WebSVN – ALCASAR – Diff – /scripts/alcasar-letsencrypt.sh


#!/bin/bash
#
# $Id: alcasar-letsencrypt.sh 3162 2023-12-14 23:19:39Z rexy $
#
# alcasar-letsencrypt.sh
# by Tom HOUDAYER
#
# This script is distributed under the Gnu General Public License (GPL)
#
# Manage Let's Encrypt for ALCASAR integration
 
CONF_FILE="/usr/local/etc/alcasar-letsencrypt"
 
ACCOUNT_EMAIL=""
DOMAIN=""
DNS_API=""
 
DEBUG=false
STAGING_SERVER=""
FORCE=""
OPT_PARAMS=""
 
ACMESH_HOME="/usr/local/etc/letsencrypt"
ACMESH_BIN="/opt/acme.sh/acme.sh"
 
usage="Usage: alcasar-letsencrypt.sh
       --issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging]
       --renew [-d alcasar.domain.tld] [--force] [--staging]"
 
 
################################################################################
#                                    ISSUE                                     #
################################################################################
issue() {
	if [ ! -f $ACMESH_BIN ]; then
		echo "The client does not seem to be installed."
		return 1
	fi
 
	TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)
 
	if [ ! -z $ACCOUNT_EMAIL ]; then
		emailField=" --accountemail $ACCOUNT_EMAIL"
		sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE
	else
		emailField=""
	fi
 
	$DEBUG && debugOpt=" --debug" || debugOpt=""
	[ ! -z "$DNS_API" ] && dnsApiOpt="$DNS_API" || dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
	$ACMESH_BIN --config-home $ACMESH_HOME/data \
		$STAGING_SERVER $FORCE $debugOpt \
		$emailField \
		--issue --dns $dnsApiOpt -d $DOMAIN \
		$OPT_PARAMS \
		> $TMP_OUTPUT 2>&1
	exitCode=$?
 
	$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"
 
	sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE
	sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE
	sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE
 
	if ! _handle_client_response $TMP_OUTPUT; then
		if [ $exitCode -ne 0 ]; then
			echo -e "Error!\n"
			cat $TMP_OUTPUT
			rm -f $TMP_OUTPUT
			return 1
		else
			echo -e "Unknown state\n"
			cat $TMP_OUTPUT
		fi
	fi
 
	rm -f $TMP_OUTPUT
}
 
 
################################################################################
#                                    RENEW                                     #
################################################################################
renew() {
	if [ ! -f $ACMESH_BIN ]; then
		echo "The client does not seem to be installed."
		return 1
	fi
 
	TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)
 
	$DEBUG && debugOpt=" --debug" || debugOpt=""
	[ ! -z "$DNS_API" ] && dnsApiOpt="" || dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
	$ACMESH_BIN --config-home $ACMESH_HOME/data \
		$STAGING_SERVER $FORCE $debugOpt \
		--renew -d $DOMAIN $dnsApiOpt \
		$OPT_PARAMS \
		> $TMP_OUTPUT 2>&1
	exitCode=$?
 
	$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"
 
	if ! _handle_client_response $TMP_OUTPUT; then
		if [ $exitCode -ne 0 ]; then
			echo -e "Error!\n"
			cat $TMP_OUTPUT
			rm -f $TMP_OUTPUT
			return 1
		else
			echo -e "Unknown state\n"
			cat $TMP_OUTPUT
		fi
	fi
 
	rm -f $TMP_OUTPUT
}
 
 
################################################################################
#                                  CRON TASK                                   #
################################################################################
cron_task() {
	if [ $(grep '^dateNextRenewal=' $CONF_FILE | cut -d'=' -f2) -le $(date +%s) ]; then
		logger -t alcasar-letsencrypt "Launch CRON task."
		renew
	fi
}
 
 
################################################################################
#                            HANDLE CLIENT RESPONSE                            #
################################################################################
_handle_client_response() {
	[ $# -lt 1 ] && return 1
	responseFile=$1
 
