|
|
@@ -32,6 +32,8 @@ CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
|
|
|
CA_GOOGLE="https://dv.acme-v02.api.pki.goog/directory"
|
|
|
CA_GOOGLE_TEST="https://dv.acme-v02.test-api.pki.goog/directory"
|
|
|
|
|
|
+CA_ACTALIS="https://acme-api.actalis.com/acme/directory"
|
|
|
+
|
|
|
DEFAULT_CA=$CA_ZEROSSL
|
|
|
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
|
|
|
|
|
@@ -42,9 +44,10 @@ LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
|
|
|
SSL.com,sslcom
|
|
|
Google.com,google
|
|
|
Google.com_test,googletest,google_test
|
|
|
+Actalis.com,actalis.com,actalis
|
|
|
"
|
|
|
|
|
|
-CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_SSLCOM_RSA,$CA_GOOGLE,$CA_GOOGLE_TEST"
|
|
|
+CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_SSLCOM_RSA,$CA_GOOGLE,$CA_GOOGLE_TEST,$CA_ACTALIS"
|
|
|
|
|
|
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
|
|
|
|
|
|
@@ -175,6 +178,8 @@ _VALIDITY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Validity"
|
|
|
|
|
|
_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
|
|
|
|
|
|
+_PROFILESELECTION_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Profile-selection"
|
|
|
+
|
|
|
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
|
|
|
|
|
|
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
|
|
|
@@ -4429,6 +4434,7 @@ issue() {
|
|
|
_preferred_chain="${15}"
|
|
|
_valid_from="${16}"
|
|
|
_valid_to="${17}"
|
|
|
+ _certificate_profile="${18}"
|
|
|
|
|
|
if [ -z "$_ACME_IS_RENEW" ]; then
|
|
|
_initpath "$_main_domain" "$_key_length"
|
|
|
@@ -4504,6 +4510,11 @@ issue() {
|
|
|
else
|
|
|
_cleardomainconf "Le_Preferred_Chain"
|
|
|
fi
|
|
|
+ if [ "$_certificate_profile" ]; then
|
|
|
+ _savedomainconf "Le_Certificate_Profile" "$_certificate_profile"
|
|
|
+ else
|
|
|
+ _cleardomainconf "Le_Certificate_Profile"
|
|
|
+ fi
|
|
|
|
|
|
Le_API="$ACME_DIRECTORY"
|
|
|
_savedomainconf "Le_API" "$Le_API"
|
|
|
@@ -4636,6 +4647,9 @@ issue() {
|
|
|
if [ "$_notAfter" ]; then
|
|
|
_newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\""
|
|
|
fi
|
|
|
+ if [ "$_certificate_profile" ]; then
|
|
|
+ _newOrderObj="$_newOrderObj,\"profile\": \"$_certificate_profile\""
|
|
|
+ fi
|
|
|
_debug "STEP 1, Ordering a Certificate"
|
|
|
if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then
|
|
|
_err "Error creating new order."
|
|
|
@@ -5514,6 +5528,7 @@ renew() {
|
|
|
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
|
|
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
|
|
|
Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)"
|
|
|
+ Le_Certificate_Profile="$(_readdomainconf Le_Certificate_Profile)"
|
|
|
# When renewing from an old version, the empty Le_Keylength means 2048.
|
|
|
# Note, do not use DEFAULT_DOMAIN_KEY_LENGTH as that value may change over
|
|
|
# time but an empty value implies 2048 specifically.
|
|
|
@@ -5528,7 +5543,7 @@ renew() {
|
|
|
_cleardomainconf Le_OCSP_Staple
|
|
|
fi
|
|
|
fi
|
|
|
- issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To"
|
|
|
+ issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" "$Le_Certificate_Profile"
|
|
|
res="$?"
|
|
|
if [ "$res" != "0" ]; then
|
|
|
return "$res"
|
|
|
@@ -7001,6 +7016,9 @@ Parameters:
|
|
|
If no match, the default offered chain will be used. (default: empty)
|
|
|
See: $_PREFERRED_CHAIN_WIKI
|
|
|
|
|
|
+ --cert-profile, --certificate-profile <profile> If the CA offers profiles, select the desired profile
|
|
|
+ See: $_PROFILESELECTION_WIKI
|
|
|
+
|
|
|
--valid-to <date-time> Request the NotAfter field of the cert.
|
|
|
See: $_VALIDITY_WIKI
|
|
|
--valid-from <date-time> Request the NotBefore field of the cert.
|
|
|
@@ -7376,6 +7394,7 @@ _process() {
|
|
|
_preferred_chain=""
|
|
|
_valid_from=""
|
|
|
_valid_to=""
|
|
|
+ _certificate_profile=""
|
|
|
while [ ${#} -gt 0 ]; do
|
|
|
case "${1}" in
|
|
|
|
|
|
@@ -7694,6 +7713,10 @@ _process() {
|
|
|
_valid_to="$2"
|
|
|
shift
|
|
|
;;
|
|
|
+ --certificate-profile | --cert-profile)
|
|
|
+ _certificate_profile="$2"
|
|
|
+ shift
|
|
|
+ ;;
|
|
|
--httpport)
|
|
|
_httpport="$2"
|
|
|
Le_HTTPPort="$_httpport"
|
|
|
@@ -7969,7 +7992,7 @@ _process() {
|
|
|
uninstall) uninstall "$_nocron" ;;
|
|
|
upgrade) upgrade ;;
|
|
|
issue)
|
|
|
- issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to"
|
|
|
+ issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to" "$_certificate_profile"
|
|
|
;;
|
|
|
deploy)
|
|
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
neil