forked from openwrt/packages
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
uacme: Add support custom CAs and TLS-ALPN-01 challenge
Signed-off-by: Peter Putzer <[email protected]>
- Loading branch information
1 parent
9baed0d
commit e12095b
Showing
1 changed file
with
27 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,6 +8,7 @@ | |
| # | ||
| # Initial Author: Toke Høiland-Jørgensen <[email protected]> | ||
| # Adapted for uacme: Lucian Cristian <[email protected]> | ||
| # Adapted for custom CA and TLS-ALPN-01: Peter Putzer <[email protected]> | ||
|
|
||
| CHECK_CRON=$1 | ||
|
|
||
|
|
@@ -39,6 +40,8 @@ UPDATE_UHTTPD=0 | |
| UPDATE_HAPROXY=0 | ||
| FW_RULE= | ||
| USER_CLEANUP= | ||
| ACME_URL= | ||
| ACME_STAGING_URL= | ||
|
|
||
| . /lib/functions.sh | ||
|
|
||
|
|
@@ -220,6 +223,7 @@ issue_cert() | |
| local failed_dir | ||
| local webroot | ||
| local dns | ||
| local tls | ||
| local user_setup | ||
| local user_cleanup | ||
| local ret | ||
|
|
@@ -237,6 +241,7 @@ issue_cert() | |
| config_get keylength "$section" keylength | ||
| config_get webroot "$section" webroot | ||
| config_get dns "$section" dns | ||
| config_get tls "$section" tls | ||
| config_get user_setup "$section" user_setup | ||
| config_get user_cleanup "$section" user_cleanup | ||
|
|
||
|
|
@@ -249,15 +254,26 @@ issue_cert() | |
|
|
||
| if [ "$APP" = "uacme" ]; then | ||
| [ "$DEBUG" -eq "1" ] && debug="--verbose --verbose" | ||
| [ "$tls" -eq "1" ] && HPROGRAM=/usr/share/uacme/ualpn.sh | ||
| elif [ "$APP" = "acme" ]; then | ||
| [ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug" | ||
| fi | ||
| if [ "$use_staging" -eq "1" ]; then | ||
| STATE_DIR="$STAGING_STATE_DIR"; | ||
| staging="--staging"; | ||
|
|
||
| # Check if we should use a custom stagin URL | ||
| if [ "$APP" = "uacme" -a -n "$ACME_STAGING_URL" ]; then | ||
| ACME="$ACME --acme-url $ACME_STAGING_URL" | ||
| else | ||
| staging="--staging"; | ||
| fi | ||
| else | ||
| STATE_DIR="$PRODUCTION_STATE_DIR"; | ||
| staging=""; | ||
|
|
||
| if [ "$APP" = "uacme" -a -n "$ACME_URL" ]; then | ||
| ACME="$ACME --acme-url $ACME_URL" | ||
| fi | ||
| fi | ||
|
|
||
| set -- $domains | ||
|
|
@@ -267,7 +283,7 @@ issue_cert() | |
| log "Running user-provided setup script from $user_setup." | ||
| "$user_setup" "$main_domain" || return 2 | ||
| else | ||
| [ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 2 | ||
| [ -n "$webroot" ] || [ -n "$dns" ] || [ -n "$tls" ] || pre_checks "$main_domain" || return 2 | ||
| fi | ||
|
|
||
| log "Running $APP for $main_domain" | ||
|
|
@@ -322,6 +338,13 @@ issue_cert() | |
| return 2 | ||
| # uacme_args="$uacme_args --dns $dns" | ||
| fi | ||
| elif [ -n "$tls" ]; then | ||
| if [ "$APP" = "uacme" ]; then | ||
| log "Using TLS mode" | ||
| else | ||
| log "TLS not supported by $APP" | ||
| return 2 | ||
| fi | ||
| elif [ -z "$webroot" ]; then | ||
| if [ "$APP" = "acme" ]; then | ||
| log "Using standalone mode" | ||
|
|
@@ -486,6 +509,8 @@ load_vars() | |
| STAGING_STATE_DIR=$PRODUCTION_STATE_DIR/staging | ||
| ACCOUNT_EMAIL=$(config_get "$section" account_email) | ||
| DEBUG=$(config_get "$section" debug) | ||
| ACME_URL=$(config_get "$section" acme_url) | ||
| ACME_STAGING_URL=$(config_get "$section" acme_staging_url) | ||
| } | ||
|
|
||
| if [ -z "$INCLUDE_ONLY" ]; then | ||
|
|
||