search

zerossl / zerossl-bot

The repository for the ZeroSSL certbot wrapper
MIT License
241 stars 59 forks source link

Errors with arguments containing spaces #4

Closed alanivey closed 1 year ago

alanivey commented 4 years ago

I had tried this:

certbot-zerossl \
  certonly \
  --email 'sample@example.com' \
  --agree-tos \
  --no-eff-email \
  --standalone \
  --pre-hook 'systemctl stop nginx' \
  --post-hook 'systemctl start nginx' \
  --domain 'example.com'

but had an error: certbot: error: unrecognized arguments: stop nginx start nginx

I adapted a wrapper for another script and am successfully able to use ZeroSSL with certbot using the following:

#!/bin/bash

# Copy provided arguments to new array CERTBOT_ARGS
CERTBOT_ARGS=("$@")

function parse_eab_credentials()
{
    PYTHONIOENCODING=utf8
    ZEROSSL_EAB_KID=$(echo $1 | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
    ZEROSSL_EAB_HMAC_KEY=$(echo $1 | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
    CERTBOT_ARGS+=(--eab-kid "$ZEROSSL_EAB_KID" --eab-hmac-key "$ZEROSSL_EAB_HMAC_KEY" --server "https://acme.zerossl.com/v2/DV90")
}

# Iterate through CERTBOT_ARGS array
for (( i = 1 ; i < ${#CERTBOT_ARGS[@]}+1 ; i++ )); do

  # Look for --zerossl-api-key ARG and --zerossl-api-key=ARG (if specified more than once, the last one wins)
  if [[ "${CERTBOT_ARGS[$i-1]}" =~ ^--zerossl-api-key$ ]]; then
    # We're operating off counter $i - 1, so the argument to --zerossl-api-key is the next array item
    ZEROSSL_API_KEY="${CERTBOT_ARGS[$i]}"
    # After setting the ZEROSSL_API_KEY value, remove the option and the value from the array
    unset 'CERTBOT_ARGS[$i-1]' 'CERTBOT_ARGS[$i]'
  elif [[ "${CERTBOT_ARGS[$i-1]}" =~ ^--zerossl-api-key= ]]; then
    # Strip the text before the = character and capture (no need to check for whitespace at end b/c of array separator)
    ZEROSSL_API_KEY="${CERTBOT_ARGS[$i-1]#*=}"
    # After setting the ZEROSSL_API_KEY value, remove the option=value from the array
    unset 'CERTBOT_ARGS[$i-1]'
  fi

  if [[ "${CERTBOT_ARGS[$i-1]}" =~ ^--zerossl-email$ ]]; then
    ZEROSSL_EMAIL="${CERTBOT_ARGS[$i]}"
    unset 'CERTBOT_ARGS[$i-1]' 'CERTBOT_ARGS[$i]'
  elif [[ "${CERTBOT_ARGS[$i-1]}" =~ ^--zerossl-email= ]]; then
    ZEROSSL_EMAIL="${CERTBOT_ARGS[$i-1]#*=}"
    unset 'CERTBOT_ARGS[$i-1]'
  fi

  # Don't remove -m/--email from request like the --zerossl-* options
  if [[ "${CERTBOT_ARGS[$i-1]}" =~ ^(--email|-m)$ ]]; then
    ZEROSSL_EMAIL="${CERTBOT_ARGS[$i]}"
  elif [[ "${CERTBOT_ARGS[$i-1]}" =~ ^--email= ]]; then
    ZEROSSL_EMAIL="${CERTBOT_ARGS[$i-1]#*=}"
  fi

done

if [[ -n $ZEROSSL_API_KEY ]]; then
    parse_eab_credentials $(curl -s -X POST "https://api.zerossl.com/acme/eab-credentials?access_key=$ZEROSSL_API_KEY")
elif [[ -n $ZEROSSL_EMAIL ]]; then
    parse_eab_credentials $(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$ZEROSSL_EMAIL")
fi

certbot "${CERTBOT_ARGS[@]}"
Blackbam commented 1 year ago

This shall also be fixed now due to script improvements.