1 week ago · 40290ad42a
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,6 +15,8 @@ RUN apk --no-cache add -f \
 
				   jq \
			
 
				   cronie
			
 
				 
			
 
				+ENV LE_WORKING_DIR=/acmebin
			
 
				+
			
 
				 ENV LE_CONFIG_HOME=/acme.sh
			
 
				 
			
 
				 ARG AUTO_UPGRADE=1
			
@@ -30,7 +32,7 @@ COPY ./notify /install_acme.sh/notify
 
				 RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/
			
 
				 
			
 
				 
			
 
				-RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh && crontab -l | grep acme.sh | sed 's#> /dev/null#> /proc/1/fd/1 2>/proc/1/fd/2#' | crontab -
			
 
				+RUN ln -s $LE_WORKING_DIR/acme.sh /usr/local/bin/acme.sh && crontab -l | grep acme.sh | sed 's#> /dev/null#> /proc/1/fd/1 2>/proc/1/fd/2#' | crontab -
			
 
				 
			
 
				 RUN for verb in help \
			
 
				   version \
			
@@ -64,7 +66,7 @@ RUN for verb in help \
 
				   set-default-ca \
			
 
				   set-default-chain \
			
 
				   ; do \
			
 
				-    printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
			
 
				+    printf -- "%b" "#!/usr/bin/env sh\n$LE_WORKING_DIR/acme.sh --${verb} --config-home $LE_CONFIG_HOME \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
			
 
				   ; done
			
 
				 
			
 
				 RUN printf "%b" '#!'"/usr/bin/env sh\n \
			
@@ -72,7 +74,7 @@ if [ \"\$1\" = \"daemon\" ];  then \n \
 
				  exec crond -n -s -m off \n \
			
 
				 else \n \
			
 
				  exec -- \"\$@\"\n \
			
 
				-fi\n" >/entry.sh && chmod +x /entry.sh
			
 
				+fi\n" >/entry.sh && chmod +x /entry.sh && chmod -R o+rwx $LE_WORKING_DIR && chmod -R o+rwx $LE_CONFIG_HOME
			
 
				 
			
 
				 VOLUME /acme.sh
			
 
				 
			
--- a/acme.sh
+++ b/acme.sh
@@ -5242,6 +5242,16 @@ $_authorizations_map"
 
				         return 1
			
 
				       fi
			
 
				       break
			
 
				+    elif _contains "$response" "\"ready\""; then
			
 
				+      _info "Order status is 'ready', let's sleep and retry."
			
 
				+      _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r')
			
 
				+      _debug "_retryafter" "$_retryafter"
			
 
				+      if [ "$_retryafter" ]; then
			
 
				+        _info "Sleeping for $_retryafter seconds then retrying"
			
 
				+        _sleep $_retryafter
			
 
				+      else
			
 
				+        _sleep 2
			
 
				+      fi
			
 
				     elif _contains "$response" "\"processing\""; then
			
 
				       _info "Order status is 'processing', let's sleep and retry."
			
 
				       _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r')
			
--- a/deploy/panos.sh
+++ b/deploy/panos.sh
@@ -16,6 +16,7 @@
 
				 #    export PANOS_TEMPLATE="" # Template Name of panorama managed devices
			
 
				 #    export PANOS_TEMPLATE_STACK="" # set a Template Stack if certificate should also be pushed automatically
			
 
				 #    export PANOS_VSYS="Shared"  # name of the vsys to import the certificate
			
 
				+#    export PANOS_CERTNAME="" # use a custom certificate name to work around Panorama's 31-character limit
			
 
				 #
			
 
				 # The script will automatically generate a new API key if
			
 
				 # no key is found, or if a saved key has expired or is invalid.
			
@@ -89,7 +90,7 @@ deployer() {
 
				     if [ "$type" = 'cert' ]; then
			
 
				       panos_url="${panos_url}?type=import"
			
 
				       content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
			
 
				-      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
			
 
				+      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_panos_certname"
			
 
				       content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
			
 
				       content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
			
 
				       content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
			
@@ -103,11 +104,11 @@ deployer() {
 
				     if [ "$type" = 'key' ]; then
			
 
				       panos_url="${panos_url}?type=import"
			
 
				       content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
			
 
				-      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
			
 
				+      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_panos_certname"
			
 
				       content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
			
 
				       content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
			
 
				       content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
			
 
				-      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
			
 
				+      content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_panos_certname.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
			
 
				       if [ "$_panos_template" ]; then
			
 
				         content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
			
 
				       fi
			
@@ -242,6 +243,15 @@ panos_deploy() {
 
				     _getdeployconf PANOS_VSYS
			
 
				   fi
			
 
				 
			
 
				+  # PANOS_CERTNAME
			
 
				+  if [ "$PANOS_CERTNAME" ]; then
			
 
				+    _debug "Detected ENV variable PANOS_CERTNAME. Saving to file."
			
 
				+    _savedeployconf PANOS_CERTNAME "$PANOS_CERTNAME" 1
			
 
				+  else
			
 
				+    _debug "Attempting to load variable PANOS_CERTNAME from file."
			
 
				+    _getdeployconf PANOS_CERTNAME
			
 
				+  fi
			
 
				+
			
 
				   #Store variables
			
 
				   _panos_host=$PANOS_HOST
			
 
				   _panos_user=$PANOS_USER
			
@@ -249,6 +259,7 @@ panos_deploy() {
 
				   _panos_template=$PANOS_TEMPLATE
			
 
				   _panos_template_stack=$PANOS_TEMPLATE_STACK
			
 
				   _panos_vsys=$PANOS_VSYS
			
 
				+  _panos_certname=$PANOS_CERTNAME
			
 
				 
			
 
				   #Test API Key if found.  If the key is invalid, the variable _panos_key will be unset.
			
 
				   if [ "$_panos_host" ] && [ "$_panos_key" ]; then
			
@@ -267,6 +278,12 @@ panos_deploy() {
 
				     _err "No password found. If this is your first time deploying, please set PANOS_PASS in ENV variables. You can delete it after you have successfully deployed the certs."
			
 
				     return 1
			
 
				   else
			
 
				+    # Use certificate name based on the first domain on the certificate if no custom certificate name is set
			
 
				+    if [ -z "$_panos_certname" ]; then
			
 
				+      _panos_certname="$_cdomain"
			
 
				+      _savedeployconf PANOS_CERTNAME "$_panos_certname" 1
			
 
				+    fi
			
 
				+
			
 
				     # Generate a new API key if no valid API key is found
			
 
				     if [ -z "$_panos_key" ]; then
			
 
				       _debug "**** Generating new PANOS API KEY ****"