mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-04-29 22:12:44 +00:00
neil
GitHub
commit
73fdf4b957
@ -22,7 +22,11 @@ ARG AUTO_UPGRADE=1
|
||||
ENV AUTO_UPGRADE=$AUTO_UPGRADE
|
||||
|
||||
#Install
|
||||
COPY ./ /install_acme.sh/
|
||||
COPY ./acme.sh /install_acme.sh/acme.sh
|
||||
COPY ./deploy /install_acme.sh/deploy
|
||||
COPY ./dnsapi /install_acme.sh/dnsapi
|
||||
COPY ./notify /install_acme.sh/notify
|
||||
|
||||
RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/
|
||||
|
||||
|
||||
|
||||
15
acme.sh
15
acme.sh
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
VER=3.1.0
|
||||
VER=3.1.1
|
||||
|
||||
PROJECT_NAME="acme.sh"
|
||||
|
||||
@ -921,6 +921,9 @@ _sed_i() {
|
||||
if sed -h 2>&1 | grep "\-i\[SUFFIX]" >/dev/null 2>&1; then
|
||||
_debug "Using sed -i"
|
||||
sed -i "$options" "$filename"
|
||||
elif sed -h 2>&1 | grep "\-i extension" >/dev/null 2>&1; then
|
||||
_debug "Using FreeBSD sed -i"
|
||||
sed -i "" "$options" "$filename"
|
||||
else
|
||||
_debug "No -i support in sed"
|
||||
text="$(cat "$filename")"
|
||||
@ -5002,9 +5005,11 @@ $_authorizations_map"
|
||||
|
||||
_debug "Writing token: $token to $wellknown_path/$token"
|
||||
|
||||
mkdir -p "$wellknown_path"
|
||||
|
||||
if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then
|
||||
# Ensure .well-known is visible to web server user/group
|
||||
# https://github.com/Neilpang/acme.sh/pull/32
|
||||
if ! (umask ugo+rx &&
|
||||
mkdir -p "$wellknown_path" &&
|
||||
printf "%s" "$keyauthorization" >"$wellknown_path/$token"); then
|
||||
_err "$d: Cannot write token to file: $wellknown_path/$token"
|
||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||
_clearup
|
||||
@ -7015,7 +7020,7 @@ Parameters:
|
||||
|
||||
--accountconf <file> Specifies a customized account config file.
|
||||
--home <directory> Specifies the home dir for $PROJECT_NAME.
|
||||
--cert-home <directory> Specifies the home dir to save all the certs, only valid for '--install' command.
|
||||
--cert-home <directory> Specifies the home dir to save all the certs.
|
||||
--config-home <directory> Specifies the home dir to save all the configurations.
|
||||
--useragent <string> Specifies the user agent string. it will be saved for future use too.
|
||||
-m, --email <email> Specifies the account email, only valid for the '--install' and '--update-account' command.
|
||||
|
||||
@ -357,7 +357,7 @@ haproxy_deploy() {
|
||||
_info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
|
||||
fi
|
||||
_socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
|
||||
_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
|
||||
_secure_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
|
||||
eval "${_socat_cert_set_cmd}"
|
||||
_ret=$?
|
||||
if [ "${_ret}" != "0" ]; then
|
||||
|
||||
@ -144,8 +144,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
|
||||
\n/certificate remove [ find name=$_cdomain.cer_1 ];\
|
||||
\n/certificate remove [ find name=$_cdomain.cer_2 ];\
|
||||
\ndelay 1;\
|
||||
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\
|
||||
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\
|
||||
\n/certificate import file-name=\\\"$_cdomain.cer\\\" passphrase=\\\"\\\";\
|
||||
\n/certificate import file-name=\\\"$_cdomain.key\\\" passphrase=\\\"\\\";\
|
||||
\ndelay 1;\
|
||||
\n:do {/file remove $_cdomain.cer; } on-error={ }\
|
||||
\n:do {/file remove $_cdomain.key; } on-error={ }\
|
||||
|
||||
105
dnsapi/dns_freemyip.sh
Normal file
105
dnsapi/dns_freemyip.sh
Normal file
@ -0,0 +1,105 @@
|
||||
#!/usr/bin/env sh
|
||||
# shellcheck disable=SC2034
|
||||
dns_freemyip_info='FreeMyIP.com
|
||||
Site: freemyip.com
|
||||
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_freemyip
|
||||
Options:
|
||||
FREEMYIP_Token API Token
|
||||
Issues: github.com/acmesh-official/acme.sh/issues/{XXXX}
|
||||
Author: Recolic Keghart <root@recolic.net>, @Giova96
|
||||
'
|
||||
|
||||
FREEMYIP_DNS_API="https://freemyip.com/update?"