	# issue / renew
	if [ $(cat $responseFile | grep "Add the following TXT record:" -c) -ne 0 ]; then
		challenge=$(cat $responseFile | grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o | cut -d"'" -f2)
		sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE
 
		echo "Add the following TXT record:"
		echo "Domain:    '_acme-challenge.$DOMAIN'"
		echo "TXT value: '$challenge'"
	elif [ $(cat $responseFile | grep "Cert success." -c) -ne 0 ]; then
		sed -i "s/^challenge=.*/challenge=/" $CONF_FILE
		sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE
		sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE
 
		install_cert
		logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported."
		echo "Certificate imported."
		[ -z $DNS_API ] && echo "Note: you can delete the TXT record."
	elif [ $(cat $responseFile | grep "Domains not changed." -c) -ne 0 ]; then
		echo "Domain not changed"
	elif [ $(cat $responseFile | grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then
		echo "Domain already verified"
	elif [ $(cat $responseFile | grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then
		echo "Error add txt for domain:_acme-challenge.$DOMAIN"
	elif [ $(cat $responseFile | grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then
		echo "Dns record not added yet, you need to add it manually and retry again."
	elif [ $(cat $responseFile | grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then
		errorMsg=$(cat $responseFile | grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' | sed 's/.*new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}.*/\1/')
		echo "Incorrect domain name"
		echo "$errorMsg"
	elif [ $(cat $responseFile | grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then
		echo "'$DOMAIN' is not a issued domain"
 
	# renew
	elif [ $(cat $responseFile | grep "Skip, Next renewal time is: " -c) -ne 0 ]; then
		nextRenewal=$(cat $responseFile | grep 'Skip, Next renewal time is: ' | sed 's/.*Skip, Next renewal time is: \(.*\)/\1/')
		echo "Skip, Next renewal time is: $nextRenewal"
		echo "Add '--force' to force to renew."
	elif [ $(cat $responseFile | grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then
		echo "Correct value not found for DNS challenge"
	elif [ $(cat $responseFile | grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then
		echo "The challenge is not pending. You need to issue."
	else
		return 2
	fi
 
	return 0
}
 
 
################################################################################
#                             INSTALL CERTIFICATE                              #
################################################################################
install_cert() {
	echo "Importing certificate to ALCASAR..."
 
	if [ ! -f $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".cer ]; then
		echo "Certificate not found."
		return 1
	fi
 
	/usr/local/bin/alcasar-importcert.sh \
		-i $ACMESH_HOME/certs/"$DOMAIN"_ecc/"$DOMAIN".cer \
		-k $ACMESH_HOME/certs/"$DOMAIN"_ecc/"$DOMAIN".key \
		-c $ACMESH_HOME/certs/"$DOMAIN"_ecc/fullchain.cer \
		> /dev/null 2>&1
 
	if [ $? -ne 0 ]; then
		echo "Error."
		return 1
	fi
}
 
 
################################################################################
#                                     MAIN                                     #
################################################################################
 
if [ $# -eq 0 ]; then
	echo "$usage"
	exit 1
fi
 
cmd=""
 
while [ $# -gt 0 ]; do
	case $1 in
		-\? | -h | --help)
			echo "$usage"
			exit 0
			;;
 
		--issue)
			cmd="issue"
			shift 1
			;;
		--renew)
			cmd="renew"
			shift 1
			;;
		--cron)
			cmd="cron"
			shift 1
			;;
		--install-cert)
			cmd="install-cert"
			shift 1
			;;
 
		--email)
			ACCOUNT_EMAIL="$2"
			shift 2
			;;
		--domain | -d)
			DOMAIN="$2"
			shift 2
			;;
		--dns-api)
			DNS_API="$2"
			shift 2
			;;
		--force)
			FORCE="--force"
			shift 1
			;;
		--staging)
			STAGING_SERVER="--staging"
			shift 1
			;;
		--debug)
			DEBUG=true
			shift 1
			;;
 
		*)
			found=false
			for param in "--dnssleep"; do
				if [ $1 == $param ]; then
					OPT_PARAMS="$OPT_PARAMS $1 $2"
					shift 2
					found=true
					break
				fi
			done
 
			if ! $found; then
				echo "Unknown argument: $1"
				echo "$usage"
				exit 1
			fi
			;;
	esac
done
 
if [ -z $DOMAIN ]; then
	if [ $(grep '^domainRequest=' $CONF_FILE | cut -d'=' -f2 | wc --chars) -gt 1 ]; then
		DOMAIN="$(grep '^domainRequest=' $CONF_FILE | cut -d'=' -f2)"
	else
		DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf | cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf | cut -d'=' -f2)"
	fi
fi
 
case $cmd in
	issue)
		issue
		;;
	renew)
		renew
		;;
	cron)
		cron_task
		;;
	install-cert)
		install_cert
		;;
 
