Work on acme.sh hander

and dns providers

Author: jc21

backend/embed/acme.sh

@@ -1768,7 +1768,7 @@ _inithttp() {
     if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then
       _ACME_CURL="$_ACME_CURL -L "
     fi
-    if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
+    if [ "$DEBUG" ] && [ "$DEBUG" -ge 2 ]; then
       _CURL_DUMP="$(_mktemp)"
       _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "
     fi
@@ -1808,13 +1808,42 @@ _inithttp() {
 
 }
 
+_HTTP_MAX_RETRY=8
+
 # body  url [needbase64] [POST|PUT|DELETE] [ContentType]
 _post() {
   body="$1"
   _post_url="$2"
   needbase64="$3"
   httpmethod="$4"
   _postContentType="$5"
+  _sleep_retry_sec=1
+  _http_retry_times=0
+  _hcode=0
+  while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
+    [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
+    _lastHCode="$?"
+    _debug "Retrying post"
+    _post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode"
+    _hcode="$?"
+    _debug _hcode "$_hcode"
+    if [ "$_hcode" = "0" ]; then
+      break
+    fi
+    _http_retry_times=$(_math $_http_retry_times + 1)
+    _sleep $_sleep_retry_sec
+  done
+  return $_hcode
+}
+
+# body  url [needbase64] [POST|PUT|DELETE] [ContentType] [displayError]
+_post_impl() {
+  body="$1"
+  _post_url="$2"
+  needbase64="$3"
+  httpmethod="$4"
+  _postContentType="$5"
+  displayError="$6"
 
   if [ -z "$httpmethod" ]; then
     httpmethod="POST"
@@ -1866,7 +1895,9 @@ _post() {
     fi
     _ret="$?"
     if [ "$_ret" != "0" ]; then
-      _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
+      fi
       if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
         _err "Here is the curl dump log:"
         _err "$(cat "$_CURL_DUMP")"
@@ -1922,7 +1953,9 @@ _post() {
       _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
     fi
     if [ "$_ret" != "0" ]; then
-      _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
+      fi
     fi
     _sed_i "s/^ *//g" "$HTTP_HEADER"
   else
@@ -1936,13 +1969,38 @@ _post() {
 
 # url getheader timeout
 _get() {
+  url="$1"
+  onlyheader="$2"
+  t="$3"
+  _sleep_retry_sec=1
+  _http_retry_times=0
+  _hcode=0
+  while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
+    [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
+    _lastHCode="$?"
+    _debug "Retrying GET"
+    _get_impl "$url" "$onlyheader" "$t" "$_lastHCode"
+    _hcode="$?"
+    _debug _hcode "$_hcode"
+    if [ "$_hcode" = "0" ]; then
+      break
+    fi
+    _http_retry_times=$(_math $_http_retry_times + 1)
+    _sleep $_sleep_retry_sec
+  done
+  return $_hcode
+}
+
+# url getheader timeout displayError
+_get_impl() {
   _debug GET
   url="$1"
   onlyheader="$2"
   t="$3"
+  displayError="$4"
   _debug url "$url"
   _debug "timeout=$t"
-
+  _debug "displayError" "$displayError"
   _inithttp
 
   if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
@@ -1961,7 +2019,9 @@ _get() {
     fi
     ret=$?
     if [ "$ret" != "0" ]; then
-      _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
+      fi
       if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
         _err "Here is the curl dump log:"
         _err "$(cat "$_CURL_DUMP")"
@@ -1987,7 +2047,9 @@ _get() {
       _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
     fi
     if [ "$ret" != "0" ]; then
-      _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
+      if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
+        _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
+      fi
     fi
   else
     ret=$?
@@ -3925,7 +3987,7 @@ _ns_lookup_ali() {
 }
 
 _ns_is_available_dp() {
-  if _get "https://dns.alidns.com" "" 1 >/dev/null 2>&1; then
+  if _get "https://doh.pub" "" 1 >/dev/null 2>&1; then
     return 0
   else
     return 1
@@ -4145,6 +4207,10 @@ issue() {
   if [ -z "$_ACME_IS_RENEW" ]; then
     _initpath "$_main_domain" "$_key_length"
     mkdir -p "$DOMAIN_PATH"
+  else
+    Le_OrderFinalize=""
+    Le_LinkOrder=""
+    Le_LinkCert=""
   fi
 
   if _hasfield "$_web_roots" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then
@@ -4712,26 +4778,13 @@ $_authorizations_map"
         return 1
       fi
 
-      _debug "sleep 2 secs to verify"
-      sleep 2
-      _debug "checking"
-
-      _send_signed_request "$uri"
-
-      if [ "$?" != "0" ]; then
-        _err "$d:Verify error:$response"
-        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
-        _clearup
-        _on_issue_err "$_post_hook" "$vlist"
-        return 1
-      fi
       _debug2 original "$response"
 
       response="$(echo "$response" | _normalizeJson)"
       _debug2 response "$response"
 
       status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"')
-
+      _debug2 status "$status"
       if _contains "$status" "invalid"; then
         error="$(echo "$response" | _egrep_o '"error":\{[^\}]*')"
         _debug2 error "$error"
@@ -4763,17 +4816,29 @@ $_authorizations_map"
       fi
 
       if [ "$status" = "pending" ]; then
-        _info "Pending"
+        _info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
       elif [ "$status" = "processing" ]; then
-        _info "Processing"
+        _info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
       else
         _err "$d:Verify error:$response"
         _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
         _clearup
         _on_issue_err "$_post_hook" "$vlist"
         return 1
       fi
+      _debug "sleep 2 secs to verify again"
+      sleep 2
+      _debug "checking"
 
