yacloud/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2025-05-10 11:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add --always-force-reuse-domain-key option (opposite of --always-force-new-domain-key)

Browse Source
This commit is contained in:
Marco Arment 2021-03-02 08:32:23 -05:00
parent c33e5bc40f
commit cf83e1847a
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
acme.sh
View File

@ -1480,7 +1480,10 @@ createDomainKey() {
_initpath "$domain" "$_cdl" _initpath "$domain" "$_cdl"
if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then if [ ! -f "$CERT_KEY_PATH" ] || [ ! -s "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$_ACME_IS_RENEW" ]) || [ "$Le_ForceNewDomainKey" = "1" ]; then
if _createkey "$_cdl" "$CERT_KEY_PATH"; then if [ "$Le_ForceReuseDomainKey" = "1" ] ; then
_err "Cannot create new domain key because --always-force-reuse-domain-key is set"
return 1
elif _createkey "$_cdl" "$CERT_KEY_PATH"; then
_savedomainconf Le_Keylength "$_cdl" _savedomainconf Le_Keylength "$_cdl"
_info "The domain key is here: $(__green $CERT_KEY_PATH)" _info "The domain key is here: $(__green $CERT_KEY_PATH)"
return 0 return 0
@ -6551,7 +6554,6 @@ Parameters:
--eab-kid <eab_key_id> Key Identifier for External Account Binding. --eab-kid <eab_key_id> Key Identifier for External Account Binding.
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding. --eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file <file> Path to copy the cert file to after issue/renew.. --cert-file <file> Path to copy the cert file to after issue/renew..
@ -6591,7 +6593,10 @@ Parameters:
--renew-hook <command> Command to be run after each successfully renewed certificate. --renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert --deploy-hook <hookname> The hook file to deploy cert
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension. --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default. --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--always-force-reuse-domain-key When renewing, always reuse the existing private key, and fail if it doesn't exist.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted. --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4. --listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6. --listen-v6 Force standalone/tls server to listen at ipv6.
@ -7233,6 +7238,9 @@ _process() {
shift shift
fi fi
;; ;;
--always-force-reuse-domain-key)
Le_ForceReuseDomainKey=1
;;
--yes-I-know-dns-manual-mode-enough-go-ahead-please) --yes-I-know-dns-manual-mode-enough-go-ahead-please)
export FORCE_DNS_MANUAL=1 export FORCE_DNS_MANUAL=1
;; ;;