WebSVN – ALCASAR – Diff – /scripts/alcasar-letsencrypt.sh


#!/bin/bash
#
# $Id: alcasar-letsencrypt.sh 3169 2024-01-18 16:15:23Z rexy $
#
# alcasar-letsencrypt.sh
# by Tom HOUDAYER & Rexy
#
# This script is distributed under the Gnu General Public License (GPL)
#
# Manage Let's Encrypt for ALCASAR integration
 
CONF_FILE="/usr/local/etc/alcasar-letsencrypt"
 
ACCOUNT_EMAIL=""
DOMAIN=""
DNS_API=""
 
DEBUG=false
STAGING_SERVER=""
FORCE=""
OPT_PARAMS=""
 
ACMESH_HOME="/usr/local/etc/letsencrypt"
ACMESH_BIN="/opt/acme.sh/acme.sh"
 
usage="Usage: alcasar-letsencrypt.sh
       --issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging]
       --renew [-d alcasar.domain.tld] [--force] [--staging]"
 
 
################################################################################
#                                    ISSUE                                     #
################################################################################
issue() {
	if [ ! -f $ACMESH_BIN ]; then
		echo "The client does not seem to be installed."
		return 1
	fi
 
	TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)
 
	if [ ! -z $ACCOUNT_EMAIL ]; then
		emailField=" --accountemail $ACCOUNT_EMAIL"
		sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE
	else
		emailField=""
	fi
	rm -rf $ACMESH_HOME/certs/*
	$DEBUG && debugOpt=" --debug" || debugOpt=""
	[ ! -z "$DNS_API" ] && dnsApiOpt="$DNS_API" || dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
	$ACMESH_BIN --config-home $ACMESH_HOME/data \
		$STAGING_SERVER $FORCE $debugOpt \
		$emailField \
		--issue --dns $dnsApiOpt -d $DOMAIN \
		$OPT_PARAMS \
		> $TMP_OUTPUT 2>&1
	exitCode=$?
 
	$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"
 
	sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE
	sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE
	sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE
 
	if ! _handle_client_response $TMP_OUTPUT; then
		if [ $exitCode -ne 0 ]; then
			echo -e "Error!\n"
			cat $TMP_OUTPUT
			rm -f $TMP_OUTPUT
			return 1
		else
			echo -e "Unknown state\n"
			cat $TMP_OUTPUT
		fi
	fi
 
	rm -f $TMP_OUTPUT
}
 
 
################################################################################
#                                    RENEW                                     #
################################################################################
renew() {
	if [ ! -f $ACMESH_BIN ]; then
		echo "The client does not seem to be installed."
		return 1
	fi
 
	TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)
 
	$DEBUG && debugOpt=" --debug" || debugOpt=""
	[ ! -z "$DNS_API" ] && dnsApiOpt="" || dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
	$ACMESH_BIN --config-home $ACMESH_HOME/data \
		$STAGING_SERVER $FORCE $debugOpt \
		--renew -d $DOMAIN $dnsApiOpt \
		$OPT_PARAMS \
		> $TMP_OUTPUT 2>&1
	exitCode=$?
 
	$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"
 
	if ! _handle_client_response $TMP_OUTPUT; then
		if [ $exitCode -ne 0 ]; then
			echo -e "Error!\n"
			cat $TMP_OUTPUT
			rm -f $TMP_OUTPUT
			return 1
		else
			echo -e "Unknown state\n"
			cat $TMP_OUTPUT
		fi
	fi
 
	rm -f $TMP_OUTPUT
}
 
 
################################################################################
#                                  CRON TASK                                   #
################################################################################
cron_task() {
	if [ $(grep '^dateNextRenewal=' $CONF_FILE | cut -d'=' -f2) -le $(date +%s) ]; then
		logger -t alcasar-letsencrypt "Launch CRON task."
		renew
	fi
}
 
