search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.41k stars 4.98k forks source link

script not honoring install/config parameters (config directories) #2484

Closed bengalih closed 5 years ago

bengalih commented 5 years ago

Steps to reproduce

Installing with:

./acme.sh --install --home /tmp/mnt/flash_drive/opt/acme --config-home /tmp/mnt/flash_drive/opt/acme/data --cert-home /tmp/mnt/flash_drive/opt/acme/mycerts

getting the following during install:

admin@unknownsoldier:/tmp/mnt/flash_drive/acme/acme.sh-master# ./acme.sh --install --home /tmp/mnt/flash_drive/opt/acme --config-home /tmp/mnt/flash_drive/opt/acme/data --cert-home /tmp/mnt
/flash_drive/opt/acme/mycerts
[Sat Sep 14 00:32:22 DST 2019] It is recommended to install socat first.
[Sat Sep 14 00:32:22 DST 2019] We use socat for standalone server if you use standalone mode.
[Sat Sep 14 00:32:22 DST 2019] If you don't use standalone mode, just ignore this warning.
[Sat Sep 14 00:32:22 DST 2019] Installing to /tmp/mnt/flash_drive/opt/acme
[Sat Sep 14 00:32:23 DST 2019] Installed to /tmp/mnt/flash_drive/opt/acme/acme.sh
[Sat Sep 14 00:32:23 DST 2019] No profile is found, you will need to go into /tmp/mnt/flash_drive/opt/acme to use acme.sh
[Sat Sep 14 00:32:24 DST 2019] Installing cron job
18 0 * * * "/jffs/scripts/acme.sh"/acme.sh --cron --home "/jffs/scripts/acme.sh" > /dev/null
[Sat Sep 14 00:32:24 DST 2019] OK

This is on an ASUS router running asuswrt-Merlin software. There is no persistent profile on the system as it is generated upon each boot. Additional software (like Entware and acme.sh) need to be installed to a usb drive mounted (i.e. /mnt/flash_drive). There is a small persistent jffs partition to allow some linkages between the permanent usb storage and the dynamically created system.

I am running acme.sh from /tmp/mnt/flash_drive/opt/acme but it appears to create everything in ~ :

admin@unknownsoldier:/tmp/mnt/flash_drive/opt/acme# ls ~/.acme.sh
account.conf   ca             http.header    mydomain.com
admin@unknownsoldier:/tmp/mnt/flash_drive/opt/acme#

After certificate issuance it also places cert there:

-----END CERTIFICATE-----
[Sat Sep 14 00:37:44 DST 2019] Your cert is in  /root/.acme.sh/mydomain.com/mydomain.com.cer
[Sat Sep 14 00:37:44 DST 2019] Your cert key is in  /root/.acme.sh/mydomain.com/mydomain.com.key
[Sat Sep 14 00:37:44 DST 2019] The intermediate CA cert is in  /root/.acme.sh/mydomain.com/ca.cer
[Sat Sep 14 00:37:44 DST 2019] And the full chain certs is there:  /root/.acme.sh/mydomain.com/fullchain.cer

Because the script won't save any of its config or certs outside the ~ directory, it will all be lost on a reboot since this is volatile.

It appears that the install syntax is supposed to control this behavior, but it doesn't appear to honor those settings.

Neilpang commented 5 years ago

It's because the default .bashrc is not loaded in your shell.

In that case, you must pass --home to the -issue command, so that it knows where to find the configs.

/jffs/scripts/acme.sh/acme.sh --home "/jffs/scripts/acme.sh" --issue -d xxxxxxxxxx