	*) exit 1 ;;
esac
 

Rev 2596	Rev 3162
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`#`	2	`#`
3	`# $Id: alcasar-letsencrypt.sh 2596 2018-08-19 23:28:45Z tom.houdayer $`	3	`# $Id: alcasar-letsencrypt.sh 3162 2023-12-14 23:19:39Z rexy $`
4	`#`	4	`#`
5	`# alcasar-letsencrypt.sh`	5	`# alcasar-letsencrypt.sh`
6	`# by Tom HOUDAYER`	6	`# by Tom HOUDAYER`
7	`#`	7	`#`
8	`# This script is distributed under the Gnu General Public License (GPL)`	8	`# This script is distributed under the Gnu General Public License (GPL)`
9	`#`	9	`#`
10	`# Manage Let's Encrypt for ALCASAR integration`	10	`# Manage Let's Encrypt for ALCASAR integration`
11		11
12	`CONF_FILE="/usr/local/etc/alcasar-letsencrypt"`	12	`CONF_FILE="/usr/local/etc/alcasar-letsencrypt"`
13		13
14	`ACCOUNT_EMAIL=""`	14	`ACCOUNT_EMAIL=""`
15	`DOMAIN=""`	15	`DOMAIN=""`
16	`DNS_API=""`	16	`DNS_API=""`
17		17
18	`DEBUG=false`	18	`DEBUG=false`
19	`STAGING_SERVER=""`	19	`STAGING_SERVER=""`
20	`FORCE=""`	20	`FORCE=""`
21	`OPT_PARAMS=""`	21	`OPT_PARAMS=""`
22		22
23	`ACMESH_HOME="/usr/local/etc/letsencrypt"`	23	`ACMESH_HOME="/usr/local/etc/letsencrypt"`
24	`ACMESH_BIN="/opt/acme.sh/acme.sh"`	24	`ACMESH_BIN="/opt/acme.sh/acme.sh"`
25		25
26	`usage="Usage: alcasar-letsencrypt.sh`	26	`usage="Usage: alcasar-letsencrypt.sh`
27	`--issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging]`	27	`--issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging]`
28	`--renew [-d alcasar.domain.tld] [--force] [--staging]"`	28	`--renew [-d alcasar.domain.tld] [--force] [--staging]"`
29		29
30		30
31	`################################################################################`	31	`################################################################################`
32	`# ISSUE #`	32	`# ISSUE #`
33	`################################################################################`	33	`################################################################################`
34	`issue() {`	34	`issue() {`
35	`if [ ! -f $ACMESH_BIN ]; then`	35	`if [ ! -f $ACMESH_BIN ]; then`
36	`echo "The client does not seem to be installed."`	36	`echo "The client does not seem to be installed."`
37	`return 1`	37	`return 1`
38	`fi`	38	`fi`
39		39
40	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`	40	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`
41		41
42	`if [ ! -z $ACCOUNT_EMAIL ]; then`	42	`if [ ! -z $ACCOUNT_EMAIL ]; then`
43	`emailField=" --accountemail $ACCOUNT_EMAIL"`	43	`emailField=" --accountemail $ACCOUNT_EMAIL"`
44	`sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE`	44	`sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE`
45	`else`	45	`else`
46	`emailField=""`	46	`emailField=""`
47	`fi`	47	`fi`
48		48
49	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`	49	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`
50	`[ ! -z "$DNS_API" ] && dnsApiOpt="$DNS_API" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`	50	`[ ! -z "$DNS_API" ] && dnsApiOpt="$DNS_API" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`
51	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`	51	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`
52	`$STAGING_SERVER $FORCE $debugOpt \`	52	`$STAGING_SERVER $FORCE $debugOpt \`
53	`$emailField \`	53	`$emailField \`
54	`--issue --dns $dnsApiOpt -d $DOMAIN \`	54	`--issue --dns $dnsApiOpt -d $DOMAIN \`
55	`$OPT_PARAMS \`	55	`$OPT_PARAMS \`
56	`> $TMP_OUTPUT 2>&1`	56	`> $TMP_OUTPUT 2>&1`
57	`exitCode=$?`	57	`exitCode=$?`
58		58
59	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`	59	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`
60		60
61	`sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE`	61	`sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE`
