enable acme.sh disable certbot

addons.sh

@@ -81,25 +81,6 @@ Uninstall_succ() {
   [ -e "`ls ${php_install_dir}/etc/php.d/0?-${PHP_extension}.ini 2> /dev/null`" ] && { rm -rf ${php_install_dir}/etc/php.d/0?-${PHP_extension}.ini; Restart_PHP; echo; echo "${CMSG}PHP ${PHP_extension} module uninstall completed${CEND}"; } || { echo; echo "${CWARNING}${PHP_extension} module does not exist! ${CEND}"; }
 }
 
-Install_letsencrypt() {
-  [ ! -e "${python_install_dir}/bin/python" ] && Install_Python
-  ${python_install_dir}/bin/pip install requests 
-  ${python_install_dir}/bin/pip install certbot
-  if [ -e "${python_install_dir}/bin/certbot" ]; then
-    echo; echo "${CSUCCESS}Let's Encrypt client installed successfully! ${CEND}"
-  else
-    echo; echo "${CFAILURE}Let's Encrypt client install failed, Please try again! ${CEND}"
-  fi
-}
-
-Uninstall_letsencrypt() {
-  ${python_install_dir}/bin/pip uninstall -y certbot > /dev/null 2>&1
-  rm -rf /etc/letsencrypt /var/log/letsencrypt /var/lib/letsencrypt ${python_install_dir}
-  [ "${OS}" == "CentOS" ] && Cron_file=/var/spool/cron/root || Cron_file=/var/spool/cron/crontabs/root
-  [ -e "$Cron_file" ] && sed -i '/certbot/d' ${Cron_file}
-  echo; echo "${CMSG}Let's Encrypt client uninstall completed${CEND}";
-}
-
 Install_fail2ban() {
   [ ! -e "${python_install_dir}/bin/python" ] && Install_Python
   pushd ${oneinstack_dir}/src > /dev/null
@@ -190,16 +171,15 @@ What Are You Doing?
 \t${CMSG} 4${CEND}. Install/Uninstall fileinfo PHP Extension
 \t${CMSG} 5${CEND}. Install/Uninstall memcached/memcache
 \t${CMSG} 6${CEND}. Install/Uninstall Redis
-\t${CMSG} 7${CEND}. Install/Uninstall Let's Encrypt client
-\t${CMSG} 8${CEND}. Install/Uninstall swoole PHP Extension 
-\t${CMSG} 9${CEND}. Install/Uninstall xdebug PHP Extension 
-\t${CMSG}10${CEND}. Install/Uninstall PHP Composer 
-\t${CMSG}11${CEND}. Install/Uninstall fail2ban
+\t${CMSG} 7${CEND}. Install/Uninstall swoole PHP Extension 
+\t${CMSG} 8${CEND}. Install/Uninstall xdebug PHP Extension 
+\t${CMSG} 9${CEND}. Install/Uninstall PHP Composer 
+\t${CMSG}10${CEND}. Install/Uninstall fail2ban
 \t${CMSG} q${CEND}. Exit
 "
   read -p "Please input the correct option: " Number
-  if [[ ! "${Number}" =~ ^[1-9,q]$|^1[0-1]$ ]]; then
-    echo "${CFAILURE}input error! Please only input 1~11 and q${CEND}"
+  if [[ ! "${Number}" =~ ^[1-9,q]$|^10]$ ]]; then
+    echo "${CFAILURE}input error! Please only input 1~10 and q${CEND}"
   else
     case "${Number}" in
       1)
@@ -437,14 +417,6 @@ What Are You Doing?
         fi
         ;;
       7)
-        ACTION_FUN
-        if [ "${ACTION}" = '1' ]; then
-          Install_letsencrypt
-        else
-          Uninstall_letsencrypt
-        fi
-        ;;
-      8)
         ACTION_FUN
         PHP_extension=swoole
         if [ "${ACTION}" = '1' ]; then
@@ -471,7 +443,7 @@ What Are You Doing?
           Uninstall_succ
         fi
         ;;
-      9)
+      8)
         ACTION_FUN
         PHP_extension=xdebug
         if [ "${ACTION}" = '1' ]; then
@@ -521,7 +493,7 @@ EOF
           Uninstall_succ
         fi
         ;;
-      10)
+      9)
         ACTION_FUN
         if [ "${ACTION}" = '1' ]; then
           [ -e "/usr/local/bin/composer" ] && { echo "${CWARNING}PHP Composer already installed! ${CEND}"; exit 1; }
@@ -542,7 +514,7 @@ EOF
           echo; echo "${CMSG}composer uninstall completed${CEND}";
         fi
         ;;
-      11)
+      10)
         ACTION_FUN
         if [ "${ACTION}" = '1' ]; then
           Install_fail2ban
@@ -551,8 +523,8 @@ EOF
         fi
         ;;
       q)
-      exit
-      ;;
+        exit
+        ;;
     esac
   fi
 done