+      _send_signed_request "$uri"
+
+      if [ "$?" != "0" ]; then
+        _err "$d:Verify error:$response"
+        _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
+        _clearup
+        _on_issue_err "$_post_hook" "$vlist"
+        return 1
+      fi
     done
 
   done

backend/embed/api_docs/components/DNSProviderObject.json

@@ -7,8 +7,8 @@
 		"created_on",
 		"modified_on",
 		"user_id",
-		"provider_key",
 		"name",
+		"acme_sh_name",
 		"meta"
 	],
 	"properties": {
@@ -28,15 +28,15 @@
 			"type": "integer",
 			"minimum": 1
 		},
-		"provider_key": {
+		"name": {
 			"type": "string",
 			"minLength": 1,
 			"maxLength": 100
 		},
-		"name": {
+		"acme_sh_name": {
 			"type": "string",
-			"minLength": 1,
-			"maxLength": 100
+			"minLength": 4,
+			"maxLength": 50
 		},
 		"meta": {
 			"type": "object"

backend/embed/api_docs/paths/dns-providers/get.json

@@ -67,12 +67,11 @@
 											"created_on": 1602593653,
 											"modified_on": 1602593653,
 											"user_id": 1,
-											"provider_key": "route53",
 											"name": "Route53",
+											"acme_sh_name": "dns_aws",
 											"meta": {
-												"access_key": "abc123",
-												"access_secret": "def098",
-												"zone_id": "ABC123"
+												"AWS_ACCESS_KEY_ID": "abc123",
+												"AWS_SECRET_ACCESS_KEY": "def098"
 											}
 										}
 									]

backend/embed/api_docs/paths/dns-providers/post.json

@@ -36,12 +36,11 @@
 									"created_on": 1602593653,
 									"modified_on": 1602593653,
 									"user_id": 1,
-									"provider_key": "route53",
 									"name": "Route53",
+									"acme_sh_name": "dns_aws",
 									"meta": {
-										"access_key": "abc123",
-										"access_secret": "def098",
-										"zone_id": "ABC123"
+										"AWS_ACCESS_KEY_ID": "abc123",
+										"AWS_SECRET_ACCESS_KEY": "def098"
 									}
 								}
 							}

backend/embed/api_docs/paths/dns-providers/providerID/get.json

@@ -40,12 +40,11 @@
 									"created_on": 1602593653,
 									"modified_on": 1602593653,
 									"user_id": 1,
-									"provider_key": "route53",
 									"name": "Route53",
+									"acme_sh_name": "dns_aws",
 									"meta": {
-										"access_key": "abc123",
-										"access_secret": "def098",
-										"zone_id": "ABC123"
+										"AWS_ACCESS_KEY_ID": "abc123",
+										"AWS_SECRET_ACCESS_KEY": "def098"
 									}
 								}
 							}

backend/embed/api_docs/paths/dns-providers/providerID/put.json

@@ -50,12 +50,11 @@
 										"created_on": 1602593653,
 										"modified_on": 1602593653,
 										"user_id": 1,
-										"provider_key": "route53",
 										"name": "Route53",
+										"acme_sh_name": "dns_aws",
 										"meta": {
-											"access_key": "abc123",
-											"access_secret": "def098",
-											"zone_id": "ABC123"
+											"AWS_ACCESS_KEY_ID": "abc123",
+											"AWS_SECRET_ACCESS_KEY": "def098"
 										}
 									}
 								}

backend/embed/migrations/20201013035318_initial_schema.sql

@@ -70,8 +70,8 @@ CREATE TABLE IF NOT EXISTS `dns_provider`
 	created_on INTEGER NOT NULL DEFAULT 0,
 	modified_on INTEGER NOT NULL DEFAULT 0,
 	user_id INTEGER NOT NULL,
-	provider_key TEXT NOT NULL,
 	name TEXT NOT NULL,
+	acme_sh_name TEXT NOT NULL,
 	meta TEXT NOT NULL,
 	is_deleted INTEGER NOT NULL DEFAULT 0,
 	FOREIGN KEY (user_id) REFERENCES user (id)
@@ -92,6 +92,7 @@ CREATE TABLE IF NOT EXISTS `certificate`
 	status TEXT NOT NULL, -- ready,requesting,failed,provided
 	error_message text NOT NULL DEFAULT "",
 	meta TEXT NOT NULL,
+	is_ecc INTEGER NOT NULL DEFAULT 0,
 	is_deleted INTEGER NOT NULL DEFAULT 0,
 	FOREIGN KEY (user_id) REFERENCES user (id),
 	FOREIGN KEY (certificate_authority_id) REFERENCES certificate_authority (id),