62	`sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE`	62	`sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE`
63	`sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE`	63	`sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE`
64		64
65	`if ! _handle_client_response $TMP_OUTPUT; then`	65	`if ! _handle_client_response $TMP_OUTPUT; then`
66	`if [ $exitCode -ne 0 ]; then`	66	`if [ $exitCode -ne 0 ]; then`
67	`echo -e "Error!\n"`	67	`echo -e "Error!\n"`
68	`cat $TMP_OUTPUT`	68	`cat $TMP_OUTPUT`
69	`rm -f $TMP_OUTPUT`	69	`rm -f $TMP_OUTPUT`
70	`return 1`	70	`return 1`
71	`else`	71	`else`
72	`echo -e "Unknown state\n"`	72	`echo -e "Unknown state\n"`
73	`cat $TMP_OUTPUT`	73	`cat $TMP_OUTPUT`
74	`fi`	74	`fi`
75	`fi`	75	`fi`
76		76
77	`rm -f $TMP_OUTPUT`	77	`rm -f $TMP_OUTPUT`
78	`}`	78	`}`
79		79
80		80
81	`################################################################################`	81	`################################################################################`
82	`# RENEW #`	82	`# RENEW #`
83	`################################################################################`	83	`################################################################################`
84	`renew() {`	84	`renew() {`
85	`if [ ! -f $ACMESH_BIN ]; then`	85	`if [ ! -f $ACMESH_BIN ]; then`
86	`echo "The client does not seem to be installed."`	86	`echo "The client does not seem to be installed."`
87	`return 1`	87	`return 1`
88	`fi`	88	`fi`
89		89
90	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`	90	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`
91		91
92	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`	92	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`
93	`[ ! -z "$DNS_API" ] && dnsApiOpt="" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`	93	`[ ! -z "$DNS_API" ] && dnsApiOpt="" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`
94	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`	94	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`
95	`$STAGING_SERVER $FORCE $debugOpt \`	95	`$STAGING_SERVER $FORCE $debugOpt \`
96	`--renew -d $DOMAIN $dnsApiOpt \`	96	`--renew -d $DOMAIN $dnsApiOpt \`
97	`$OPT_PARAMS \`	97	`$OPT_PARAMS \`
98	`> $TMP_OUTPUT 2>&1`	98	`> $TMP_OUTPUT 2>&1`
99	`exitCode=$?`	99	`exitCode=$?`
100		100
101	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`	101	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`
102		102
103	`if ! _handle_client_response $TMP_OUTPUT; then`	103	`if ! _handle_client_response $TMP_OUTPUT; then`
104	`if [ $exitCode -ne 0 ]; then`	104	`if [ $exitCode -ne 0 ]; then`
105	`echo -e "Error!\n"`	105	`echo -e "Error!\n"`
106	`cat $TMP_OUTPUT`	106	`cat $TMP_OUTPUT`
107	`rm -f $TMP_OUTPUT`	107	`rm -f $TMP_OUTPUT`
108	`return 1`	108	`return 1`
109	`else`	109	`else`
110	`echo -e "Unknown state\n"`	110	`echo -e "Unknown state\n"`
111	`cat $TMP_OUTPUT`	111	`cat $TMP_OUTPUT`
112	`fi`	112	`fi`
113	`fi`	113	`fi`
114		114
115	`rm -f $TMP_OUTPUT`	115	`rm -f $TMP_OUTPUT`
116	`}`	116	`}`
117		117
118		118
119	`################################################################################`	119	`################################################################################`
120	`# CRON TASK #`	120	`# CRON TASK #`
121	`################################################################################`	121	`################################################################################`
122	`cron_task() {`	122	`cron_task() {`
123	`if [ $(grep '^dateNextRenewal=' $CONF_FILE \| cut -d'=' -f2) -le $(date +%s) ]; then`	123	`if [ $(grep '^dateNextRenewal=' $CONF_FILE \| cut -d'=' -f2) -le $(date +%s) ]; then`
124	`logger -t alcasar-letsencrypt "Launch CRON task."`	124	`logger -t alcasar-letsencrypt "Launch CRON task."`
125	`renew`	125	`renew`