include/upgrade_oneinstack.sh

@@ -16,8 +16,14 @@ Upgrade_OneinStack() {
     /bin/mv options.conf /tmp
     sed -i '/oneinstack_dir=/d' /tmp/options.conf
     [ -e /tmp/oneinstack.tar.gz ] && rm -rf /tmp/oneinstack.tar.gz
-    wget -c http://mirrors.linuxeye.com/oneinstack.tar.gz -O /tmp/oneinstack.tar.gz > /dev/null 2>&1 
-    tar xzf /tmp/oneinstack.tar.gz -C ../
+    wget -qc http://mirrors.linuxeye.com/oneinstack.tar.gz -O /tmp/oneinstack.tar.gz
+    if [ -n "`echo ${oneinstack_dir} | grep lnmp`" ]; then
+      tar xzf /tmp/oneinstack.tar.gz -C /tmp
+      /bin/cp -R /tmp/oneinstack/* ${oneinstack_dir}/
+      /bin/rm -rf /tmp/oneinstack
+    else
+      tar xzf /tmp/oneinstack.tar.gz -C ../
+    fi
     IFS=$'\n'
     for L in `grep -vE '^#|^$' /tmp/options.conf`
     do

upgrade.sh

@@ -43,7 +43,7 @@ IPADDR_COUNTRY=`./include/get_ipaddr_state.py $PUBLIC_IPADDR | awk '{print $1}'`
 
 Usage(){
   printf "
-Usage: $0 [ ${CMSG}web${CEND} | ${CMSG}db${CEND} | ${CMSG}php${CEND} | ${CMSG}redis${CEND} | ${CMSG}memcached${CEND} | ${CMSG}phpmyadmin${CEND} | ${CMSG}oneinstack${CEND} ]
+Usage: $0 [ ${CMSG}web${CEND} | ${CMSG}db${CEND} | ${CMSG}php${CEND} | ${CMSG}redis${CEND} | ${CMSG}memcached${CEND} | ${CMSG}phpmyadmin${CEND} | ${CMSG}oneinstack${CEND} | ${CMSG}acme.sh${CEND} ]
 ${CMSG}web${CEND}            --->Upgrade Nginx/Tengine/OpenResty/Apache
 ${CMSG}db${CEND}             --->Upgrade MySQL/MariaDB/Percona
 ${CMSG}php${CEND}            --->Upgrade PHP
@@ -51,6 +51,7 @@ ${CMSG}redis${CEND}          --->Upgrade Redis
 ${CMSG}memcached${CEND}      --->Upgrade Memcached 
 ${CMSG}phpmyadmin${CEND}     --->Upgrade phpMyAdmin
 ${CMSG}oneinstack${CEND}     --->Upgrade OneinStack 
+${CMSG}acme.sh${CEND}        --->Upgrade acme.sh
 
