captainepoch
commented
6 years ago Is it possible to add a mail with the standalone certificates?
Open silverwind opened 6 years ago
captainepoch
commented
6 years ago Is it possible to add a mail with the standalone certificates?
kowloon12
commented
6 years ago diff --git a/acme.sh b/acme.sh
index a5e4b39..961b201 100755
--- a/acme.sh
+++ b/acme.sh
@@ -3239,13 +3239,13 @@ _regAccount() {
if [ "$ACME_VERSION" = "2" ]; then
regjson='{"termsOfServiceAgreed": true}'
if [ "$ACCOUNT_EMAIL" ]; then
- regjson='{"contact": ["mailto: '$ACCOUNT_EMAIL'"], "termsOfServiceAgreed": true}'
+ regjson='{"contact": ['$(for E in $ACCOUNT_EMAIL; do echo -n '"mailto:'$E'",';done|sed -r 's/,$//')'], "termsOfServiceAgreed": true}'
fi
else
_reg_res="$ACME_NEW_ACCOUNT_RES"
regjson='{"resource": "'$_reg_res'", "terms-of-service-agreed": true, "agreement": "'$ACME_AGREEMENT'"}'
if [ "$ACCOUNT_EMAIL" ]; then
- regjson='{"resource": "'$_reg_res'", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "terms-of-service-agreed": true, "agreement": "'$ACME_AGREEMENT'"}'
+ regjson='{"resource": "'$_reg_res'", "contact": ['$(for E in $ACCOUNT_EMAIL; do echo -n '"mailto:'$E'",';done|sed -r 's/,$//')'], "terms-of-service-agreed": true, "agreement": "'$ACME_AGREEMENT'"}'
fi
fi
fblampe
commented
1 year ago @kowloon12 the file has changed a bit in the last few years, but I was able to adjust your snippet for v3.0.6:
diff --git a/acme.sh b/acme.sh
index 54dfa9a5..dd687fc2 100755
--- a/acme.sh
+++ b/acme.sh
@@ -3766,7 +3766,7 @@ _regAccount() {
_debug3 externalBinding "$externalBinding"
fi
if [ "$_email" ]; then
- email_sg="\"contact\": [\"mailto:$_email\"], "
+ email_sg="\"contact\": ['$(for E in $_email; do echo -n '"mailto:'$E'",' ; done | sed -r 's/,$//')'], "
fi
regjson="{$email_sg\"termsOfServiceAgreed\": true$externalBinding}"
@@ -3845,7 +3845,7 @@ updateaccount() {
_email="$(_getAccountEmail)"
if [ "$_email" ]; then
- updjson='{"contact": ["mailto:'$_email'"]}'
+ updjson='{"contact": ['$(for E in $_email; do echo -n '"mailto:'$E'",' ; done | sed -r 's/,$//')']}'
else
updjson='{"contact": []}'
fiTo use it, like @silverwind suggested, pass in multiple addresses, quoted and separated by space:
acme.sh --update-account --email '1st@mail.com 2nd@xyz.net'
fblampe
commented
1 year ago I could also provide a PR, but I'd probably need some guidance on how to adjust the help output accordingly. Also I'm not sure if passing in multiple addresses separated by space would mess up other features like the notifications..? 🤔
stokito
commented
1 year ago Does it really needed? This will add more complexity but also the acmesh is also used on embedded devices.
fblampe
commented
1 year ago It would definitely be useful for our OSS project, where we have multiple freelance admins running a site. Being able to notify multiple people about something as important as cert expiries etc. would absolutely help.
A mail distribution list is of course a workaround, but in cases where you don't have one already it can be easier to configure it in acme.sh if you're using that already.
I could totally understand though if that doesn't justify the added complexity.
stokito
commented
1 year ago yeah, when talking about security it's better to receive a notification even if it adds complexity
The ACME protocol supports multiple
contactvalues, but acme.sh is currently limited to a single value:It would be useful to support multiple contacts, and a simple way of doing this could be to check if
$ACCOUNT_EMAILcontains whitespace in the middle of the string and then split the value into multiple JSON array values.