 
################################################################################
#                            HANDLE CLIENT RESPONSE                            #
################################################################################
_handle_client_response() {
	[ $# -lt 1 ] && return 1
	responseFile=$1
 
	# issue / renew
	if [ $(cat $responseFile | grep "Add the following TXT record:" -c) -ne 0 ]; then
		challenge=$(cat $responseFile | grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o | cut -d"'" -f2)
		sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE
 
		echo "Add the following TXT record:"
		echo "Domain:    '_acme-challenge.$DOMAIN'"
		echo "TXT value: '$challenge'"
	elif [ $(cat $responseFile | grep "Cert success." -c) -ne 0 ]; then
		sed -i "s/^challenge=.*/challenge=/" $CONF_FILE
		sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE
		sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE
 
		install_cert
		logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported."
		echo "Certificate imported."
		[ -z $DNS_API ] && echo "Note: you can delete the TXT record."
	elif [ $(cat $responseFile | grep "Domains not changed." -c) -ne 0 ]; then
		echo "Domain not changed"
	elif [ $(cat $responseFile | grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then
		echo "Domain already verified"
	elif [ $(cat $responseFile | grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then
		echo "Error add txt for domain:_acme-challenge.$DOMAIN"
	elif [ $(cat $responseFile | grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then
		echo "Dns record not added yet, you need to add it manually and retry again."
	elif [ $(cat $responseFile | grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then
		errorMsg=$(cat $responseFile | grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' | sed 's/.*new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}.*/\1/')
		echo "Incorrect domain name"
		echo "$errorMsg"
	elif [ $(cat $responseFile | grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then
		echo "'$DOMAIN' is not a issued domain"
 
	# renew
	elif [ $(cat $responseFile | grep "Skip, Next renewal time is: " -c) -ne 0 ]; then
		nextRenewal=$(cat $responseFile | grep 'Skip, Next renewal time is: ' | sed 's/.*Skip, Next renewal time is: \(.*\)/\1/')
		echo "Skip, Next renewal time is: $nextRenewal"
		echo "Add '--force' to force to renew."
	elif [ $(cat $responseFile | grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then
		echo "Correct value not found for DNS challenge"
	elif [ $(cat $responseFile | grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then
		echo "The challenge is not pending. You need to issue."
	else
		return 2
	fi
 
	return 0
}
 
 
################################################################################
#                             INSTALL CERTIFICATE                              #
################################################################################
install_cert() {
	echo "Importing certificate to ALCASAR..."
	LE_cert_folder="$( echo "$ACMESH_HOME/certs/$DOMAIN"*"")"
	if [ ! -f $LE_cert_folder"/"$DOMAIN.cer ]; then
		echo "Certificate not found."
		return 1
	fi
 
	/usr/local/bin/alcasar-importcert.sh \
		-i $LE_cert_folder"/"$DOMAIN.cer \
		-k $LE_cert_folder"/"$DOMAIN.key \
		-c $LE_cert_folder/fullchain.cer \
		> /dev/null 2>&1
 
	if [ $? -ne 0 ]; then
		echo "Error."
		return 1
	fi
}
 
 
################################################################################
#                                     MAIN                                     #
################################################################################
 
if [ $# -eq 0 ]; then
	echo "$usage"
	exit 1
fi
 
cmd=""
 
while [ $# -gt 0 ]; do
	case $1 in
		-\? | -h | --help)
			echo "$usage"
			exit 0
			;;
 
		--issue)
			cmd="issue"
			shift 1
			;;
		--renew)
			cmd="renew"
			shift 1
			;;
		--cron)
			cmd="cron"
			shift 1
			;;
		--install-cert)
			cmd="install-cert"
			shift 1
			;;
 
