Skip to content

Commit 493ec4b

Browse files
NeilpangNeilpang
authored
Merge pull request #6442 from JensSpanier/dev
Support certificate profile selection
2 parents f22b490 + 604e687 commit 493ec4b

File tree

1 file changed

+22
-2
lines changed

1 file changed

+22
-2
lines changed

acme.sh

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,8 @@ _VALIDITY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Validity"
175175

176176
_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
177177

178+
_PROFILESELECTION_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Profile-selection"
179+
178180
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
179181

180182
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@@ -4429,6 +4431,7 @@ issue() {
44294431
_preferred_chain="${15}"
44304432
_valid_from="${16}"
44314433
_valid_to="${17}"
4434+
_certificate_profile="${18}"
44324435

44334436
if [ -z "$_ACME_IS_RENEW" ]; then
44344437
_initpath "$_main_domain" "$_key_length"
@@ -4504,6 +4507,11 @@ issue() {
45044507
else
45054508
_cleardomainconf "Le_Preferred_Chain"
45064509
fi
4510+
if [ "$_certificate_profile" ]; then
4511+
_savedomainconf "Le_Certificate_Profile" "$_certificate_profile"
4512+
else
4513+
_cleardomainconf "Le_Certificate_Profile"
4514+
fi
45074515

45084516
Le_API="$ACME_DIRECTORY"
45094517
_savedomainconf "Le_API" "$Le_API"
@@ -4636,6 +4644,9 @@ issue() {
46364644
if [ "$_notAfter" ]; then
46374645
_newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\""
46384646
fi
4647+
if [ "$_certificate_profile" ]; then
4648+
_newOrderObj="$_newOrderObj,\"profile\": \"$_certificate_profile\""
4649+
fi
46394650
_debug "STEP 1, Ordering a Certificate"
46404651
if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then
46414652
_err "Error creating new order."
@@ -5514,6 +5525,7 @@ renew() {
55145525
Le_PostHook="$(_readdomainconf Le_PostHook)"
55155526
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
55165527
Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)"
5528+
Le_Certificate_Profile="$(_readdomainconf Le_Certificate_Profile)"
55175529
# When renewing from an old version, the empty Le_Keylength means 2048.
55185530
# Note, do not use DEFAULT_DOMAIN_KEY_LENGTH as that value may change over
55195531
# time but an empty value implies 2048 specifically.
@@ -5528,7 +5540,7 @@ renew() {
55285540
_cleardomainconf Le_OCSP_Staple
55295541
fi
55305542
fi
5531-
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To"
5543+
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" "$Le_Certificate_Profile"
55325544
res="$?"
55335545
if [ "$res" != "0" ]; then
55345546
return "$res"
@@ -7001,6 +7013,9 @@ Parameters:
70017013
If no match, the default offered chain will be used. (default: empty)
70027014
See: $_PREFERRED_CHAIN_WIKI
70037015
7016+
--cert-profile, --certificate-profile <profile> If the CA offers profiles, select the desired profile
7017+
See: $_PROFILESELECTION_WIKI
7018+
70047019
--valid-to <date-time> Request the NotAfter field of the cert.
70057020
See: $_VALIDITY_WIKI
70067021
--valid-from <date-time> Request the NotBefore field of the cert.
@@ -7376,6 +7391,7 @@ _process() {
73767391
_preferred_chain=""
73777392
_valid_from=""
73787393
_valid_to=""
7394+
_certificate_profile=""
73797395
while [ ${#} -gt 0 ]; do
73807396
case "${1}" in
73817397

@@ -7694,6 +7710,10 @@ _process() {
76947710
_valid_to="$2"
76957711
shift
76967712
;;
7713+
--certificate-profile | --cert-profile)
7714+
_certificate_profile="$2"
7715+
shift
7716+
;;
76977717
--httpport)
76987718
_httpport="$2"
76997719
Le_HTTPPort="$_httpport"
@@ -7969,7 +7989,7 @@ _process() {
79697989
uninstall) uninstall "$_nocron" ;;
79707990
upgrade) upgrade ;;
79717991
issue)
7972-
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to"
7992+
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to" "$_certificate_profile"
79737993
;;
79747994
deploy)
79757995
deploy "$_domain" "$_deploy_hook" "$_ecc"

0 commit comments

Comments
 (0)