mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-06-15 20:32:44 +00:00
Merge 835f8051cd9054f3279ce1fdc5a186c7e4f94557 into 18d10a9c9c34a0de760fdda96772856928c0f5b9
This commit is contained in:
Pedro González Serrano
commit
fa12798678
228
le.sh
228
le.sh
@ -648,31 +648,40 @@ issue() {
|
|||||||
alldomains=$(echo "$Le_Domain,$Le_Alt" | sed "s/,/ /g")
|
alldomains=$(echo "$Le_Domain,$Le_Alt" | sed "s/,/ /g")
|
||||||
for d in $alldomains
|
for d in $alldomains
|
||||||
do
|
do
|
||||||
_info "Geting token for domain" $d
|
# check if domain is already verified for the account
|
||||||
_send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}"
|
_info "Checking if domain is already verified"
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
|
uri=$(echo $d | cut -d $sep -f 3)
|
||||||
_err "new-authz error: $response"
|
if ! _get $uri ; then
|
||||||
_clearup
|
_err "$d:Verify pending"
|
||||||
return 1
|
|
||||||
|
_info "Geting token for domain" $d
|
||||||
|
_send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}"
|
||||||
|
if [ ! -z "$code" ] && [ ! "$code" == '201' ] ; then
|
||||||
|
_err "new-authz error: $response"
|
||||||
|
_clearup
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
entry=$(echo $response | egrep -o '{[^{]*"type":"'$vtype'"[^}]*')
|
||||||
|
_debug entry "$entry"
|
||||||
|
|
||||||
|
token=$(echo "$entry" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g')
|
||||||
|
_debug token $token
|
||||||
|
|
||||||
|
uri=$(echo "$entry" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g')
|
||||||
|
_debug uri $uri
|
||||||
|
|
||||||
|
keyauthorization="$token.$thumbprint"
|
||||||
|
_debug keyauthorization "$keyauthorization"
|
||||||
|
|
||||||
|
dvlist="$d$sep$keyauthorization$sep$uri"
|
||||||
|
_debug dvlist "$dvlist"
|
||||||
|
|
||||||
|
vlist="$vlist$dvlist,"
|
||||||
|
else
|
||||||
|
_info "$d:Already verified"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
entry=$(echo $response | egrep -o '{[^{]*"type":"'$vtype'"[^}]*')
|
|
||||||
_debug entry "$entry"
|
|
||||||
|
|
||||||
token=$(echo "$entry" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g')
|
|
||||||
_debug token $token
|
|
||||||
|
|
||||||
uri=$(echo "$entry" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g')
|
|
||||||
_debug uri $uri
|
|
||||||
|
|
||||||
keyauthorization="$token.$thumbprint"
|
|
||||||
_debug keyauthorization "$keyauthorization"
|
|
||||||
|
|
||||||
dvlist="$d$sep$keyauthorization$sep$uri"
|
|
||||||
_debug dvlist "$dvlist"
|
|
||||||
|
|
||||||
vlist="$vlist$dvlist,"
|
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
#add entry
|
#add entry
|
||||||
@ -758,95 +767,104 @@ issue() {
|
|||||||
d=$(echo $ventry | cut -d $sep -f 1)
|
d=$(echo $ventry | cut -d $sep -f 1)
|
||||||
keyauthorization=$(echo $ventry | cut -d $sep -f 2)
|
keyauthorization=$(echo $ventry | cut -d $sep -f 2)
|
||||||
uri=$(echo $ventry | cut -d $sep -f 3)
|
uri=$(echo $ventry | cut -d $sep -f 3)
|
||||||
_info "Verifying:$d"
|
|
||||||
_debug "d" "$d"
|
# check if domain is already verified for the account
|
||||||
_debug "keyauthorization" "$keyauthorization"
|
_info "Checking if domain is already verified"
|
||||||
_debug "uri" "$uri"
|
if ! _get $uri ; then
|
||||||
removelevel=""
|
_err "$d:Verify pending"
|
||||||
token=""
|
|
||||||
if [ "$vtype" == "$VTYPE_HTTP" ] ; then
|
_info "Verifying:$d"
|
||||||
if [ "$Le_Webroot" == "no" ] ; then
|
_debug "d" "$d"
|
||||||
_info "Standalone mode server"
|
_debug "keyauthorization" "$keyauthorization"
|
||||||
_startserver "$keyauthorization" &
|
_debug "uri" "$uri"
|
||||||
serverproc="$!"
