ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add --fullchain-key-file option to --install-cert command

Browse Source
This commit is contained in:
Honza Hommer 2020-06-27 12:52:55 +02:00
parent 58b4eb04f9
commit 3dfcb21298
No known key found for this signature in database
GPG Key ID: F1A1FA427709F5EF
1 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
acme.sh
View File

@ -4782,7 +4782,7 @@ $_authorizations_map"
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_real_fullchain_key" "$_reload_cmd"; then
return 1
fi
fi
@ -5191,7 +5191,7 @@ deploy() {
installcert() {
_main_domain="$1"
if [ -z "$_main_domain" ]; then
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchain-file fullchain-path]"
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc][--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [--reloadCmd reloadCmd] [--fullchain-file fullchain-path] [--fullchain-key-file fullchain-key-path]"
return 1
fi
@ -5200,7 +5200,8 @@ installcert() {
_real_ca="$4"
_reload_cmd="$5"
_real_fullchain="$6"
_isEcc="$7"
_real_fullchain_key="$7"
_isEcc="$8"
_initpath "$_main_domain" "$_isEcc"
if [ ! -d "$DOMAIN_PATH" ]; then
@ -5214,8 +5215,9 @@ installcert() {
_savedomainconf "Le_RealKeyPath" "$_real_key"
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
_savedomainconf "Le_RealFullChainKeyPath" "$_real_fullchain_key"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_real_fullchain_key" "$_reload_cmd"
}
#domain cert key ca fullchain reloadcmd backup-prefix
@ -5225,8 +5227,9 @@ _installcert() {
_real_key="$3"
_real_ca="$4"
_real_fullchain="$5"
_reload_cmd="$6"
_backup_prefix="$7"
_real_fullchain_key="$6"
_reload_cmd="$7"
_backup_prefix="$8"
if [ "$_real_cert" = "$NO_VALUE" ]; then
_real_cert=""
@ -5243,6 +5246,9 @@ _installcert() {
if [ "$_real_fullchain" = "$NO_VALUE" ]; then
_real_fullchain=""
fi
if [ "$_real_fullchain_key" = "$NO_VALUE" ]; then
_real_fullchain_key=""
fi
_backup_path="$DOMAIN_BACKUP_PATH/$_backup_prefix"
mkdir -p "$_backup_path"
@ -5289,6 +5295,17 @@ _installcert() {
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
fi
if [ "$_real_fullchain_key" ]; then
_info "Installing full chain with key to:$_real_fullchain_key"
if [ -f "$_real_fullchain_key" ] && [ ! "$IS_RENEW" ]; then
cp "$_real_fullchain_key" "$_backup_path/fullchainkey.bak"
fi
if [ ! -f "$_real_fullchain_key" ]; then
install -c -m600 /dev/null "$_real_fullchain_key"
fi
cat "$CERT_FULLCHAIN_PATH" "$CERT_KEY_PATH" >"$_real_fullchain_key" || return 1
fi
if [ "$_reload_cmd" ]; then
_info "Run reload cmd: $_reload_cmd"
if (
@ -6260,6 +6277,7 @@ Parameters:
--key-file After issue/renew, the key will be copied to this path.
--ca-file After issue/renew, the intermediate cert will be copied to this path.
--fullchain-file After issue/renew, the fullchain cert will be copied to this path.
--fullchain-key-file After issue/renew, the fullchain cert with key will be copied to this path.
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
@ -6447,6 +6465,7 @@ _process() {
_key_file=""
_ca_file=""
_fullchain_file=""
_fullchain_key_file=""
_reloadcmd=""
_password=""
_accountconf=""
@ -6740,6 +6759,10 @@ _process() {
_fullchain_file="$2"
shift
;;
--fullchain-key-file)
_fullchain_key_file="$2"
shift
;;
--reloadcmd | --reloadCmd)
_reloadcmd="$2"
shift
@ -7044,7 +7067,7 @@ _process() {
showcsr "$_csr" "$_domain"
;;
installcert)
installcert "$_domain" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_ecc"
installcert "$_domain" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_fullchain_key_file" "$_ecc"
;;
renew)
renew "$_domain" "$_ecc"