		--email)
			ACCOUNT_EMAIL="$2"
			shift 2
			;;
		--domain | -d)
			DOMAIN="$2"
			shift 2
			;;
		--dns-api)
			DNS_API="$2"
			shift 2
			;;
		--force)
			FORCE="--force"
			shift 1
			;;
		--staging)
			STAGING_SERVER="--staging"
			shift 1
			;;
		--debug)
			DEBUG=true
			shift 1
			;;
 
		*)
			found=false
			for param in "--dnssleep"; do
				if [ $1 == $param ]; then
					OPT_PARAMS="$OPT_PARAMS $1 $2"
					shift 2
					found=true
					break
				fi
			done
 
			if ! $found; then
				echo "Unknown argument: $1"
				echo "$usage"
				exit 1
			fi
			;;
	esac
done
 
if [ -z $DOMAIN ]; then
	if [ $(grep '^domainRequest=' $CONF_FILE | cut -d'=' -f2 | wc --chars) -gt 1 ]; then
		DOMAIN="$(grep '^domainRequest=' $CONF_FILE | cut -d'=' -f2)"
	else
		DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf | cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf | cut -d'=' -f2)"
	fi
fi
 
case $cmd in
	issue)
		issue
		;;
	renew)
		renew
		;;
	cron)
		cron_task
		;;
	install-cert)
		install_cert
		;;
 
