LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5931 Commits
1 Branch
46 MiB
 
 
 
 
 
 
Tree: e1c004dcaa
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e1c004dcaa'
${ noResults }
openwrt-packages-dist/net/acme/files/run.sh

144 lines
3.4 KiB
Raw Blame History

#!/bin/sh
# Wrapper for acme.sh to work on openwrt.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 3 of the License, or (at your option) any later
# version.
#
# Author: Toke Høiland-Jørgensen <toke@toke.dk>
CHECK_CRON=$1
ACME=/usr/lib/acme/acme.sh
export SSL_CERT_DIR=/etc/ssl/certs
UHTTPD_REDIRECT_HTTPS=
UHTTPD_LISTEN_HTTP=
STATE_DIR='/etc/acme'
ACCOUNT_EMAIL=
DEBUG=0
. /lib/functions.sh
check_cron()
{
[ -f "/etc/crontabs/root" ] && grep -q '/etc/init.d/acme' /etc/crontabs/root && return
echo "0 0 * * * /etc/init.d/acme start" >> /etc/crontabs/root
/etc/init.d/cron start
}
pre_checks()
{
echo "Running pre checks."
check_cron
UHTTPD_REDIRECT_HTTPS=$(uci get uhttpd.main.redirect_https)
UHTTPD_LISTEN_HTTP=$(uci get uhttpd.main.listen_http)
uci set uhttpd.main.redirect_https=1
uci set uhttpd.main.listen_http='0.0.0.0:80'
uci commit uhttpd
/etc/init.d/uhttpd reload || return 1
iptables -I input_rule -p tcp --dport 80 -j ACCEPT || return 1
return 0
}
post_checks()
{
echo "Running post checks (cleanup)."
iptables -D input_rule -p tcp --dport 80 -j ACCEPT
uci set uhttpd.main.redirect_https="$UHTTPD_REDIRECT_HTTPS"
uci set uhttpd.main.listen_http="$UHTTPD_LISTEN_HTTP"
uci commit uhttpd
/etc/init.d/uhttpd reload
}
err_out()
{
post_checks
exit 1
}
int_out()
{
post_checks
trap - SIGINT
kill -SIGINT $$
}
issue_cert()
{
local section="$1"
local acme_args=
local enabled
local use_staging
local update_uhttpd
local keylength
local domains
local main_domain
config_get_bool enabled "$section" enabled 0
config_get_bool use_staging "$section" use_staging
config_get_bool update_uhttpd "$section" update_uhttpd
config_get domains "$section" domains
config_get keylength "$section" keylength
[ "$enabled" -eq "1" ] || return
[ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug"
set -- $domains
main_domain=$1
if [ -e "$STATE_DIR/$main_domain" ]; then
$ACME --home "$STATE_DIR" --renew -d "$main_domain" $acme_args || return 1
return 0
fi
acme_args="$acme_args $(for d in $domains; do echo -n "-d $d "; done)"
acme_args="$acme_args --webroot $(uci get uhttpd.main.home)"
acme_args="$acme_args --keylength $keylength"
[ -n "$ACCOUNT_EMAIL" ] && acme_args="$acme_args --accountemail $ACCOUNT_EMAIL"
[ "$use_staging" -eq "1" ] && acme_args="$acme_args --staging"
if ! $ACME --home "$STATE_DIR" --issue $acme_args; then
echo "Issuing cert for $main_domain failed. It may be necessary to remove $STATE_DIR/$main_domain to recover." >&2
return 1
fi
if [ "$update_uhttpd" -eq "1" ]; then
uci set uhttpd.main.key="$STATE_DIR/${main_domain}/${main_domain}.key"
uci set uhttpd.main.cert="$STATE_DIR/${main_domain}/fullchain.cer"
# commit and reload is in post_checks
fi
}
load_vars()
{
local section="$1"
STATE_DIR=$(config_get "$section" state_dir)
ACCOUNT_EMAIL=$(config_get "$section" account_email)
DEBUG=$(config_get "$section" debug)
}
if [ -n "$CHECK_CRON" ]; then
check_cron
exit 0
fi
config_load acme
config_foreach load_vars acme
pre_checks || exit 1
trap err_out SIGHUP SIGTERM
trap int_out SIGINT
config_foreach issue_cert cert
post_checks
exit 0