@ -1,6 +1,6 @@
#!/usr/bin/env sh
VER = 2.7.3
VER = 2.7.4
PROJECT_NAME = "acme.sh"
@ -100,6 +100,10 @@ _PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations"
_STATELESS_WIKI = "https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode"
_DNS_MANUAL_ERR = "The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
_DNS_MANUAL_WARN = " It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR "
__INTERACTIVE = ""
if [ -t 1 ] ; then
__INTERACTIVE = "1"
@ -160,11 +164,11 @@ _dlg_versions() {
echo "nginx doesn't exists."
fi
echo " nc :"
if _exists " nc "; then
nc -h 2>& 1
echo " socat :"
if _exists " socat "; then
socat -h 2>& 1
else
_debug " nc doesn't exists."
_debug " socat doesn't exists."
fi
}
@ -1367,6 +1371,10 @@ _time2str() {
echo " $_t_s_a "
fi
#Busybox
if echo " $1 " | awk '{ print strftime("%c", $0); }' 2>/dev/null; then
return
fi
}
_normalizeJson( ) {
@ -1806,7 +1814,13 @@ _send_signed_request() {
_CACHED_NONCE = " $( echo " $responseHeaders " | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2) "
if _contains " $response " "JWS has invalid anti-replay nonce" ; then
_body = " $response "
if [ " $needbase64 " ] ; then
_body = " $( echo " $_body " | _dbase64) "
_debug2 _body " $_body "
fi
if _contains " $_body " "JWS has invalid anti-replay nonce" ; then
_info "It seems the CA server is busy now, let's wait and retry."
_request_retry_times = $( _math " $_request_retry_times " + 1)
_sleep 5
@ -1959,68 +1973,22 @@ _startserver() {
_debug "ncaddr" " $ncaddr "
_debug " startserver: $$ "
nchelp = " $( nc -h 2>& 1) "
_debug Le_HTTPPort " $Le_HTTPPort "
_debug Le_Listen_V4 " $Le_Listen_V4 "
_debug Le_Listen_V6 " $Le_Listen_V6 "
_NC = "nc"
_NC = "socat"
if [ " $Le_Listen_V4 " ] ; then
_NC = " $_NC -4 "
elif [ " $Le_Listen_V6 " ] ; then
_NC = " $_NC -6 "
fi
if [ " $Le_Listen_V4 $Le_Listen_V6 $ncaddr " ] ; then
if ! _contains " $nchelp " "-4" ; then
_err "The nc doesn't support '-4', '-6' or local-address, please install 'netcat-openbsd' and try again."
_err " See $( __green $_PREPARE_LINK ) "
return 1
fi
fi
if echo " $nchelp " | grep "\-q[ ,]" >/dev/null; then
_NC = " $_NC -q 1 -l $ncaddr "
else
if echo " $nchelp " | grep "GNU netcat" >/dev/null && echo " $nchelp " | grep "\-c, \-\-close" >/dev/null; then
_NC = " $_NC -c -l $ncaddr "
elif echo " $nchelp " | grep "\-N" | grep "Shutdown the network socket after EOF on stdin" >/dev/null; then
_NC = " $_NC -N -l $ncaddr "
else
_NC = " $_NC -l $ncaddr "
fi
fi
_debug "_NC" " $_NC "
#for centos ncat
if _contains " $nchelp " "nmap.org" ; then
_debug "Using ncat: nmap.org"
if ! _exec " printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \" $content \" | $_NC \" $Le_HTTPPort \" >&2 " ; then
_exec_err
return 1
fi
if [ " $DEBUG " ] ; then
_exec_err
fi
return
fi
# while true ; do
if ! _exec " printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \" $content \" | $_NC -p \" $Le_HTTPPort \" >&2 " ; then
_exec " printf \"%s\r\n\r\n%s\" \"HTTP/1.1 200 OK\" \" $content \" | $_NC \" $Le_HTTPPort \" >&2 "
fi
if [ " $? " != "0" ] ; then
_err "nc listen error."
