Support for uclient-fetch

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol

https://acme.sh

GNU General Public License v3.0

38.67k stars 4.91k forks source link

Support for uclient-fetch #1768

Closed sindastra closed 5 years ago

sindastra commented 6 years ago

uclient-fetch is a "Tiny wget replacement using libuclient" See: https://openwrt.org/packages/pkgdata_lede17_1/uclient-fetch

It makes sense to add support for uclient-fetch as it's much smaller than the full wget, and allows acme.sh to run on routers with limited storage space more easily (or at all).

When trying to run acme.sh to issue a cert with uclient-fetch, wget (uclient-fetch) does not recognize the "header" option:

wget: unrecognized option: header

Here are the options for uclient-fetch (tiny wget replacement):

Usage: uclient-fetch [options] <URL>
Options:
    -4              Use IPv4 only
    -6              Use IPv6 only
    -q              Turn off status messages
    -O <file>           Redirect output to file (use "-" for stdout)
    -P <dir>            Set directory for output files
    --user=<user>           HTTP authentication username
    --password=<password>       HTTP authentication password
    --user-agent|-U <str>       Set HTTP user agent
    --post-data=STRING      use the POST method; send STRING as the data
    --spider|-s         Spider mode - only check file existence
    --timeout=N|-T N        Set connect/request timeout to N seconds
    --proxy=on|off|-Y on|off    Enable/disable env var configured proxy

HTTPS options:
    --ca-certificate=<cert>     Load CA certificates from file <cert>
    --no-check-certificate      don't validate the server's certificate

Note: In this case wget is a symlink /bin/wget -> uclient-fetch

slytomcat commented 5 years ago

Have the same issue while using acme.sh on OpenWRT

# uname -a
Linux OpenWrt 4.9.120 #0 Thu Aug 16 07:51:15 2018 mips GNU/Linux

# ll /bin/wget 
lrwxrwxrwx    1 root     root            13 Aug 16 10:51 /bin/wget -> uclient-fetch*

Any idea how to work around it?

sindastra commented 5 years ago

@slytomcat You could install either full wget as replacement, or install curl as alternative.

I recommend opkg update && opkg install curl

Cheers

slytomcat commented 5 years ago

Full wget reports some other errors. But curl helped to get cerficate, thanks!

stokito commented 3 years ago

I created a PR to uclient-fetch to add header https://gitlab.com/openwrt/project/uclient/-/merge_requests/1

stokito commented 2 years ago

The full list of wget options used by acme.sh and their availability in uclient-fetch:

[x] --spider. Interesting that uclient-fetch has a short option -s which GNU wget not have
[ ] -S "-S, --server-response print server response" prints status and headers
[x] -O output
[x] --user-agent has also a short option -U
[x] --no-check-certificate
[x] --ca-certificate=
[ ] --ca-directory=
[ ] --method
[ ] --post-data=
[ ] --body-data=
[ ] --read-timeout=3.0
[ ] --tries=2
[ ] --content-on-error not required: acme.sh checks that wget has the option
[ ] -d (needed only when debugging)
[ ] --max-redirect 0
[x] -q
[x] --timeout=$t

Interesting that BusyBox wget has support of -S, --header, -U and --no-check-certificate. There is also some patches to add --post-data so maybe in near future it may be possible to compile OpenWrt with bb wget and it will work with acme.sh