|
||||
|
||||
################ Public functions ################
|
||||
|
||||
#Usage: dns_freemyip_add fulldomain txtvalue
|
||||
dns_freemyip_add() {
|
||||
fulldomain="$1"
|
||||
txtvalue="$2"
|
||||
|
||||
_info "Add TXT record $txtvalue for $fulldomain using freemyip.com api"
|
||||
|
||||
FREEMYIP_Token="${FREEMYIP_Token:-$(_readaccountconf_mutable FREEMYIP_Token)}"
|
||||
if [ -z "$FREEMYIP_Token" ]; then
|
||||
FREEMYIP_Token=""
|
||||
_err "You don't specify FREEMYIP_Token yet."
|
||||
_err "Please specify your token and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the credentials to the account conf file.
|
||||
_saveaccountconf_mutable FREEMYIP_Token "$FREEMYIP_Token"
|
||||
|
||||
if _is_root_domain_published "$fulldomain"; then
|
||||
_err "freemyip API don't allow you to set multiple TXT record for the same subdomain!"
|
||||
_err "You must apply certificate for only one domain at a time!"
|
||||
_err "===="
|
||||
_err "For example, aaa.yourdomain.freemyip.com and bbb.yourdomain.freemyip.com and yourdomain.freemyip.com ALWAYS share the same TXT record. They will overwrite each other if you apply multiple domain at the same time."
|
||||
_debug "If you are testing this workflow in github pipeline or acmetest, please set TEST_DNS_NO_SUBDOMAIN=1 and TEST_DNS_NO_WILDCARD=1"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# txtvalue must be url-encoded. But it's not necessary for acme txt value.
|
||||
_freemyip_get_until_ok "${FREEMYIP_DNS_API}token=$FREEMYIP_Token&domain=$fulldomain&txt=$txtvalue" 2>&1
|
||||
return $?
|
||||
}
|
||||
|
||||
#Usage: dns_freemyip_rm fulldomain txtvalue
|
||||
dns_freemyip_rm() {
|
||||
fulldomain="$1"
|
||||
txtvalue="$2"
|
||||
|
||||
_info "Delete TXT record $txtvalue for $fulldomain using freemyip.com api"
|
||||
|
||||
FREEMYIP_Token="${FREEMYIP_Token:-$(_readaccountconf_mutable FREEMYIP_Token)}"
|
||||
if [ -z "$FREEMYIP_Token" ]; then
|
||||
FREEMYIP_Token=""
|
||||
_err "You don't specify FREEMYIP_Token yet."
|
||||
_err "Please specify your token and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the credentials to the account conf file.
|
||||
_saveaccountconf_mutable FREEMYIP_Token "$FREEMYIP_Token"
|
||||
|
||||
# Leave the TXT record as empty or "null" to delete the record.
|
||||
_freemyip_get_until_ok "${FREEMYIP_DNS_API}token=$FREEMYIP_Token&domain=$fulldomain&txt=" 2>&1
|
||||
return $?
|
||||
}
|
||||
|
||||
################ Private functions below ################
|
||||
_get_root() {
|
||||
_fmi_d="$1"
|
||||
|
||||
echo "$_fmi_d" | rev | cut -d '.' -f 1-3 | rev
|
||||
}
|
||||
|
||||
# There is random failure while calling freemyip API too fast. This function automatically retry until success.
|
||||
_freemyip_get_until_ok() {
|
||||
_fmi_url="$1"
|
||||
for i in $(seq 1 8); do
|
||||
_debug "HTTP GET freemyip.com API '$_fmi_url', retry $i/8..."
|
||||
_get "$_fmi_url" | tee /dev/fd/2 | grep OK && return 0
|
||||
_sleep 1 # DO NOT send the request too fast
|
||||
done
|
||||
_err "Failed to request freemyip API: $_fmi_url . Server does not say 'OK'"
|
||||
return 1
|
||||
}
|
||||
|
||||
# Verify in public dns if domain is already there.
|
||||
_is_root_domain_published() {
|
||||
_fmi_d="$1"
|
||||
_webroot="$(_get_root "$_fmi_d")"
|
||||
|
||||
_info "Verifying '""$_fmi_d""' freemyip webroot (""$_webroot"") is not published yet"
|
||||
for i in $(seq 1 3); do
|
||||
_debug "'$_webroot' ns lookup, retry $i/3..."
|
||||
if [ "$(_ns_lookup "$_fmi_d" TXT)" ]; then
|
||||
_debug "'$_webroot' already has a TXT record published!"
|
||||
return 0
|
||||
fi
|
||||
_sleep 10 # Give it some time to propagate the TXT record
|
||||
done
|
||||
return 1
|
||||
}
|
||||
@ -34,5 +34,11 @@ dns_he_ddns_add() {
|
||||
_contains "$response" "good" && return 0 || return 1
|
||||
}
|
||||
|
||||
# dns_he_ddns_rm() is not implemented because the API call always updates the
|
||||
# dns_he_ddns_rm() is not doing anything because the API call always updates the
|
||||
# contents of the existing record (that the API key gives access to).
|
||||
|
||||
dns_he_ddns_rm() {
|
||||
fulldomain=$1
|
||||
_debug "Delete TXT record called for '${fulldomain}', not doing anything."