_exec_err
exit 1
fi
if [ " $DEBUG " ] ; then
_exec_err
fi
# done
#todo listen address
$_NC TCP-LISTEN:$Le_HTTPPort ,crlf,reuseaddr,fork SYSTEM:" sleep 0.5; echo HTTP/1.1 200 OK; echo ; echo $content ; echo; " &
serverproc = " $! "
}
_stopserver( ) {
@ -2030,25 +1998,8 @@ _stopserver() {
return
fi
_debug2 "Le_HTTPPort" " $Le_HTTPPort "
if [ " $Le_HTTPPort " ] ; then
if [ " $DEBUG " ] && [ " $DEBUG " -gt "3" ] ; then
_get " http://localhost: $Le_HTTPPort " "" 1
else
_get " http://localhost: $Le_HTTPPort " "" 1 >/dev/null 2>& 1
fi
fi
kill $pid
_debug2 "Le_TLSPort" " $Le_TLSPort "
if [ " $Le_TLSPort " ] ; then
if [ " $DEBUG " ] && [ " $DEBUG " -gt "3" ] ; then
_get " https://localhost: $Le_TLSPort " "" 1
_get " https://localhost: $Le_TLSPort " "" 1
else
_get " https://localhost: $Le_TLSPort " "" 1 >/dev/null 2>& 1
_get " https://localhost: $Le_TLSPort " "" 1 >/dev/null 2>& 1
fi
fi
}
# sleep sec
@ -2103,7 +2054,7 @@ _starttlsserver() {
return 1
fi
__S_OPENSSL = " ${ ACME_OPENSSL_BIN :- openssl } s_server - cert $TLS_CERT -key $TLS_KEY "
__S_OPENSSL = " ${ ACME_OPENSSL_BIN :- openssl } s_server - www - cert $TLS_CERT -key $TLS_KEY "
if [ " $opaddr " ] ; then
__S_OPENSSL = " $__S_OPENSSL -accept $opaddr : $port "
else
@ -2120,9 +2071,9 @@ _starttlsserver() {
_debug " $__S_OPENSSL "
if [ " $DEBUG " ] && [ " $DEBUG " -ge "2" ] ; then
( printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" " $content " | $__S_OPENSSL -tlsextdebug) &
$__S_OPENSSL -tlsextdebug &
else
( printf "%s\r\n\r\n%s" "HTTP/1.1 200 OK" " $content " | $__S_OPENSSL >/dev/null 2>& 1) &
$__S_OPENSSL >/dev/null 2>& 1 &
fi
serverproc = " $! "
@ -2298,6 +2249,7 @@ _initpath() {
fi
fi
_debug2 ACME_DIRECTORY " $ACME_DIRECTORY "
_ACME_SERVER_HOST = " $( echo " $ACME_DIRECTORY " | cut -d : -f 2 | tr -s / | cut -d / -f 2) "
_debug2 "_ACME_SERVER_HOST" " $_ACME_SERVER_HOST "
@ -2935,8 +2887,8 @@ _on_before_issue() {
fi
if _hasfield " $_chk_web_roots " " $NO_VALUE " ; then
if ! _exists " nc "; then
_err "Please install netcat(nc) tools first."
if ! _exists " socat "; then
_err "Please install socat tools first."
return 1
fi
fi
@ -3042,6 +2994,10 @@ _on_issue_err() {
)
fi
if [ " $IS_RENEW " = "1" ] && _hasfield " $Le_Webroot " "dns" ; then
_err " $_DNS_MANUAL_ERR "
fi
if [ " $DEBUG " ] && [ " $DEBUG " -gt "0" ] ; then
_debug " $( _dlg_versions) "
fi
@ -3074,6 +3030,10 @@ _on_issue_success() {
fi
fi
if _hasfield " $Le_Webroot " "dns" ; then
_err " $_DNS_MANUAL_WARN "
fi
}
updateaccount( ) {
@ -3175,7 +3135,7 @@ _regAccount() {
fi
if [ " $code " = '202' ] ; then
_info "Update account tos info success."
echo " $response " >" $ACCOUNT_JSON_PATH "
CA_KEY_HASH = " $( __calcAccountKeyHash) "
_debug "Calc CA_KEY_HASH" " $CA_KEY_HASH "
_savecaconf CA_KEY_HASH " $CA_KEY_HASH "
@ -3649,13 +3609,12 @@ issue() {
_info "Standalone mode server"
_ncaddr = " $( _getfield " $_local_addr " " $_ncIndex " ) "
_ncIndex = " $( _math $_ncIndex + 1) "
_startserver " $keyauthorization " " $_ncaddr " &
_startserver " $keyauthorization " " $_ncaddr "
if [ " $? " != "0" ] ; then
_clearup
_on_issue_err " $_post_hook " " $vlist "
return 1
fi
serverproc = " $! "
sleep 1
_debug serverproc " $serverproc "
elif [ " $_currentRoot " = " $MODE_STATELESS " ] ; then
@ -3990,7 +3949,10 @@ issue() {
Le_NextRenewTime = $( _math " $Le_NextRenewTime " - 86400)
_savedomainconf "Le_NextRenewTime" " $Le_NextRenewTime "
_on_issue_success " $_post_hook " " $_renew_hook "
if ! _on_issue_success " $_post_hook " " $_renew_hook " ; then
_err "Call hook error."
return 1
fi
if [ " $_real_cert $_real_key $_real_ca $_reload_cmd $_real_fullchain " ] ; then
_savedomainconf "Le_RealCertPath" " $_real_cert "
@ -4417,15 +4379,19 @@ _installcert() {
installcronjob( ) {
_c_home = " $1 "
_initpath
if ! _exists "crontab" ; then
_err "crontab doesn't exist, so, we can not install cron jobs."