	*) exit 1 ;;
esac
 

Rev 3168	Rev 3169
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`#`	2	`#`
3	`# $Id: alcasar-letsencrypt.sh 3168 2024-01-17 15:28:46Z rexy $`	3	`# $Id: alcasar-letsencrypt.sh 3169 2024-01-18 16:15:23Z rexy $`
4	`#`	4	`#`
5	`# alcasar-letsencrypt.sh`	5	`# alcasar-letsencrypt.sh`
6	`# by Tom HOUDAYER`	6	`# by Tom HOUDAYER & Rexy`
7	`#`	7	`#`
8	`# This script is distributed under the Gnu General Public License (GPL)`	8	`# This script is distributed under the Gnu General Public License (GPL)`
9	`#`	9	`#`
10	`# Manage Let's Encrypt for ALCASAR integration`	10	`# Manage Let's Encrypt for ALCASAR integration`
11		11
12	`CONF_FILE="/usr/local/etc/alcasar-letsencrypt"`	12	`CONF_FILE="/usr/local/etc/alcasar-letsencrypt"`
13		-
14	`ACCOUNT_EMAIL=""`	13	`ACCOUNT_EMAIL=""`
15	`DOMAIN=""`	14	`DOMAIN=""`
16	`DNS_API=""`	15	`DNS_API=""`
17		-
18	`DEBUG=false`	16	`DEBUG=false`
19	`STAGING_SERVER=""`	17	`STAGING_SERVER=""`
20	`FORCE=""`	18	`FORCE=""`
21	`OPT_PARAMS=""`	19	`OPT_PARAMS=""`
22		-
23	`ACMESH_HOME="/usr/local/etc/letsencrypt"`	20	`ACMESH_HOME="/usr/local/etc/letsencrypt"`
24	`ACMESH_BIN="/opt/acme.sh/acme.sh"`	21	`ACMESH_BIN="/opt/acme.sh/acme.sh"`
25		22
26	`usage="Usage: alcasar-letsencrypt.sh`	23	`usage="Usage: alcasar-letsencrypt.sh`
27	`--issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging]`	24	`--issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging]`
28	`--renew [-d alcasar.domain.tld] [--force] [--staging]"`	25	`--renew [-d alcasar.domain.tld] [--force] [--staging]"`
29		26
30		-
31	`################################################################################`	27	`################################################################################`
32	`# ISSUE #`	28	`# ISSUE #`
33	`################################################################################`	29	`################################################################################`
34	`issue() {`	30	`issue() {`
35	`if [ ! -f $ACMESH_BIN ]; then`	31	`if [ ! -f $ACMESH_BIN ]; then`
36	`echo "The client does not seem to be installed."`	32	`echo "The client does not seem to be installed."`
37	`return 1`	33	`return 1`
38	`fi`	34	`fi`
39		-
40	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`	35	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`
41		-
42	`if [ ! -z $ACCOUNT_EMAIL ]; then`	36	`if [ ! -z $ACCOUNT_EMAIL ]; then`
43	`emailField=" --accountemail $ACCOUNT_EMAIL"`	37	`emailField=" --accountemail $ACCOUNT_EMAIL"`
44	`sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE`	38	`sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE`
45	`else`	39	`else`
46	`emailField=""`	40	`emailField=""`
47	`fi`	41	`fi`
48	`rm -rf $ACMESH_HOME/certs/*`	42	`rm -rf $ACMESH_HOME/certs/*`
49	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`	43	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`
50	`[ ! -z "$DNS_API" ] && dnsApiOpt="$DNS_API" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`	44	`[ ! -z "$DNS_API" ] && dnsApiOpt="$DNS_API" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`
51	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`	45	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`
52	`$STAGING_SERVER $FORCE $debugOpt \`	46	`$STAGING_SERVER $FORCE $debugOpt \`
53	`$emailField \`	47	`$emailField \`
54	`--issue --dns $dnsApiOpt -d $DOMAIN \`	48	`--issue --dns $dnsApiOpt -d $DOMAIN \`
55	`$OPT_PARAMS \`	49	`$OPT_PARAMS \`
56	`> $TMP_OUTPUT 2>&1`	50	`> $TMP_OUTPUT 2>&1`
57	`exitCode=$?`	51	`exitCode=$?`
58		-
59	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`	52	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`
60		-
61	`sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE`	53	`sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE`