|
||||
return 0
|
||||
}
|
||||
|
||||
2
dnsapi/dns_hetzner.sh
Normal file → Executable file
2
dnsapi/dns_hetzner.sh
Normal file → Executable file
@ -212,7 +212,7 @@ _get_root() {
|
||||
_response_has_error() {
|
||||
unset _response_error
|
||||
|
||||
err_part="$(echo "$response" | _egrep_o '"error":{[^}]*}')"
|
||||
err_part="$(echo "$response" | _egrep_o '"error":\{[^\}]*\}')"
|
||||
|
||||
if [ -n "$err_part" ]; then
|
||||
err_code=$(echo "$err_part" | _egrep_o '"code":[0-9]+' | cut -d : -f 2)
|
||||
|
||||
@ -52,7 +52,7 @@ cqhttp_send() {
|
||||
_finalUrl="$CQHTTP_APIROOT$CQHTTP_APIPATH?access_token=$_access_token&user_id=$_user_id&message=$_message"
|
||||
response="$(_get "$_finalUrl")"
|
||||
|
||||
if [ "$?" = "0" ] && _contains "$response" "\"retcode\":0,\"status\":\"ok\""; then
|
||||
if [ "$?" = "0" ] && _contains "$response" "\"retcode\":0" && _contains "$response" "\"status\":\"ok\""; then
|
||||
_info "QQ send success."
|
||||
return 0
|
||||
fi
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
|
||||
#NTFY_URL="https://ntfy.sh"
|
||||
#NTFY_TOPIC="xxxxxxxxxxxxx"
|
||||
#NTFY_TOKEN="xxxxxxxxxxxxx"
|
||||
|
||||
ntfy_send() {
|
||||
_subject="$1"
|
||||
@ -23,6 +24,12 @@ ntfy_send() {
|
||||
_saveaccountconf_mutable NTFY_TOPIC "$NTFY_TOPIC"
|
||||
fi
|
||||
|
||||
NTFY_TOKEN="${NTFY_TOKEN:-$(_readaccountconf_mutable NTFY_TOKEN)}"
|
||||
if [ "$NTFY_TOKEN" ]; then
|
||||
_saveaccountconf_mutable NTFY_TOKEN "$NTFY_TOKEN"
|
||||
export _H1="Authorization: Bearer $NTFY_TOKEN"
|
||||
fi
|
||||
|
||||
_data="${_subject}. $_content"
|
||||
response="$(_post "$_data" "$NTFY_URL/$NTFY_TOPIC" "" "POST" "")"
|
||||
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
|
||||
#TELEGRAM_BOT_APITOKEN=""
|
||||
#TELEGRAM_BOT_CHATID=""
|
||||
#TELEGRAM_BOT_URLBASE=""
|
||||
|
||||
telegram_send() {
|
||||
_subject="$1"
|
||||
@ -27,6 +28,12 @@ telegram_send() {
|
||||
fi
|
||||
_saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID"
|
||||
|
||||
TELEGRAM_BOT_URLBASE="${TELEGRAM_BOT_URLBASE:-$(_readaccountconf_mutable TELEGRAM_BOT_URLBASE)}"
|
||||
if [ -z "$TELEGRAM_BOT_URLBASE" ]; then
|
||||
TELEGRAM_BOT_URLBASE="https://api.telegram.org"
|
||||
fi
|
||||
_saveaccountconf_mutable TELEGRAM_BOT_URLBASE "$TELEGRAM_BOT_URLBASE"
|
||||
|
||||
_subject="$(printf "%s" "$_subject" | sed 's/\\/\\\\\\\\/g' | sed 's/\]/\\\\\]/g' | sed 's/\([_*[()~`>#+--=|{}.!]\)/\\\\\1/g')"
|
||||
_content="$(printf "%s" "$_content" | sed 's/\\/\\\\\\\\/g' | sed 's/\]/\\\\\]/g' | sed 's/\([_*[()~`>#+--=|{}.!]\)/\\\\\1/g')"
|
||||
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)"
|
||||
@ -38,7 +45,7 @@ telegram_send() {
|
||||
_debug "$_data"
|
||||
|
||||
export _H1="Content-Type: application/json"
|
||||
_telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage"
|
||||
_telegram_bot_url="${TELEGRAM_BOT_URLBASE}/bot${TELEGRAM_BOT_APITOKEN}/sendMessage"
|
||||
if _post "$_data" "$_telegram_bot_url" >/dev/null; then
|
||||
# shellcheck disable=SC2154
|
||||
_message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p')
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user