search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.11k stars 4.95k forks source link

Account.conf SAVED_ Variables with Dot or Hyphen incomparable with _readaccountconf_mutable() Function #3750

Open garycnew opened 3 years ago

garycnew commented 3 years ago

Neil,

# ./acme.sh --version
https://github.com/acmesh-official/acme.sh
v3.0.1

I believe I've stumbled upon an issue where account.conf SAVED_ variables with dot or hyphen are incomparable with the _readaccountconf_mutable() function. The variables appear to get truncated at the dot or hyphen demarcation.

Examples:

Implemented Code:

ISPMan_Username="${ISPMan_Username:-$(_readaccountconf_mutable ISPMan_domain.tld_Username)}"
ISPMan_Password="${ISPMan_Password:-$(_readaccountconf_mutable ISPMan_domain.tld_Password)}"

Resulting Account.conf Variable:

SAVED_ISPMan_domain.tld_Username='.tld_Username'

Implemented Code:

ISPMan_Username="${ISPMan_Username:-$(_readaccountconf_mutable ISPMan_example-domain.tld_Username)}"
ISPMan_Password="${ISPMan_Password:-$(_readaccountconf_mutable ISPMan_example-domain.tld_Password)}"

Resulting Account.conf Variable:

SAVED_ISPMan_example-domain.tld_Username='-domain.tld_Username'

As each ISPMan managed domain uses a separate username/password pair, we'd like to be able to use multiple SAVED_ variables, based on their respective domain name, to automate the renewal process.

Is this functionality something you can and feel is worth implementing within the acme.sh script or should I deal with it programmatically with the api?

Respectfully,

Gary

Neilpang commented 3 years ago

The username and password is expected to be global to the whole API. It's not domain-specific.

There were requests that were to save the username/password per domain, but it was not implemented yet. And I don't see any urgent such demands yet.

garycnew commented 3 years ago

Neil,

The _readaccountconfmutable() function already accepts the underscore (\) character.

It would just be a matter of permitting the dot (.) and hyphen (-) characters.

Until such time as the requested functionality is added, I have implemented the following workaround, in the dns_ispman.sh api, that seems to work perfectly (as long as the words "hyphen" or "dot" are not used in the fulldomain):

  fulldomain=$1
  txtvalue=$2
  domainname="$(echo ${fulldomain#_acme-challenge.} | sed "s/\-/_HYPHEN_/g" | sed "s/\./_DOT_/g")"

  ISPMan_Username="${ISPMan_Username:-$(_readaccountconf_mutable ISPMan_${domainname}_Username)}"
  ISPMan_Password="${ISPMan_Password:-$(_readaccountconf_mutable ISPMan_${domainname}_Password)}"

I believe I have pretty much everything sorted out with the dns_ispman.sh api including successful Wildcard SAN Cert Creation and Multi-User/Multi-Domain Functionality. What is the process for submitting an api for consideration to be included with the acme.sh script?

Respectfully,

Gary