62	`sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE`	54	`sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE`
63	`sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE`	55	`sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE`
64		-
65	`if ! _handle_client_response $TMP_OUTPUT; then`	56	`if ! _handle_client_response $TMP_OUTPUT; then`
66	`if [ $exitCode -ne 0 ]; then`	57	`if [ $exitCode -ne 0 ]; then`
67	`echo -e "Error!\n"`	58	`echo -e "Error!\n"`
68	`cat $TMP_OUTPUT`	59	`cat $TMP_OUTPUT`
69	`rm -f $TMP_OUTPUT`	60	`rm -f $TMP_OUTPUT`
70	`return 1`	61	`return 1`
71	`else`	62	`else`
72	`echo -e "Unknown state\n"`	63	`echo -e "Unknown state\n"`
73	`cat $TMP_OUTPUT`	64	`cat $TMP_OUTPUT`
74	`fi`	65	`fi`
75	`fi`	66	`fi`
76		-
77	`rm -f $TMP_OUTPUT`	67	`rm -f $TMP_OUTPUT`
78	`}`	68	`}`
79		69
80		-
81	`################################################################################`	70	`################################################################################`
82	`# RENEW #`	71	`# RENEW #`
83	`################################################################################`	72	`################################################################################`
84	`renew() {`	73	`renew() {`
85	`if [ ! -f $ACMESH_BIN ]; then`	74	`if [ ! -f $ACMESH_BIN ]; then`
86	`echo "The client does not seem to be installed."`	75	`echo "The client does not seem to be installed."`
87	`return 1`	76	`return 1`
88	`fi`	77	`fi`
89		-
90	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`	78	`TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE)`
91		-
92	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`	79	`$DEBUG && debugOpt=" --debug" \|\| debugOpt=""`
93	`[ ! -z "$DNS_API" ] && dnsApiOpt="" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`	80	`[ ! -z "$DNS_API" ] && dnsApiOpt="" \|\| dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please"`
94	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`	81	`$ACMESH_BIN --config-home $ACMESH_HOME/data \`
95	`$STAGING_SERVER $FORCE $debugOpt \`	82	`$STAGING_SERVER $FORCE $debugOpt \`
96	`--renew -d $DOMAIN $dnsApiOpt \`	83	`--renew -d $DOMAIN $dnsApiOpt \`
97	`$OPT_PARAMS \`	84	`$OPT_PARAMS \`
98	`> $TMP_OUTPUT 2>&1`	85	`> $TMP_OUTPUT 2>&1`
99	`exitCode=$?`	86	`exitCode=$?`
100		-
101	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`	87	`$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n"`
102		-
103	`if ! _handle_client_response $TMP_OUTPUT; then`	88	`if ! _handle_client_response $TMP_OUTPUT; then`
104	`if [ $exitCode -ne 0 ]; then`	89	`if [ $exitCode -ne 0 ]; then`
105	`echo -e "Error!\n"`	90	`echo -e "Error!\n"`
106	`cat $TMP_OUTPUT`	91	`cat $TMP_OUTPUT`
107	`rm -f $TMP_OUTPUT`	92	`rm -f $TMP_OUTPUT`
108	`return 1`	93	`return 1`
109	`else`	94	`else`
110	`echo -e "Unknown state\n"`	95	`echo -e "Unknown state\n"`
111	`cat $TMP_OUTPUT`	96	`cat $TMP_OUTPUT`
112	`fi`	97	`fi`
113	`fi`	98	`fi`
114		-
115	`rm -f $TMP_OUTPUT`	99	`rm -f $TMP_OUTPUT`
116	`}`	100	`}`
117		101
118		-
119	`################################################################################`	102	`################################################################################`
120	`# CRON TASK #`	103	`# CRON TASK #`
121	`################################################################################`	104	`################################################################################`
122	`cron_task() {`	105	`cron_task() {`
123	`if [ $(grep '^dateNextRenewal=' $CONF_FILE \| cut -d'=' -f2) -le $(date +%s) ]; then`	106	`if [ $(grep '^dateNextRenewal=' $CONF_FILE \| cut -d'=' -f2) -le $(date +%s) ]; then`
124	`logger -t alcasar-letsencrypt "Launch CRON task."`	107	`logger -t alcasar-letsencrypt "Launch CRON task."`
125	`renew`	108	`renew`
126	`fi`	109	`fi`
127	`}`	110	`}`
128		111
129		-
