@@ -32,6 +32,8 @@ CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
3232CA_GOOGLE=" https://dv.acme-v02.api.pki.goog/directory"
3333CA_GOOGLE_TEST=" https://dv.acme-v02.test-api.pki.goog/directory"
3434
35+ CA_ACTALIS=" https://acme-api.actalis.com/acme/directory"
36+
3537DEFAULT_CA=$CA_ZEROSSL
3638DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
3739
@@ -42,9 +44,10 @@ LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
4244SSL.com,sslcom
4345Google.com,google
4446Google.com_test,googletest,google_test
47+ Actalis.com,actalis.com,actalis
4548"
4649
47- CA_SERVERS=" $CA_ZEROSSL ,$CA_LETSENCRYPT_V2 ,$CA_LETSENCRYPT_V2_TEST ,$CA_SSLCOM_RSA ,$CA_GOOGLE ,$CA_GOOGLE_TEST "
50+ CA_SERVERS=" $CA_ZEROSSL ,$CA_LETSENCRYPT_V2 ,$CA_LETSENCRYPT_V2_TEST ,$CA_SSLCOM_RSA ,$CA_GOOGLE ,$CA_GOOGLE_TEST , $CA_ACTALIS "
4851
4952DEFAULT_USER_AGENT=" $PROJECT_NAME /$VER ($PROJECT )"
5053
@@ -175,6 +178,8 @@ _VALIDITY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Validity"
175178
176179_DNSCHECK_WIKI=" https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
177180
181+ _PROFILESELECTION_WIKI=" https://github.com/acmesh-official/acme.sh/wiki/Profile-selection"
182+
178183_DNS_MANUAL_ERR=" The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
179184
180185_DNS_MANUAL_WARN=" It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR "
@@ -4429,6 +4434,7 @@ issue() {
44294434 _preferred_chain=" ${15} "
44304435 _valid_from=" ${16} "
44314436 _valid_to=" ${17} "
4437+ _certificate_profile=" ${18} "
44324438
44334439 if [ -z " $_ACME_IS_RENEW " ; then
44344440 _initpath " $_main_domain " " $_key_length "
@@ -4504,6 +4510,11 @@ issue() {
45044510 else
45054511 _cleardomainconf " Le_Preferred_Chain"
45064512 fi
4513+ if [ " $_certificate_profile " ; then
4514+ _savedomainconf " Le_Certificate_Profile" " $_certificate_profile "
4515+ else
4516+ _cleardomainconf " Le_Certificate_Profile"
4517+ fi
45074518
45084519 Le_API=" $ACME_DIRECTORY "
45094520 _savedomainconf " Le_API" " $Le_API "
@@ -4636,6 +4647,9 @@ issue() {
46364647 if [ " $_notAfter " ; then
46374648 _newOrderObj=" $_newOrderObj ,\" notAfter\" : \" $_notAfter \" "
46384649 fi
4650+ if [ " $_certificate_profile " ; then
4651+ _newOrderObj=" $_newOrderObj ,\" profile\" : \" $_certificate_profile \" "
4652+ fi
46394653 _debug " STEP 1, Ordering a Certificate"
46404654 if ! _send_signed_request " $ACME_NEW_ORDER " " $_newOrderObj }" ; then
46414655 _err " Error creating new order."
@@ -5514,6 +5528,7 @@ renew() {
55145528 Le_PostHook=" $( _readdomainconf Le_PostHook) "
55155529 Le_RenewHook=" $( _readdomainconf Le_RenewHook) "
55165530 Le_Preferred_Chain=" $( _readdomainconf Le_Preferred_Chain) "
5531+ Le_Certificate_Profile=" $( _readdomainconf Le_Certificate_Profile) "
55175532 # When renewing from an old version, the empty Le_Keylength means 2048.
55185533 # Note, do not use DEFAULT_DOMAIN_KEY_LENGTH as that value may change over
55195534 # time but an empty value implies 2048 specifically.
@@ -5528,7 +5543,7 @@ renew() {
55285543 _cleardomainconf Le_OCSP_Staple
55295544 fi
55305545 fi
5531- issue " $Le_Webroot " " $Le_Domain " " $Le_Alt " " $Le_Keylength " " $Le_RealCertPath " " $Le_RealKeyPath " " $Le_RealCACertPath " " $Le_ReloadCmd " " $Le_RealFullChainPath " " $Le_PreHook " " $Le_PostHook " " $Le_RenewHook " " $Le_LocalAddress " " $Le_ChallengeAlias " " $Le_Preferred_Chain " " $Le_Valid_From " " $Le_Valid_To "
5546+ issue " $Le_Webroot " " $Le_Domain " " $Le_Alt " " $Le_Keylength " " $Le_RealCertPath " " $Le_RealKeyPath " " $Le_RealCACertPath " " $Le_ReloadCmd " " $Le_RealFullChainPath " " $Le_PreHook " " $Le_PostHook " " $Le_RenewHook " " $Le_LocalAddress " " $Le_ChallengeAlias " " $Le_Preferred_Chain " " $Le_Valid_From " " $Le_Valid_To " " $Le_Certificate_Profile "
55325547 res=" $? "
55335548 if [ " $res " != " 0" ; then
55345549 return " $res "
@@ -7001,6 +7016,9 @@ Parameters:
70017016 If no match, the default offered chain will be used. (default: empty)
70027017 See: $_PREFERRED_CHAIN_WIKI
70037018
7019+ --cert-profile, --certificate-profile <profile> If the CA offers profiles, select the desired profile
7020+ See: $_PROFILESELECTION_WIKI
7021+
70047022 --valid-to <date-time> Request the NotAfter field of the cert.
70057023 See: $_VALIDITY_WIKI
70067024 --valid-from <date-time> Request the NotBefore field of the cert.
@@ -7376,6 +7394,7 @@ _process() {
73767394 _preferred_chain=" "
73777395 _valid_from=" "
73787396 _valid_to=" "
7397+ _certificate_profile=" "
73797398 while [ ${# } -gt 0 ]; do
73807399 case " ${1} " in
73817400
@@ -7694,6 +7713,10 @@ _process() {
76947713 _valid_to=" $2 "
76957714 shift
76967715 ;;
7716+ --certificate-profile | --cert-profile)
7717+ _certificate_profile=" $2 "
7718+ shift
7719+ ;;
76977720 --httpport)
76987721 _httpport=" $2 "
76997722 Le_HTTPPort=" $_httpport "
@@ -7969,7 +7992,7 @@ _process() {
79697992 uninstall) uninstall " $_nocron "
79707993 upgrade) upgrade ;;
79717994 issue)
7972- issue " $_webroot " " $_domain " " $_altdomains " " $_keylength " " $_cert_file " " $_key_file " " $_ca_file " " $_reloadcmd " " $_fullchain_file " " $_pre_hook " " $_post_hook " " $_renew_hook " " $_local_address " " $_challenge_alias " " $_preferred_chain " " $_valid_from " " $_valid_to "
7995+ issue " $_webroot " " $_domain " " $_altdomains " " $_keylength " " $_cert_file " " $_key_file " " $_ca_file " " $_reloadcmd " " $_fullchain_file " " $_pre_hook " " $_post_hook " " $_renew_hook " " $_local_address " " $_challenge_alias " " $_preferred_chain " " $_valid_from " " $_valid_to " " $_certificate_profile "
79737996 ;;
79747997 deploy)
79757998 deploy " $_domain " " $_deploy_hook " " $_ecc "
0 commit comments