|
removelevel=""
|
||||||
sleep 2
|
token=""
|
||||||
_debug serverproc $serverproc
|
if [ "$vtype" == "$VTYPE_HTTP" ] ; then
|
||||||
else
|
if [ "$Le_Webroot" == "no" ] ; then
|
||||||
if [ -z "$wellknown_path" ] ; then
|
_info "Standalone mode server"
|
||||||
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
|
_startserver "$keyauthorization" &
|
||||||
fi
|
serverproc="$!"
|
||||||
_debug wellknown_path "$wellknown_path"
|
sleep 2
|
||||||
|
_debug serverproc $serverproc
|
||||||
if [ ! -d "$Le_Webroot/.well-known" ] ; then
|
|
||||||
removelevel='1'
|
|
||||||
elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then
|
|
||||||
removelevel='2'
|
|
||||||
else
|
else
|
||||||
removelevel='3'
|
if [ -z "$wellknown_path" ] ; then
|
||||||
|
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
|
||||||
|
fi
|
||||||
|
_debug wellknown_path "$wellknown_path"
|
||||||
|
|
||||||
|
if [ ! -d "$Le_Webroot/.well-known" ] ; then
|
||||||
|
removelevel='1'
|
||||||
|
elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then
|
||||||
|
removelevel='2'
|
||||||
|
else
|
||||||
|
removelevel='3'
|
||||||
|
fi
|
||||||
|
|
||||||
|
token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
|
||||||
|
_debug "writing token:$token to $wellknown_path/$token"
|
||||||
|
|
||||||
|
mkdir -p "$wellknown_path"
|
||||||
|
echo -n "$keyauthorization" > "$wellknown_path/$token"
|
||||||
|
|
||||||
|
webroot_owner=$(stat -c '%U:%G' $Le_Webroot)
|
||||||
|
_debug "Changing owner/group of .well-known to $webroot_owner"
|
||||||
|
chown -R $webroot_owner "$Le_Webroot/.well-known"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
|
|
||||||
_debug "writing token:$token to $wellknown_path/$token"
|
|
||||||
|
|
||||||
mkdir -p "$wellknown_path"
|
|
||||||
echo -n "$keyauthorization" > "$wellknown_path/$token"
|
|
||||||
|
|
||||||
webroot_owner=$(stat -c '%U:%G' $Le_Webroot)
|
|
||||||
_debug "Changing owner/group of .well-known to $webroot_owner"
|
|
||||||
chown -R $webroot_owner "$Le_Webroot/.well-known"
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
|
_send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"
|
||||||
_send_signed_request $uri "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"
|
|
||||||
|
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
_err "$d:Challenge error: $resource"
|
||||||
_err "$d:Challenge error: $resource"
|
|
||||||
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
|
||||||
_clearup
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
while [ "1" ] ; do
|
|
||||||
_debug "sleep 5 secs to verify"
|
|
||||||
sleep 5
|
|
||||||
_debug "checking"
|
|
||||||
|
|
||||||
if ! _get $uri ; then
|
|
||||||
_err "$d:Verify error:$resource"
|
|
||||||
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
|
while [ "1" ] ; do
|
||||||
if [ "$status" == "valid" ] ; then
|
_debug "sleep 5 secs to verify"
|
||||||
_info "Success"
|
sleep 5
|
||||||
_stopserver $serverproc
|
_debug "checking"
|
||||||
serverproc=""
|
|
||||||
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
if ! _get $uri ; then
|
||||||
break;
|
_err "$d:Verify error:$resource"
|
||||||
fi
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
|
_clearup
|
||||||
if [ "$status" == "invalid" ] ; then
|
return 1
|
||||||
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
fi
|
||||||
_err "$d:Verify error:$error"
|
|
||||||
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
|
||||||
_clearup
|
if [ "$status" == "valid" ] ; then
|
||||||
return 1;
|
_info "Success"
|
||||||
fi
|
_stopserver $serverproc
|
||||||
|
serverproc=""
|
||||||
if [ "$status" == "pending" ] ; then
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
_info "Pending"
|
break;
|
||||||
else
|
fi
|
||||||
_err "$d:Verify error:$response"
|
|
||||||
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
if [ "$status" == "invalid" ] ; then
|
||||||
_clearup
|
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
||||||
return 1
|
_err "$d:Verify error:$error"
|
||||||
fi
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
|
_clearup
|
||||||
done
|
return 1;
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$status" == "pending" ] ; then
|
||||||
|
_info "Pending"
|
||||||
|
else
|
||||||
|
_err "$d:Verify error:$response"
|
||||||
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
|
_clearup
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
else
|
||||||
|
_info "$d:Already verified"
|
||||||
|
fi
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
_clearup
|
_clearup
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user