130	`################################################################################`	112	`################################################################################`
131	`# HANDLE CLIENT RESPONSE #`	113	`# HANDLE CLIENT RESPONSE #`
132	`################################################################################`	114	`################################################################################`
133	`_handle_client_response() {`	115	`_handle_client_response() {`
134	`[ $# -lt 1 ] && return 1`	116	`[ $# -lt 1 ] && return 1`
135	`responseFile=$1`	117	`responseFile=$1`
136		118
137	`# issue / renew`	119	`# issue / renew`
138	`if [ $(cat $responseFile \| grep "Add the following TXT record:" -c) -ne 0 ]; then`	120	`if [ $(cat $responseFile \| grep "Add the following TXT record:" -c) -ne 0 ]; then`
139	`challenge=$(cat $responseFile \| grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o \| cut -d"'" -f2)`	121	`challenge=$(cat $responseFile \| grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o \| cut -d"'" -f2)`
140	`sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE`	122	`sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE`
141		-
142	`echo "Add the following TXT record:"`	123	`echo "Add the following TXT record:"`
143	`echo "Domain: '_acme-challenge.$DOMAIN'"`	124	`echo "Domain: '_acme-challenge.$DOMAIN'"`
144	`echo "TXT value: '$challenge'"`	125	`echo "TXT value: '$challenge'"`
145	`elif [ $(cat $responseFile \| grep "Cert success." -c) -ne 0 ]; then`	126	`elif [ $(cat $responseFile \| grep "Cert success." -c) -ne 0 ]; then`
146	`sed -i "s/^challenge=.*/challenge=/" $CONF_FILE`	127	`sed -i "s/^challenge=.*/challenge=/" $CONF_FILE`
147	`sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE`	128	`sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE`
148	`sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE`	129	`sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE`
149		-
150	`install_cert`	130	`install_cert`
151	`logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported."`	131	`logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported."`
152	`echo "Certificate imported."`	132	`echo "Certificate imported."`
153	`[ -z $DNS_API ] && echo "Note: you can delete the TXT record."`	133	`[ -z $DNS_API ] && echo "Note: you can delete the TXT record."`
154	`elif [ $(cat $responseFile \| grep "Domains not changed." -c) -ne 0 ]; then`	134	`elif [ $(cat $responseFile \| grep "Domains not changed." -c) -ne 0 ]; then`
155	`echo "Domain not changed"`	135	`echo "Domain not changed"`
156	`elif [ $(cat $responseFile \| grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then`	136	`elif [ $(cat $responseFile \| grep "$DOMAIN is already verified, skip dns-01." -c) -ne 0 ]; then`
157	`echo "Domain already verified"`	137	`echo "Domain already verified"`
158	`elif [ $(cat $responseFile \| grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then`	138	`elif [ $(cat $responseFile \| grep "Error add txt for domain:_acme-challenge.$DOMAIN" -c) -ne 0 ]; then`
159	`echo "Error add txt for domain:_acme-challenge.$DOMAIN"`	139	`echo "Error add txt for domain:_acme-challenge.$DOMAIN"`
160	`elif [ $(cat $responseFile \| grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then`	140	`elif [ $(cat $responseFile \| grep "Please add the TXT records to the domains, and retry again." -c) -ne 0 ]; then`
161	`echo "Dns record not added yet, you need to add it manually and retry again."`	141	`echo "Dns record not added yet, you need to add it manually and retry again."`
162	`elif [ $(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then`	142	`elif [ $(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.*\)","status": 400}' -c) -ne 0 ]; then`
