Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sync #4986

Merged
merged 15 commits into from
Feb 3, 2024
Merged

sync #4986

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions .github/workflows/DNS.yml
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,7 @@ jobs:
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: |
pkg_add curl socat
/usr/sbin/pkg_add curl socat
usesh: true
copyback: false
run: |
Expand Down Expand Up @@ -493,8 +493,6 @@ jobs:
copyback: false
prepare: pkg install socat
run: |
pkg set-mediator -v -I [email protected] openssl
export PATH=/usr/gnu/bin:$PATH
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/NetBSD.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ concurrency:




jobs:
NetBSD:
strategy:
Expand All @@ -44,6 +43,7 @@ jobs:
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
Expand All @@ -57,7 +57,7 @@ jobs:
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/netbsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: |
Expand Down
28 changes: 24 additions & 4 deletions acme.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2499,10 +2499,10 @@ _startserver() {
_debug Le_Listen_V6 "$Le_Listen_V6"

_NC="socat"
if [ "$Le_Listen_V4" ]; then
_NC="$_NC -4"
elif [ "$Le_Listen_V6" ]; then
if [ "$Le_Listen_V6" ]; then
_NC="$_NC -6"
else
_NC="$_NC -4"
fi

if [ "$DEBUG" ] && [ "$DEBUG" -gt "1" ]; then
Expand Down Expand Up @@ -4515,7 +4515,7 @@ issue() {

vlist="$Le_Vlist"
_cleardomainconf "Le_Vlist"
_info "Getting domain auth token for each domain"
_debug "Getting domain auth token for each domain"
sep='#'
dvsep=','
if [ -z "$vlist" ]; then
Expand Down Expand Up @@ -4571,12 +4571,22 @@ issue() {
if [ "$_notAfter" ]; then
_newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\""
fi
_debug "STEP 1, Ordering a Certificate"
if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then
_err "Create new order error."
_clearup
_on_issue_err "$_post_hook"
return 1
fi
if _contains "$response" "invalid"; then
if echo "$response" | _normalizeJson | grep '"status":"invalid"' >/dev/null 2>&1; then
_err "Create new order with invalid status."
_err "$response"
_clearup
_on_issue_err "$_post_hook"
return 1
fi
fi

Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)"
_debug Le_LinkOrder "$Le_LinkOrder"
Expand All @@ -4601,6 +4611,7 @@ issue() {
return 1
fi

_debug "STEP 2, Get the authorizations of each domain"
#domain and authz map
_authorizations_map=""
for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do
Expand All @@ -4609,13 +4620,22 @@ issue() {
_err "get to authz error."
_err "_authorizations_seg" "$_authorizations_seg"
_err "_authz_url" "$_authz_url"
_err "$response"
_clearup
_on_issue_err "$_post_hook"
return 1
fi

response="$(echo "$response" | _normalizeJson)"
_debug2 response "$response"
if echo "$response" | grep '"status":"invalid"' >/dev/null 2>&1; then
_err "get authz objec with invalid status, please try again later."
_err "_authorizations_seg" "$_authorizations_seg"
_err "$response"
_clearup
_on_issue_err "$_post_hook"
return 1
fi
_d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2- | tr -d ' "')"
if _contains "$response" "\"wildcard\" *: *true"; then
_d="*.$_d"
Expand Down
6 changes: 3 additions & 3 deletions deploy/routeros.sh
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ routeros_deploy() {
return $_err_code
fi

DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USERNAME \
DEPLOY_SCRIPT_CMD="/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \
comment=\"generated by routeros deploy script in acme.sh\" \
source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
\n/certificate remove [ find name=$_cdomain.cer_1 ];\
Expand All @@ -158,11 +158,11 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
return $_err_code
fi

if ! _ssh_remote_cmd "/system script run \"LE Cert Deploy - $_cdomain\""; then
if ! _ssh_remote_cmd "/system script run \"LECertDeploy-$_cdomain\""; then
return $_err_code
fi

if ! _ssh_remote_cmd "/system script remove \"LE Cert Deploy - $_cdomain\""; then
if ! _ssh_remote_cmd "/system script remove \"LECertDeploy-$_cdomain\""; then
return $_err_code
fi

Expand Down
4 changes: 2 additions & 2 deletions deploy/synology_dsm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ synology_dsm_deploy() {

#################### Private functions below ##################################
_logout() {
# Logout to not occupy a permanent session, e.g. in DSM's "Connected Users" widget
response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=logout")
# Logout CERT user only to not occupy a permanent session, e.g. in DSM's "Connected Users" widget (based on previous variables)
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=logout&_sid=$sid")
_debug3 response "$response"
}
148 changes: 0 additions & 148 deletions dnsapi/dns_do.sh

This file was deleted.

12 changes: 6 additions & 6 deletions dnsapi/dns_gandi_livedns.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
#
######## Public functions #####################

GANDI_LIVEDNS_API="https://dns.api.gandi.net/api/v5"
GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns"

#Usage: dns_gandi_livedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_gandi_livedns_add() {
Expand Down Expand Up @@ -78,7 +78,7 @@ dns_gandi_livedns_rm() {
_gandi_livedns_rest PUT \
"domains/$_domain/records/$_sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
_contains "$response" '{"message": "DNS Record Created"}' &&
_contains "$response" '{"message":"DNS Record Created"}' &&
_info "Removing record $(__green "success")"
}

Expand Down Expand Up @@ -134,7 +134,7 @@ _dns_gandi_append_record() {
_debug new_rrset_values "$_rrset_values"
_gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
_contains "$response" '{"message": "DNS Record Created"}' &&
_contains "$response" '{"message":"DNS Record Created"}' &&
_info "Adding record $(__green "success")"
}

Expand All @@ -144,11 +144,11 @@ _dns_gandi_existing_rrset_values() {
if ! _gandi_livedns_rest GET "domains/$domain/records/$sub_domain"; then
return 1
fi
if ! _contains "$response" '"rrset_type": "TXT"'; then
if ! _contains "$response" '"rrset_type":"TXT"'; then
_debug "Does not have a _acme-challenge TXT record yet."
return 1
fi
if _contains "$response" '"rrset_values": \[\]'; then
if _contains "$response" '"rrset_values":\[\]'; then
_debug "Empty rrset_values for TXT record, no previous TXT record."
return 1
fi
Expand All @@ -169,7 +169,7 @@ _gandi_livedns_rest() {
if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then
export _H2="Authorization: Bearer $GANDI_LIVEDNS_TOKEN"
else
export _H2="X-Api-Key: $GANDI_LIVEDNS_KEY"
export _H2="Authorization: Apikey $GANDI_LIVEDNS_KEY"
fi

if [ "$m" = "GET" ]; then
Expand Down
Loading