126	`fi`	126	`fi`
127	`}`	127	`}`
128		128
129		129
130	`################################################################################`	130	`################################################################################`
131	`# HANDLE CLIENT RESPONSE #`	131	`# HANDLE CLIENT RESPONSE #`
132	`################################################################################`	132	`################################################################################`
133	`_handle_client_response() {`	133	`_handle_client_response() {`
134	`[ $# -lt 1 ] && return 1`	134	`[ $# -lt 1 ] && return 1`
135	`responseFile=$1`	135	`responseFile=$1`
136		136
137	`# issue / renew`	137	`# issue / renew`
138	`if [ $(cat $responseFile \| grep "Add the following TXT record:" -c) -ne 0 ]; then`	138	`if [ $(cat $responseFile \| grep "Add the following TXT record:" -c) -ne 0 ]; then`
139	`challenge=$(cat $responseFile \| grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o \| cut -d"'" -f2)`	139	`challenge=$(cat $responseFile \| grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o \| cut -d"'" -f2)`
140	`sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE`	140	`sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE`
141		141
142	`echo "Add the following TXT record:"`	142	`echo "Add the following TXT record:"`
143	`echo "Domain: '_acme-challenge.$DOMAIN'"`	143	`echo "Domain: '_acme-challenge.$DOMAIN'"`
144	`echo "TXT value: '$challenge'"`	144	`echo "TXT value: '$challenge'"`
145	`elif [ $(cat $responseFile \| grep "Cert success." -c) -ne 0 ]; then`	145	`elif [ $(cat $responseFile \| grep "Cert success." -c) -ne 0 ]; then`
146	`sed -i "s/^challenge=.*/challenge=/" $CONF_FILE`	146	`sed -i "s/^challenge=.*/challenge=/" $CONF_FILE`
147	`sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE`	147	`sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE`
148	`sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE`	148	`sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE`
149		149
150	`install_cert`	150	`install_cert`
151	`logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported."`	151	`logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported."`
152	`echo "Certificate imported."`	152	`echo "Certificate imported."`
153	`[ -z $DNS_API ] && echo "Note: you can delete the TXT record."`	153	`[ -z $DNS_API ] && echo "Note: you can delete the TXT record."`
154	`elif [ $(cat $responseFile \| grep "Domains not changed." -c) -ne 0 ]; then`	154	`elif [ $(cat $responseFile \| grep "Domains not changed." -c) -ne 0 ]; then`
155	`echo "Domain not changed"`	155	`echo "Domain not changed"`
156	`elif [ $(cat $responseFile \| grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then`	156	`elif [ $(cat $responseFile \| grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then`
157	`echo "Domain already verified"`	157	`echo "Domain already verified"`
158	`elif [ $(cat $responseFile \| grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then`	158	`elif [ $(cat $responseFile \| grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then`
159	`echo "Error add txt for domain:_acme-challenge.$DOMAIN"`	159	`echo "Error add txt for domain:_acme-challenge.$DOMAIN"`
160	`elif [ $(cat $responseFile \| grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then`	160	`elif [ $(cat $responseFile \| grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then`
161	`echo "Dns record not added yet, you need to add it manually and retry again."`	161	`echo "Dns record not added yet, you need to add it manually and retry again."`
162	`elif [ $(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then`	162	`elif [ $(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then`
