Withero patch add register zerossl account

acme.sh.address

@@ -1 +1 @@
-https://github.com/acmesh-official/acme.sh/archive/2.8.6.tar.gz
+https://github.com/acmesh-official/acme.sh/archive/3.0.9.tar.gz

cert-up.sh

@@ -12,6 +12,8 @@ ACME_BIN_PATH=${BASE_ROOT}/acme.sh
 TEMP_PATH=${BASE_ROOT}/temp
 CRT_PATH_NAME=`cat ${CRT_BASE_PATH}/_archive/DEFAULT`
 CRT_PATH=${CRT_BASE_PATH}/_archive/${CRT_PATH_NAME}
+FIND_MAJORVERSION_FILE="/etc/VERSION"
+FIND_MAJORVERSION_STR="majorversion=\"7\""
 
 backupCrt () {
   echo 'begin backupCrt'
@@ -24,31 +26,60 @@ backupCrt () {
   return 0
 }
 
+versionLt () { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; }
 installAcme () {
-  echo 'begin installAcme'
-  mkdir -p ${TEMP_PATH}
-  cd ${TEMP_PATH}
-  echo 'begin downloading acme.sh tool...'
-  ACME_SH_ADDRESS=`curl -L https://cdn.jsdelivr.net/gh/andyzhshg/syno-acme@master/acme.sh.address`
-  SRC_TAR_NAME=acme.sh.tar.gz
-  curl -L -o ${SRC_TAR_NAME} ${ACME_SH_ADDRESS}
-  SRC_NAME=`tar -tzf ${SRC_TAR_NAME} | head -1 | cut -f1 -d"/"`
-  tar zxvf ${SRC_TAR_NAME}
-  echo 'begin installing acme.sh tool...'
-  cd ${SRC_NAME}
-  ./acme.sh --install --nocron --home ${ACME_BIN_PATH}
-  echo 'done installAcme'
-  rm -rf ${TEMP_PATH}
+  ALLOW_INSTALL=false
+  ACME_SH_FILE=${ACME_BIN_PATH}/acme.sh
+  ACME_SH_NEW_VERSION=$(wget -qO- -t1 -T2 "https://api.github.com/repos/acmesh-official/acme.sh/releases/latest" | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
+  ACME_SH_ADDRESS=https://mirror.ghproxy.com/https://github.com/acmesh-official/acme.sh/archive/${ACME_SH_NEW_VERSION}.tar.gz
+  if [ -z "${ACME_SH_NEW_VERSION}" ]; then
+    echo 'unable to get new version number'
+    return 0
+  fi
+  if [ ! -f "${ACME_SH_FILE}" ]; then
+    ALLOW_INSTALL=true
+    echo 'acme not installed, start install'
+  else
+    ACME_SH_VERSION=$(cat ${ACME_SH_FILE} | grep "VER=*" | head -n 1 | awk -F "=" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g')
+    if versionLt ${ACME_SH_VERSION} ${ACME_SH_NEW_VERSION}; then
+      ALLOW_INSTALL=true
+      echo 'acme has a new version, start updating'
+    else
+      echo 'skip acme installation'
+    fi
+  fi
+  if [ ${ALLOW_INSTALL} == true ]; then
+    echo 'in progress...'
+    mkdir -p ${TEMP_PATH}
+    cd ${TEMP_PATH}
+    echo 'begin downloading acme.sh tool...'
+    # ACME_SH_ADDRESS=`curl -L https://cdn.jsdelivr.net/gh/andyzhshg/syno-acme@master/acme.sh.address`
+    SRC_TAR_NAME=acme.sh.tar.gz
+    curl -L -o ${SRC_TAR_NAME} ${ACME_SH_ADDRESS}
+    SRC_NAME=`tar -tzf ${SRC_TAR_NAME} | head -1 | cut -f1 -d"/"`
+    tar zxvf ${SRC_TAR_NAME}
+    echo 'begin installing acme.sh tool...'
+    cd ${SRC_NAME}
+    ./acme.sh --install --nocron --home ${ACME_BIN_PATH}
+    echo 'done installAcme'
+    rm -rf ${TEMP_PATH}
+  fi
   return 0
 }
 
 generateCrt () {
   echo 'begin generateCrt'
   cd ${BASE_ROOT}
-  source config
+  source ./config
+  # add register zerossl account
+  if [ ${CERT_SERVER} == 'zerossl' ]; then
+    echo 'register zerossl account'
+    ${ACME_BIN_PATH}/acme.sh  --register-account  -m ${ACCOUNT_EMAIL} --server zerossl
+  fi
   echo 'begin updating default cert by acme.sh tool'
   source ${ACME_BIN_PATH}/acme.sh.env
-  ${ACME_BIN_PATH}/acme.sh --force --log --issue --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}"
+  # ${ACME_BIN_PATH}/acme.sh --force --log --issue --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}"
+  ${ACME_BIN_PATH}/acme.sh --force --log --issue --server ${CERT_SERVER} --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}"
   ${ACME_BIN_PATH}/acme.sh --force --installcert -d ${DOMAIN} -d *.${DOMAIN} \
     --certpath ${CRT_PATH}/cert.pem \
     --key-file ${CRT_PATH}/privkey.pem \
@@ -68,18 +99,34 @@ generateCrt () {
 updateService () {
   echo 'begin updateService'
   echo 'cp cert path to des'
-  /bin/python2 ${BASE_ROOT}/crt_cp.py ${CRT_PATH_NAME}
+  if [ `grep -c "$FIND_MAJORVERSION_STR" $FIND_MAJORVERSION_FILE` -ne '0' ];then
+    echo "MajorVersion = 7, use system default python2"
+    python2 ${BASE_ROOT}/crt_cp.py ${CRT_PATH_NAME}
+  else
+    echo "MajorVersion < 7"
+    /bin/python2 ${BASE_ROOT}/crt_cp.py ${CRT_PATH_NAME}
+  fi
   echo 'done updateService'
 }
 
 reloadWebService () {
   echo 'begin reloadWebService'
   echo 'reloading new cert...'
-  /usr/syno/etc/rc.sysv/nginx.sh reload
-  echo 'relading Apache 2.2'
-  stop pkg-apache22
-  start pkg-apache22
-  reload pkg-apache22
+  if [ `grep -c "$FIND_MAJORVERSION_STR" $FIND_MAJORVERSION_FILE` -ne '0' ];then
+    echo "MajorVersion = 7"
+    synow3tool --gen-all && systemctl reload nginx
+  else
+    echo "MajorVersion < 7"
+    /usr/syno/etc/rc.sysv/nginx.sh reload
+  fi
+  if [ `grep -c "$FIND_MAJORVERSION_STR" $FIND_MAJORVERSION_FILE` -ne '0' ];then
+    echo "MajorVersion = 7, no need to reload apache"
+  else
+	echo 'relading Apache on DSM 6.x'
+	stop pkg-apache22
+	start pkg-apache22
+	reload pkg-apache22
+  fi  
   echo 'done reloadWebService'  
 }
 

config

@@ -26,3 +26,10 @@ export AWS_SECRET_ACCESS_KEY="xxxxxxx"
 
 # Linode DNS=dns_linode
 export LINODE_API_KEY="xxxxxxxx"
+
+
+# 证书服务商 zerossl 和 letsencrypt
+export CERT_SERVER=letsencrypt
+
+# ZeroSSL 注册邮箱账户
+export ACCOUNT_EMAIL="[email protected]"