@ -127,7 +127,7 @@ dns_euserv_rm() {
else
# find XML block where txtvalue is in. The record_id is allways prior this line!
_endLine=$(echo "$response" | grep -n '>dns_record_content<.*>'"$txtvalue"'<' | cut -d ':' -f 1)
# record_id is the last <name> Tag with a number before the row _endLine, identified by </name><value><struct>
# record_id is the last <name> Tag with a number before the row _endLine, identified by </name><value><struct>
_record_id=$(echo "$response" | sed -n '1,'"$_endLine"'p' | grep '</name><value><struct>' | _tail_n 1 | sed 's/.*<name>\([0-9]*\)<\/name>.*/\1/')
_info "Deleting record"
_euserv_delete_record "$_record_id"
@@ -303,9 +303,9 @@ _freedns_domain_id() {
return 1
fi

domain_id="$(echo "$htmlpage" | tr -d "[:space:]" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
domain_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
| grep "<td>$search_domain</td>\|<td>$search_domain(.*)</td>" \
| _egrep_o "edit\.php\?edit_domain_id=[0-9a-zA-Z]+" \
| sed -n 's/.*\(edit\.php?edit_domain_id=[0-9a-zA-Z]*\).*/\1/p' \
| cut -d = -f 2)"
# The above beauty extracts domain ID from the html page...
# strip out all blank space and new lines. Then insert newlines
@@ -349,17 +349,17 @@ _freedns_data_id() {
return 1
fi

data_id="$(echo "$htmlpage" | tr -d "[:space:]" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
data_id="$(echo "$htmlpage" | tr -d " \t\r\n\v\f" | sed 's/<tr>/@<tr>/g' | tr '@' '\n' \
| grep "<td[a-zA-Z=#]*>$record_type</td>" \
| grep "<ahref.*>$search_domain</a>" \
| _egrep_o "edit\.php\?data_id=[0-9a-zA-Z]+" \
| sed -n 's/.*\(edit\.php?data_id=[0-9a-zA-Z]*\).*/\1/p' \
| cut -d = -f 2)"
# The above beauty extracts data ID from the html page...
# strip out all blank space and new lines. Then insert newlines
# before each table row <tr>
# search for the record type withing each row (e.g. TXT)
# search for the domain within each row (which is within a <a..>
# </a> anchor. And finally extract the domain ID.
# </a> anchor. And finally extract the domain ID.
if [ -n "$data_id" ]; then
printf "%s" "$data_id"
return 0

0 comments on commit 3d2df3b

Please sign in to comment.
You can’t perform that action at this time.