163	`errorMsg=$(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}' \| sed 's/.new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}./\1/')`	143	`errorMsg=$(cat $responseFile \| grep 'new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}' \| sed 's/.new-authz error: {"type":"urn:acme:error:malformed","detail":"Error creating new authz :: \(.\)","status": 400}./\1/')`
164	`echo "Incorrect domain name"`	144	`echo "Incorrect domain name"`
165	`echo "$errorMsg"`	145	`echo "$errorMsg"`
166	`elif [ $(cat $responseFile \| grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then`	146	`elif [ $(cat $responseFile \| grep "'$DOMAIN' is not a issued domain, skip." -c) -ne 0 ]; then`
167	`echo "'$DOMAIN' is not a issued domain"`	147	`echo "'$DOMAIN' is not a issued domain"`
168		148
169	`# renew`	149	`# renew`
170	`elif [ $(cat $responseFile \| grep "Skip, Next renewal time is: " -c) -ne 0 ]; then`	150	`elif [ $(cat $responseFile \| grep "Skip, Next renewal time is: " -c) -ne 0 ]; then`
171	`nextRenewal=$(cat $responseFile \| grep 'Skip, Next renewal time is: ' \| sed 's/.Skip, Next renewal time is: \(.\)/\1/')`	151	`nextRenewal=$(cat $responseFile \| grep 'Skip, Next renewal time is: ' \| sed 's/.Skip, Next renewal time is: \(.\)/\1/')`
172	`echo "Skip, Next renewal time is: $nextRenewal"`	152	`echo "Skip, Next renewal time is: $nextRenewal"`
173	`echo "Add '--force' to force to renew."`	153	`echo "Add '--force' to force to renew."`
174	`elif [ $(cat $responseFile \| grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then`	154	`elif [ $(cat $responseFile \| grep "$DOMAIN:Verify error:Correct value not found for DNS challenge" -c) -ne 0 ]; then`
175	`echo "Correct value not found for DNS challenge"`	155	`echo "Correct value not found for DNS challenge"`
176	`elif [ $(cat $responseFile \| grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then`	156	`elif [ $(cat $responseFile \| grep "Unable to update challenge :: The challenge is not pending." -c) -ne 0 ]; then`
177	`echo "The challenge is not pending. You need to issue."`	157	`echo "The challenge is not pending. You need to issue."`
178	`else`	158	`else`
179	`return 2`	159	`return 2`
180	`fi`	160	`fi`
181		-
182	`return 0`	161	`return 0`
183	`}`	162	`}`
184		163
185		-
186	`################################################################################`	164	`################################################################################`
187	`# INSTALL CERTIFICATE #`	165	`# INSTALL CERTIFICATE #`
188	`################################################################################`	166	`################################################################################`
189	`install_cert() {`	167	`install_cert() {`
190	`echo "Importing certificate to ALCASAR..."`	168	`echo "Importing certificate to ALCASAR..."`
191	`LE_cert_folder="$( echo "$ACMESH_HOME/certs/$DOMAIN"*"")"`	169	`LE_cert_folder="$( echo "$ACMESH_HOME/certs/$DOMAIN"*"")"`
192	`if [ ! -f $LE_cert_folder"/"$DOMAIN.cer ]; then`	170	`if [ ! -f $LE_cert_folder"/"$DOMAIN.cer ]; then`
193	`echo "Certificate not found."`	171	`echo "Certificate not found."`
194	`return 1`	172	`return 1`
195	`fi`	173	`fi`
196		-
197	`/usr/local/bin/alcasar-importcert.sh \`	174	`/usr/local/bin/alcasar-importcert.sh \`
198	`-i $LE_cert_folder"/"$DOMAIN.cer \`	175	`-i $LE_cert_folder"/"$DOMAIN.cer \`
199	`-k $LE_cert_folder"/"$DOMAIN.key \`	176	`-k $LE_cert_folder"/"$DOMAIN.key \`
200	`-c $LE_cert_folder/fullchain.cer \`	177	`-c $LE_cert_folder/fullchain.cer \`
201	`> /dev/null 2>&1`	178	`> /dev/null 2>&1`
202		-
203	`if [ $? -ne 0 ]; then`	179	`if [ $? -ne 0 ]; then`
204	`echo "Error."`	180	`echo "Error."`
205	`return 1`	181	`return 1`
206	`fi`	182	`fi`
207	`}`	183	`}`
208		184
209		-
210	`################################################################################`	185	`################################################################################`