_CRONTAB = "crontab"
if ! _exists " $_CRONTAB " && _exists "fcrontab" ; then
_CRONTAB = "fcrontab"
fi
if ! _exists " $_CRONTAB " ; then
_err "crontab/fcrontab doesn't exist, so, we can not install cron jobs."
_err "All your certs will not be renewed automatically."
_err " You must add your own cron job to call ' $PROJECT_ENTRY --cron' everyday. "
return 1
fi
_info "Installing cron job"
if ! crontab -l | grep " $PROJECT_ENTRY --cron " ; then
if ! $_CRONTAB -l | grep " $PROJECT_ENTRY --cron " ; then
if [ -f " $LE_WORKING_DIR / $PROJECT_ENTRY " ] ; then
lesh = " \" $LE_WORKING_DIR \"/ $PROJECT_ENTRY "
else
@ -4439,15 +4405,15 @@ installcronjob() {
_t = $( _time)
random_minute = $( _math $_t % 60)
if _exists uname && uname -a | grep SunOS >/dev/null; then
crontab -l | {
$_CRONTAB -l | {
cat
echo " $random_minute 0 * * * $lesh --cron --home \" $LE_WORKING_DIR \" $_c_entry > /dev/null "
} | crontab --
} | $_CRONTAB --
else
crontab -l | {
$_CRONTAB -l | {
cat
echo " $random_minute 0 * * * $lesh --cron --home \" $LE_WORKING_DIR \" $_c_entry > /dev/null "
} | crontab -
} | $_CRONTAB -
fi
fi
if [ " $? " != "0" ] ; then
@ -4459,16 +4425,21 @@ installcronjob() {
}
uninstallcronjob( ) {
if ! _exists "crontab" ; then
_CRONTAB = "crontab"
if ! _exists " $_CRONTAB " && _exists "fcrontab" ; then
_CRONTAB = "fcrontab"
fi
if ! _exists " $_CRONTAB " ; then
return
fi
_info "Removing cron job"
cr = " $( crontab -l | grep " $PROJECT_ENTRY --cron " ) "
cr = " $( $_CRONTAB -l | grep " $PROJECT_ENTRY --cron " ) "
if [ " $cr " ] ; then
if _exists uname && uname -a | grep solaris >/dev/null; then
crontab -l | sed " / $PROJECT_ENTRY --cron/d " | crontab --
$_CRONTAB -l | sed " / $PROJECT_ENTRY --cron/d " | $_CRONTAB --
else
crontab -l | sed " / $PROJECT_ENTRY --cron/d " | crontab -
$_CRONTAB -l | sed " / $PROJECT_ENTRY --cron/d " | $_CRONTAB -
fi
LE_WORKING_DIR = " $( echo " $cr " | cut -d ' ' -f 9 | tr -d '"' ) "
_info LE_WORKING_DIR " $LE_WORKING_DIR "
@ -4745,7 +4716,7 @@ _precheck() {
fi
if [ -z " $_nocron " ] ; then
if ! _exists "crontab" ; then
if ! _exists "crontab" && ! _exists "fcrontab" ; then
_err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'."
_err "We need to set cron job to renew the certs automatically."
_err "Otherwise, your certs will not be able to be renewed automatically."
@ -4763,9 +4734,9 @@ _precheck() {
return 1
fi
if ! _exists " nc "; then
_err "It is recommended to install nc first, try to install 'nc' or 'netcat' ."
_err "We use nc for standalone server if you use standalone mode."
if ! _exists " socat "; then
_err "It is recommended to install socat first ."
_err "We use socat for standalone server if you use standalone mode."
_err "If you don't use standalone mode, just ignore this warning."
fi
@ -4865,9 +4836,11 @@ install() {
_debug "Skip install cron job"
fi
if ! _precheck " $_nocron " ; then
_err "Pre-check failed, can not install."
return 1
if [ " $IN_CRON " != "1" ] ; then
if ! _precheck " $_nocron " ; then
_err "Pre-check failed, can not install."
return 1
fi
fi
if [ -z " $_c_home " ] && [ " $LE_CONFIG_HOME " != " $LE_WORKING_DIR " ] ; then
@ -4920,7 +4893,9 @@ install() {
_info " Installed to $LE_WORKING_DIR / $PROJECT_ENTRY "
_installalias " $_c_home "
if [ " $IN_CRON " != "1" ] ; then
_installalias " $_c_home "
fi
for subf in $_SUB_FOLDERS ; do
if [ -d " $subf " ] ; then
@ -5010,7 +4985,7 @@ _uninstallalias() {
}
cron( ) {
IN_CRON = 1
export IN_CRON = 1
_initpath
_info " $( __green "===Starting cron===" ) "
if [ " $AUTO_UPGRADE " = "1" ] ; then