163	`errorMsg=$(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}' \| sed 's/.new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}./\1/')`	163	`errorMsg=$(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}' \| sed 's/.new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}./\1/')`
164	`echo "Incorrect domain name"`	164	`echo "Incorrect domain name"`
165	`echo "$errorMsg"`	165	`echo "$errorMsg"`
166	`elif [ $(cat $responseFile \| grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then`	166	`elif [ $(cat $responseFile \| grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then`
167	`echo "'$DOMAIN' is not a issued domain"`	167	`echo "'$DOMAIN' is not a issued domain"`
168		168
169	`# renew`	169	`# renew`
170	`elif [ $(cat $responseFile \| grep "Skip, Next renewal time is: " -c) -ne 0 ]; then`	170	`elif [ $(cat $responseFile \| grep "Skip, Next renewal time is: " -c) -ne 0 ]; then`
171	`nextRenewal=$(cat $responseFile \| grep 'Skip, Next renewal time is: ' \| sed 's/.Skip, Next renewal time is: \(.\)/\1/')`	171	`nextRenewal=$(cat $responseFile \| grep 'Skip, Next renewal time is: ' \| sed 's/.Skip, Next renewal time is: \(.\)/\1/')`
172	`echo "Skip, Next renewal time is: $nextRenewal"`	172	`echo "Skip, Next renewal time is: $nextRenewal"`
173	`echo "Add '--force' to force to renew."`	173	`echo "Add '--force' to force to renew."`
174	`elif [ $(cat $responseFile \| grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then`	174	`elif [ $(cat $responseFile \| grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then`
175	`echo "Correct value not found for DNS challenge"`	175	`echo "Correct value not found for DNS challenge"`
176	`elif [ $(cat $responseFile \| grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then`	176	`elif [ $(cat $responseFile \| grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then`
177	`echo "The challenge is not pending. You need to issue."`	177	`echo "The challenge is not pending. You need to issue."`
178	`else`	178	`else`
179	`return 2`	179	`return 2`
180	`fi`	180	`fi`
181		181
182	`return 0`	182	`return 0`
183	`}`	183	`}`
184		184
185		185
186	`################################################################################`	186	`################################################################################`
187	`# INSTALL CERTIFICATE #`	187	`# INSTALL CERTIFICATE #`
188	`################################################################################`	188	`################################################################################`
189	`install_cert() {`	189	`install_cert() {`
190	`echo "Importing certificate to ALCASAR..."`	190	`echo "Importing certificate to ALCASAR..."`
191		191
192	`if [ ! -f $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".cer ]; then`	192	`if [ ! -f $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".cer ]; then`
193	`echo "Certificate not found."`	193	`echo "Certificate not found."`
194	`return 1`	194	`return 1`
195	`fi`	195	`fi`
196		196
197	`/usr/local/bin/alcasar-importcert.sh \`	197	`/usr/local/bin/alcasar-importcert.sh \`
198	`-i $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".cer \`	198	`-i $ACMESH_HOME/certs/"$DOMAIN"_ecc/"$DOMAIN".cer \`
199	`-k $ACMESH_HOME/certs/"$DOMAIN"/"$DOMAIN".key \`	199	`-k $ACMESH_HOME/certs/"$DOMAIN"_ecc/"$DOMAIN".key \`
200	`-c $ACMESH_HOME/certs/"$DOMAIN"/fullchain.cer \`	200	`-c $ACMESH_HOME/certs/"$DOMAIN"_ecc/fullchain.cer \`
201	`> /dev/null 2>&1`	201	`> /dev/null 2>&1`
202		202
203	`if [ $? -ne 0 ]; then`	203	`if [ $? -ne 0 ]; then`
204	`echo "Error."`	204	`echo "Error."`
205	`return 1`	205	`return 1`
206	`fi`	206	`fi`
207	`}`	207	`}`
208		208
209		209
210	`################################################################################`	210	`################################################################################`