 "
 }
@@ -66,46 +67,50 @@ What Are You Doing?
 \t${CMSG}5${CEND}. Upgrade Memcached 
 \t${CMSG}6${CEND}. Upgrade phpMyAdmin
 \t${CMSG}7${CEND}. Upgrade OneinStack
+\t${CMSG}8${CEND}. Upgrade acme.sh 
 \t${CMSG}q${CEND}. Exit
 "
     echo
-    read -p "Please input the correct option: " Number
-    if [[ ! $Number =~ ^[1-7,q]$ ]]; then
-      echo "${CWARNING}input error! Please only input 1~7 and q${CEND}"
+    read -p "Please input the correct option: " Upgrade_flag
+    if [[ ! ${Upgrade_flag} =~ ^[1-8,q]$ ]]; then
+      echo "${CWARNING}input error! Please only input 1~8 and q${CEND}"
     else
-      case "$Number" in
-      1)
-        if [ -e "$nginx_install_dir/sbin/nginx" ]; then
-          Upgrade_Nginx
-        elif [ -e "$tengine_install_dir/sbin/nginx" ]; then
-          Upgrade_Tengine
-        elif [ -e "$openresty_install_dir/nginx/sbin/nginx" ]; then
-          Upgrade_OpenResty
-        elif [ -e "${apache_install_dir}/conf/httpd.conf" ]; then
-          Upgrade_Apache 
-        fi
-        ;;
-      2)
-        Upgrade_DB
-        ;;
-      3)
-        Upgrade_PHP
-        ;;
-      4)
-        Upgrade_Redis
-        ;;
-      5)
-        Upgrade_Memcached
-        ;;
-      6)
-        Upgrade_phpMyAdmin
-        ;;
-      7)
-        Upgrade_OneinStack 
-        ;;
-      q)
-        exit
-        ;;
+      case "${Upgrade_flag}" in
+        1)
+          if [ -e "$nginx_install_dir/sbin/nginx" ]; then
+            Upgrade_Nginx
+          elif [ -e "$tengine_install_dir/sbin/nginx" ]; then
+            Upgrade_Tengine
+          elif [ -e "$openresty_install_dir/nginx/sbin/nginx" ]; then
+            Upgrade_OpenResty
+          elif [ -e "${apache_install_dir}/conf/httpd.conf" ]; then
+            Upgrade_Apache 
+          fi
+          ;;
+        2)
+          Upgrade_DB
+          ;;
+        3)
+          Upgrade_PHP
+          ;;
+        4)
+          Upgrade_Redis
+          ;;
+        5)
+          Upgrade_Memcached
+          ;;
+        6)
+          Upgrade_phpMyAdmin
+          ;;
+        7)
+          Upgrade_OneinStack 
+          ;;
+        8)
+          [ -e ~/.acme.sh/acme.sh ] && ~/.acme.sh/acme.sh --upgrade
+          ;;
+        q)
+          exit
+          ;;
       esac
     fi
   done
@@ -115,38 +120,41 @@ if [ $# == 0 ]; then
   Menu
 elif [ $# == 1 ]; then
   case $1 in
-  web)
-    if [ -e "$nginx_install_dir/sbin/nginx" ]; then
-      Upgrade_Nginx
-    elif [ -e "$tengine_install_dir/sbin/nginx" ]; then
-      Upgrade_Tengine
-    elif [ -e "$openresty_install_dir/nginx/sbin/nginx" ]; then
-      Upgrade_OpenResty
-    elif [ -e "${apache_install_dir}/conf/httpd.conf" ]; then
-      Upgrade_Apache 
-    fi
-    ;;
-  db)
-    Upgrade_DB
-    ;;
-  php)
-    Upgrade_PHP
-    ;;
-  redis)
-    Upgrade_Redis
-    ;;
-  memcached)
-    Upgrade_Memcached
-    ;;
-  phpmyadmin)
-    Upgrade_phpMyAdmin
-    ;;
-  oneinstack)
-    Upgrade_OneinStack 
-    ;;
-  *)
-    Usage
-    ;;
+    web)
+      if [ -e "$nginx_install_dir/sbin/nginx" ]; then
+        Upgrade_Nginx
+      elif [ -e "$tengine_install_dir/sbin/nginx" ]; then
+        Upgrade_Tengine
+      elif [ -e "$openresty_install_dir/nginx/sbin/nginx" ]; then
+        Upgrade_OpenResty
+      elif [ -e "${apache_install_dir}/conf/httpd.conf" ]; then
+        Upgrade_Apache 
+      fi
+      ;;
+    db)
+      Upgrade_DB
+      ;;
+    php)
+      Upgrade_PHP
+      ;;
+    redis)
+      Upgrade_Redis
+      ;;
+    memcached)
+      Upgrade_Memcached
+      ;;
+    phpmyadmin)
+      Upgrade_phpMyAdmin
+      ;;
+    oneinstack)
+      Upgrade_OneinStack 
+      ;;
+    acme.sh)
+      [ -e ~/.acme.sh/acme.sh ] && ~/.acme.sh/acme.sh --upgrade
+      ;;
+    *)
+      Usage
+      ;;
   esac
 else
   Usage

