Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
Apq
/
acme.sh
-ын хуулбар https://github.com/acmesh-official/acme.sh.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Merge pull request #4365 from acmesh-official/dev

sync
neil 3 жил өмнө
parent
ff8de34415 1c16931e26
commit
7221d488e5
2 өөрчлөгдсөн 39 нэмэгдсэн , 7 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 38 6
      acme.sh
  2. 1 1
      deploy/synology_dsm.sh

+ 38 - 6
acme.sh
Файл харах 

@@ -2257,12 +2257,18 @@ _setopt() {
 
   if [ ! -f "$__conf" ]; then
 
     touch "$__conf"
 
   fi
 
+  if [ -n "$(tail -c 1 <"$__conf")" ]; then
 
+    echo >>"$__conf"
 
+  fi
 
 
   if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then
 
     _debug3 OK
 
     if _contains "$__val" "&"; then
 
       __val="$(echo "$__val" | sed 's/&/\\&/g')"
 
     fi
 
+    if _contains "$__val" "|"; then
 
+      __val="$(echo "$__val" | sed 's/|/\\|/g')"
 
+    fi
 
     text="$(cat "$__conf")"
 
     printf -- "%s\n" "$text" | sed "s|^$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf"
 
 
@@ -2270,6 +2276,9 @@ _setopt() {
 
     if _contains "$__val" "&"; then
 
       __val="$(echo "$__val" | sed 's/&/\\&/g')"
 
     fi
 
+    if _contains "$__val" "|"; then
 
+      __val="$(echo "$__val" | sed 's/|/\\|/g')"
 
+    fi
 
     text="$(cat "$__conf")"
 
     printf -- "%s\n" "$text" | sed "s|^#$__opt$__sep.*$|$__opt$__sep$__val$__end|" >"$__conf"
 
 
@@ -4414,6 +4423,7 @@ issue() {
 
     _debug "_saved_account_key_hash is not changed, skip register account."
 
   fi
 
 
+  export Le_Next_Domain_Key="$CERT_KEY_PATH.next"
 
   if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then
 
     _info "Signing from existing CSR."
 
   else
 
@@ -4426,14 +4436,30 @@ issue() {
 
     fi
 
     _debug "Read key length:$_key"
 
     if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then
 
-      if ! createDomainKey "$_main_domain" "$_key_length"; then
 
-        _err "Create domain key error."
 
-        _clearup
 
-        _on_issue_err "$_post_hook"
 
+      if [ "$Le_ForceNewDomainKey" = "1" ] && [ -f "$Le_Next_Domain_Key" ]; then
 
+        _info "Using pre generated key: $Le_Next_Domain_Key"
 
+        cat "$Le_Next_Domain_Key" >"$CERT_KEY_PATH"
 
+        echo "" >"$Le_Next_Domain_Key"
 
+      else
 
+        if ! createDomainKey "$_main_domain" "$_key_length"; then
 
+          _err "Create domain key error."
 
+          _clearup
 
+          _on_issue_err "$_post_hook"
 
+          return 1
 
+        fi
 
+      fi
 
+    fi
 
+    if [ "$Le_ForceNewDomainKey" ]; then
 
+      _info "Generate next pre-generate key."
 
+      if [ ! -e "$Le_Next_Domain_Key" ]; then
 
+        touch "$Le_Next_Domain_Key"
 
+        chmod 600 "$Le_Next_Domain_Key"
 
+      fi
 
+      if ! _createkey "$_key_length" "$Le_Next_Domain_Key"; then
 
+        _err "Can not pre generate domain key"
 
         return 1
 
       fi
 
     fi
 
-
 
     if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
 
       _err "Create CSR error."
 
       _clearup
 
@@ -5169,6 +5195,9 @@ $_authorizations_map"
 
 
   [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
 
   [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"
 
+  if [ "$Le_ForceNewDomainKey" ] && [ -e "$Le_Next_Domain_Key" ]; then
 
+    _info "Your pre-generated next key for future cert key change is in: $(__green "$Le_Next_Domain_Key")"
 
+  fi
 
 
   Le_CertCreateTime=$(_time)
 
   _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime"
 
@@ -5743,7 +5772,8 @@ installcert() {
 
   _savedomainconf "Le_RealKeyPath" "$_real_key"
 
   _savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
 
   _savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
 
-
 
+  export Le_ForceNewDomainKey="$(_readdomainconf Le_ForceNewDomainKey)"
 
+  export Le_Next_Domain_Key
 
   _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
 
 }
 
 
@@ -5835,6 +5865,8 @@ _installcert() {
 
       export CA_CERT_PATH
 
       export CERT_FULLCHAIN_PATH
 
       export Le_Domain="$_main_domain"
 
+      export Le_ForceNewDomainKey
 
+      export Le_Next_Domain_Key
 
       cd "$DOMAIN_PATH" && eval "$_reload_cmd"
 
     ); then
 
       _info "$(__green "Reload success")"

+ 1 - 1
deploy/synology_dsm.sh
Файл харах 

@@ -108,7 +108,7 @@ synology_dsm_deploy() {
 
     _debug3 H1 "${_H1}"
 
   fi
 
 
-  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
 
+  response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code&device_name=certrenewal&device_id=$SYNO_DID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
 
   token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
 
   _debug3 response "$response"
 
   _debug token "$token"