211	`# MAIN #`	211	`# MAIN #`
212	`################################################################################`	212	`################################################################################`
213		213
214	`if [ $# -eq 0 ]; then`	214	`if [ $# -eq 0 ]; then`
215	`echo "$usage"`	215	`echo "$usage"`
216	`exit 1`	216	`exit 1`
217	`fi`	217	`fi`
218		218
219	`cmd=""`	219	`cmd=""`
220		220
221	`while [ $# -gt 0 ]; do`	221	`while [ $# -gt 0 ]; do`
222	`case $1 in`	222	`case $1 in`
223	`-\? \| -h \| --help)`	223	`-\? \| -h \| --help)`
224	`echo "$usage"`	224	`echo "$usage"`
225	`exit 0`	225	`exit 0`
226	`;;`	226	`;;`
227		227
228	`--issue)`	228	`--issue)`
229	`cmd="issue"`	229	`cmd="issue"`
230	`shift 1`	230	`shift 1`
231	`;;`	231	`;;`
232	`--renew)`	232	`--renew)`
233	`cmd="renew"`	233	`cmd="renew"`
234	`shift 1`	234	`shift 1`
235	`;;`	235	`;;`
236	`--cron)`	236	`--cron)`
237	`cmd="cron"`	237	`cmd="cron"`
238	`shift 1`	238	`shift 1`
239	`;;`	239	`;;`
240	`--install-cert)`	240	`--install-cert)`
241	`cmd="install-cert"`	241	`cmd="install-cert"`
242	`shift 1`	242	`shift 1`
243	`;;`	243	`;;`
244		244
245	`--email)`	245	`--email)`
246	`ACCOUNT_EMAIL="$2"`	246	`ACCOUNT_EMAIL="$2"`
247	`shift 2`	247	`shift 2`
248	`;;`	248	`;;`
249	`--domain \| -d)`	249	`--domain \| -d)`
250	`DOMAIN="$2"`	250	`DOMAIN="$2"`
251	`shift 2`	251	`shift 2`
252	`;;`	252	`;;`
253	`--dns-api)`	253	`--dns-api)`
254	`DNS_API="$2"`	254	`DNS_API="$2"`
255	`shift 2`	255	`shift 2`
256	`;;`	256	`;;`
257	`--force)`	257	`--force)`
258	`FORCE="--force"`	258	`FORCE="--force"`
259	`shift 1`	259	`shift 1`
260	`;;`	260	`;;`
261	`--staging)`	261	`--staging)`
262	`STAGING_SERVER="--staging"`	262	`STAGING_SERVER="--staging"`
263	`shift 1`	263	`shift 1`
264	`;;`	264	`;;`
265	`--debug)`	265	`--debug)`
266	`DEBUG=true`	266	`DEBUG=true`
267	`shift 1`	267	`shift 1`
268	`;;`	268	`;;`
269		269
270	`*)`	270	`*)`
271	`found=false`	271	`found=false`
272	`for param in "--dnssleep"; do`	272	`for param in "--dnssleep"; do`
273	`if [ $1 == $param ]; then`	273	`if [ $1 == $param ]; then`
274	`OPT_PARAMS="$OPT_PARAMS $1 $2"`	274	`OPT_PARAMS="$OPT_PARAMS $1 $2"`
275	`shift 2`	275	`shift 2`
276	`found=true`	276	`found=true`
277	`break`	277	`break`
278	`fi`	278	`fi`
279	`done`	279	`done`
280		280
281	`if ! $found; then`	281	`if ! $found; then`
282	`echo "Unknown argument: $1"`	282	`echo "Unknown argument: $1"`
283	`echo "$usage"`	283	`echo "$usage"`
284	`exit 1`	284	`exit 1`
285	`fi`	285	`fi`
286	`;;`	286	`;;`
287	`esac`	287	`esac`
288	`done`	288	`done`
289		289
290	`if [ -z $DOMAIN ]; then`	290	`if [ -z $DOMAIN ]; then`
291	`if [ $(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2 \| wc --chars) -gt 1 ]; then`	291	`if [ $(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2 \| wc --chars) -gt 1 ]; then`
292	`DOMAIN="$(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2)"`	292	`DOMAIN="$(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2)"`
293	`else`	293	`else`
294	`DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2)"`	294	`DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2)"`
295	`fi`	295	`fi`
296	`fi`	296	`fi`
297		297
298	`case $cmd in`	298	`case $cmd in`
299	`issue)`	299	`issue)`
300	`issue`	300	`issue`
301	`;;`	301	`;;`
302	`renew)`	302	`renew)`
303	`renew`	303	`renew`
304	`;;`	304	`;;`
305	`cron)`	305	`cron)`
306	`cron_task`	306	`cron_task`
307	`;;`	307	`;;`
308	`install-cert)`	308	`install-cert)`
309	`install_cert`	309	`install_cert`
310	`;;`	310	`;;`
311		311
312	`*) exit 1 ;;`	312	`*) exit 1 ;;`
313	`esac`	313	`esac`
314		314

Subversion Repositories ALCASAR

(root)/scripts/alcasar-letsencrypt.sh @ 2596 – Rev 2596 → 3162