vhost.sh

@@ -168,22 +168,13 @@ If you enter '.', the field will be left blank.
     openssl req -new -newkey rsa:2048 -sha256 -nodes -out ${PATH_SSL}/${domain}.csr -keyout ${PATH_SSL}/${domain}.key -subj "/C=${SELFSIGNEDSSL_C}/ST=${SELFSIGNEDSSL_ST}/L=${SELFSIGNEDSSL_L}/O=${SELFSIGNEDSSL_O}/OU=${SELFSIGNEDSSL_OU}/CN=${domain}" > /dev/null 2>&1
     openssl x509 -req -days 36500 -sha256 -in ${PATH_SSL}/${domain}.csr -signkey ${PATH_SSL}/${domain}.key -out ${PATH_SSL}/${domain}.crt > /dev/null 2>&1   
   elif [ "${Domian_Mode}" == '3' ]; then
-    while :; do echo
-      read -p "Please enter Administrator Email(example: admin@example.com): " Admin_Email
-      if [ -z "$(echo ${Admin_Email} | grep '.*@.*\..*')" ]; then
-        echo "${CWARNING}Your email address is invalid! ${CEND}"
-      else
-        break
-      fi
-    done
-
     [ "${moredomainame_flag}" == 'y' ] && moredomainame_D="$(for D in ${moredomainame}; do echo -d ${D}; done)"
-    if [ "${nginx_ssl_flag}" == 'y' ]; then 
+    if [ "${nginx_ssl_flag}" == 'y' ] && [ "${moredomain}" != "*.${domain}" ]; then 
       [ ! -d ${web_install_dir}/conf/vhost ] && mkdir ${web_install_dir}/conf/vhost
       echo "server {  server_name ${domain}${moredomainame};  root ${vhostdir};  access_log off; }" > ${web_install_dir}/conf/vhost/${domain}.conf
       ${web_install_dir}/sbin/nginx -s reload
     fi
-    if [ "${apache_ssl_flag}" == 'y' ]; then
+    if [ "${apache_ssl_flag}" == 'y' ] && [ "${moredomain}" != "*.${domain}" ]; then
       [ ! -d ${apache_install_dir}/conf/vhost ] && mkdir ${apache_install_dir}/conf/vhost
       cat > ${apache_install_dir}/conf/vhost/${domain}.conf << EOF
 <VirtualHost *:80>
@@ -204,21 +195,41 @@ If you enter '.', the field will be left blank.
 EOF
       /etc/init.d/httpd restart > /dev/null
     fi
-
-    ${python_install_dir}/bin/certbot certonly --webroot --agree-tos --quiet --email ${Admin_Email} -w ${vhostdir} -d ${domain} ${moredomainame_D}
-    if [ -s "/etc/letsencrypt/live/${domain}/cert.pem" ]; then
+    if [ "${moredomain}" == "*.${domain}" ]; then
+      while :; do echo
+        read -p "Please enter your DNS provider: " DNS_PRO
+        echo "${CMSG}dp${CEND},${CMSG}cx${CEND},${CMSG}ali${CEND},${CMSG}cf${CEND},${CMSG}aws${CEND},${CMSG}linode${CEND},${CMSG}he${CEND},${CMSG}namesilo${CEND},${CMSG}dgon${CEND},${CMSG}freedns${CEND},${CMSG}gd${CEND},${CMSG}namecom${CEND} and so on."
+        if [ -e ~/.acme.sh/dnsapi/dns_${DNS_PRO}.sh ]; then
+          break
+        else
+          echo "${CWARNING}You DNS api mode is not supported${CEND}"
+        fi
+      done
+      while :; do echo
+        echo "Syntax: export Key1=Value1 ; export Key2=Value1"
+        read -p "Please enter your dnsapi parameters: " DNS_PAR
+        echo
+        eval $DNS_PAR
+        if [ $? == 0 ]; then
+          break
+        else
+          echo "${CWARNING}Syntax error! PS: export Ali_Key=LTq ; export Ali_Secret=0q5E${CEND}"
+        fi
+      done
+      ~/.acme.sh/acme.sh --issue --dns dns_${DNS_PRO} -d ${domain} -d ${moredomain}
+    else
+      ~/.acme.sh/acme.sh --issue -d ${domain} ${moredomainame_D} -w ${vhostdir} > /dev/null
+    fi
+    if [ -s ~/.acme.sh/${domain}/fullchain.cer ]; then
       [ -e "${PATH_SSL}/${domain}.crt" ] && rm -rf ${PATH_SSL}/${domain}.{crt,key}
-      ln -s /etc/letsencrypt/live/${domain}/fullchain.pem ${PATH_SSL}/${domain}.crt
-      ln -s /etc/letsencrypt/live/${domain}/privkey.pem ${PATH_SSL}/${domain}.key
       if [ -e "${web_install_dir}/sbin/nginx" -a -e "${apache_install_dir}/conf/httpd.conf" ]; then
-        Cron_Command="/etc/init.d/nginx reload;/etc/init.d/httpd graceful"
+        Command="/etc/init.d/nginx force-reload;/etc/init.d/httpd graceful"
       elif [ -e "${web_install_dir}/sbin/nginx" -a ! -e "${apache_install_dir}/conf/httpd.conf" ]; then
-        Cron_Command="/etc/init.d/nginx reload"
+        Command="/etc/init.d/nginx force-reload"
       elif [ ! -e "${web_install_dir}/sbin/nginx" -a -e "${apache_install_dir}/conf/httpd.conf" ]; then
-        Cron_Command="/etc/init.d/httpd graceful"
+        Command="/etc/init.d/httpd graceful"
       fi
-      [ "${OS}" == "CentOS" ] && Cron_file=/var/spool/cron/root || Cron_file=/var/spool/cron/crontabs/root
-      [ -z "$(grep 'certbot renew' ${Cron_file})" ] && echo "30 2 * * 1 ${python_install_dir}/bin/certbot renew --disable-hook-validation --force-renew --renew-hook \"${Cron_Command}\"" >> $Cron_file
+      ~/.acme.sh/acme.sh --install-cert -d ${domain} --fullchain-file ${PATH_SSL}/${domain}.crt --key-file ${PATH_SSL}/${domain}.key --reloadcmd "${Command}" > /dev/null
     else
       echo "${CFAILURE}Error: Create Let's Encrypt SSL Certificate failed! ${CEND}"
       exit 1
@@ -232,8 +243,8 @@ Print_ssl() {
     echo "$(printf "%-30s" "SSL Private Key:")${CMSG}${PATH_SSL}/${domain}.key${CEND}"
     echo "$(printf "%-30s" "SSL CSR File:")${CMSG}${PATH_SSL}/${domain}.csr${CEND}"
   elif [ "${Domian_Mode}" == '3' ]; then
-    echo "$(printf "%-30s" "Let's Encrypt SSL Certificate:")${CMSG}/etc/letsencrypt/live/${domain}/fullchain.pem${CEND}"
-    echo "$(printf "%-30s" "SSL Private Key:")${CMSG}/etc/letsencrypt/live/${domain}/privkey.pem${CEND}"
+    echo "$(printf "%-30s" "Let's Encrypt SSL Certificate:")${CMSG}${PATH_SSL}/${domain}.crt${CEND}"
+    echo "$(printf "%-30s" "SSL Private Key:")${CMSG}${PATH_SSL}/${domain}.key${CEND}"
   fi
 }
 