211	`# MAIN #`	186	`# MAIN #`
212	`################################################################################`	187	`################################################################################`
213		188
214	`if [ $# -eq 0 ]; then`	189	`if [ $# -eq 0 ]; then`
215	`echo "$usage"`	190	`echo "$usage"`
216	`exit 1`	191	`exit 1`
217	`fi`	192	`fi`
218		-
219	`cmd=""`	193	`cmd=""`
220		-
221	`while [ $# -gt 0 ]; do`	194	`while [ $# -gt 0 ]; do`
222	`case $1 in`	195	`case $1 in`
223	`-\? \| -h \| --help)`	196	`-\? \| -h \| --help)`
224	`echo "$usage"`	197	`echo "$usage"`
225	`exit 0`	198	`exit 0`
226	`;;`	199	`;;`
227		-
228	`--issue)`	200	`--issue)`
229	`cmd="issue"`	201	`cmd="issue"`
230	`shift 1`	202	`shift 1`
231	`;;`	203	`;;`
232	`--renew)`	204	`--renew)`
233	`cmd="renew"`	205	`cmd="renew"`
234	`shift 1`	206	`shift 1`
235	`;;`	207	`;;`
236	`--cron)`	208	`--cron)`
237	`cmd="cron"`	209	`cmd="cron"`
238	`shift 1`	210	`shift 1`
239	`;;`	211	`;;`
240	`--install-cert)`	212	`--install-cert)`
241	`cmd="install-cert"`	213	`cmd="install-cert"`
242	`shift 1`	214	`shift 1`
243	`;;`	215	`;;`
244		-
245	`--email)`	216	`--email)`
246	`ACCOUNT_EMAIL="$2"`	217	`ACCOUNT_EMAIL="$2"`
247	`shift 2`	218	`shift 2`
248	`;;`	219	`;;`
249	`--domain \| -d)`	220	`--domain \| -d)`
250	`DOMAIN="$2"`	221	`DOMAIN="$2"`
251	`shift 2`	222	`shift 2`
252	`;;`	223	`;;`
253	`--dns-api)`	224	`--dns-api)`
254	`DNS_API="$2"`	225	`DNS_API="$2"`
255	`shift 2`	226	`shift 2`
256	`;;`	227	`;;`
257	`--force)`	228	`--force)`
258	`FORCE="--force"`	229	`FORCE="--force"`
259	`shift 1`	230	`shift 1`
260	`;;`	231	`;;`
261	`--staging)`	232	`--staging)`
262	`STAGING_SERVER="--staging"`	233	`STAGING_SERVER="--staging"`
263	`shift 1`	234	`shift 1`
264	`;;`	235	`;;`
265	`--debug)`	236	`--debug)`
266	`DEBUG=true`	237	`DEBUG=true`
267	`shift 1`	238	`shift 1`
268	`;;`	239	`;;`
269		-
270	`*)`	240	`*)`
271	`found=false`	241	`found=false`
272	`for param in "--dnssleep"; do`	242	`for param in "--dnssleep"; do`
273	`if [ $1 == $param ]; then`	243	`if [ $1 == $param ]; then`
274	`OPT_PARAMS="$OPT_PARAMS $1 $2"`	244	`OPT_PARAMS="$OPT_PARAMS $1 $2"`
275	`shift 2`	245	`shift 2`
276	`found=true`	246	`found=true`
277	`break`	247	`break`
278	`fi`	248	`fi`
279	`done`	249	`done`
280		-
281	`if ! $found; then`	250	`if ! $found; then`
282	`echo "Unknown argument: $1"`	251	`echo "Unknown argument: $1"`
283	`echo "$usage"`	252	`echo "$usage"`
284	`exit 1`	253	`exit 1`
285	`fi`	254	`fi`
286	`;;`	255	`;;`
287	`esac`	256	`esac`
288	`done`	257	`done`
289		258
290	`if [ -z $DOMAIN ]; then`	259	`if [ -z $DOMAIN ]; then`
291	`if [ $(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2 \| wc --chars) -gt 1 ]; then`	260	`if [ $(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2 \| wc --chars) -gt 1 ]; then`
292	`DOMAIN="$(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2)"`	261	`DOMAIN="$(grep '^domainRequest=' $CONF_FILE \| cut -d'=' -f2)"`
293	`else`	262	`else`
294	`DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2)"`	263	`DOMAIN="$(grep '^HOSTNAME=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2).$(grep '^DOMAIN=' /usr/local/etc/alcasar.conf \| cut -d'=' -f2)"`
295	`fi`	264	`fi`
296	`fi`	265	`fi`
297		266
298	`case $cmd in`	267	`case $cmd in`
299	`issue)`	268	`issue)`
300	`issue`	269	`issue`
301	`;;`	270	`;;`
302	`renew)`	271	`renew)`
303	`renew`	272	`renew`
304	`;;`	273	`;;`
305	`cron)`	274	`cron)`
306	`cron_task`	275	`cron_task`
307	`;;`	276	`;;`
308	`install-cert)`	277	`install-cert)`
309	`install_cert`	278	`install_cert`
310	`;;`	279	`;;`
311		-
312	`*) exit 1 ;;`	280	`*) exit 1 ;;`
313	`esac`	281	`esac`
314		282

Subversion Repositories ALCASAR

(root)/scripts/alcasar-letsencrypt.sh @ 2554 – Rev 3168 → 3169