@@ -250,7 +261,15 @@ What Are You Doing?
     if [[ ! "${Domian_Mode}" =~ ^[1-3,q]$ ]]; then
       echo "${CFAILURE}input error! Please only input 1~3 and q${CEND}"
     else
-      [ "${Domian_Mode}" == '3' ] && [ ! -e "${python_install_dir}/bin/certbot" ] && { echo "${CWARNING}You must to install Let's Encrypt client! Try running: ./addons.sh${CEND}"; exit 1; }
+      if [ "${Domian_Mode}" == '3' ] && [ ! -e ~/.acme.sh/acme.sh ]; then
+        pushd ${oneinstack_dir}/src > /dev/null
+        [ ! -e acme.sh-master.tar.gz ] && wget -qc http://mirrors.linuxeye.com/oneinstack/src/acme.sh-master.tar.gz
+        tar xzf acme.sh-master.tar.gz
+        pushd acme.sh-master > /dev/null
+        ./acme.sh --install > /dev/null 2>&1
+        popd > /dev/null
+        popd > /dev/null
+      fi
       if [[ "${Domian_Mode}" =~ ^[2-3]$ ]]; then
         if [ -e "${web_install_dir}/sbin/nginx" ]; then
           nginx_ssl_flag=y
@@ -329,7 +348,7 @@ What Are You Doing?
     Apache_Domain_alias=ServerAlias${moredomainame}
     Tomcat_Domain_alias=$(for D in $(echo ${moredomainame}); do echo "<Alias>${D}</Alias>"; done)
 
-    if [ "${Domian_Mode}" == '3' ]; then
+    if [ "${Domian_Mode}" == '3' ] && [ "${moredomain}" != "*.${domain}" ]; then
       PUBLIC_IPADDR=$(./include/get_public_ipaddr.py)
       for D in ${domain} ${moredomainame}
       do