From 8097ee7d686a298ea861e0ef7102e41372478222 Mon Sep 17 00:00:00 2001 From: wangziliang Date: Mon, 30 Aug 2021 17:22:00 +0800 Subject: [PATCH] init package --- acme-tiny-4.1.0.tar.gz | Bin 0 -> 12776 bytes acme-tiny-sign.sh | 46 ++++++++++++++++++ acme-tiny.service | 15 ++++++ acme-tiny.spec | 106 +++++++++++++++++++++++++++++++++++++++++ acme-tiny.timer | 13 +++++ acme.conf | 17 +++++++ cert-check.py | 66 +++++++++++++++++++++++++ notify.sh | 20 ++++++++ 8 files changed, 283 insertions(+) create mode 100644 acme-tiny-4.1.0.tar.gz create mode 100644 acme-tiny-sign.sh create mode 100644 acme-tiny.service create mode 100644 acme-tiny.spec create mode 100644 acme-tiny.timer create mode 100644 acme.conf create mode 100644 cert-check.py create mode 100755 notify.sh diff --git a/acme-tiny-4.1.0.tar.gz b/acme-tiny-4.1.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..cbc032f1fb2b62154e5637ca84f0110b9a549aaf GIT binary patch literal 12776 zcmVwiB|RD*|%NjBQ+iXD*eS zB0_3FiIB8v$(Y;S|9wC2wIl?#C%LQ4%uP)+Q&{wu_g=q#-@8d<-%sX#IJN!BLfWp3 zzxnb{1JB9H3ID~j`xl+9Zw`-+4;x3Phppo#+VSV`=$rYkK+A(CRf!z~WgLddFOBcOX9~-|n z&0n7{_t?%-))FsR*IMSG*{J^-I7lB(PmiD0f4uML|52-P^v&_FLCo&+C)fYo{Ws@c z;?09FmR}Bsw*RfC_W!VXda}F!$F0WUH@^uJ|K$7sOuSwvvIZXzdA@W-U4&8MExrHY z_ul2Dn4w)6lS#C8Y-b@Sle+QTjMnd*(EZsko{6rI_lXRY7X}JFDx}7qr;^y4rU_aB zC$gQ7_S_5RhIzA27GYq>;I3{=Q_pwnhAZ!+A4WAfpDTRBRD6c3zz=N~4Z7LXe|&Gs zA1AH45!rEqCZ%WG*)dUuVKpz9g_z+5*jpc~GM(96cM)wj>weY|k`woutmgF3+2RKl!#dzF436CW#rq5Bq&okgU*y;3tpWfxZsei3Ka?) zUqj&qAEc8A7gOsYx?@2ED|}LCVuIAA9e6XT5@Kj19U^-J*bnE*h`gwV7c;p}_}!Jh z#6~6yPt{y627)kNb1&xJ23`VkRf4^6!aEt;b17mOgVPH-+9VhFa0lu<5Tt@ zhW~;6KW?0Uwg11tqf$3)!xa2Ih0SmcAKIBhquZIqGnO{&_`ilg}G=`Z>b_Z@x(U z^}eC)|0Huc#H5-a-U>TPYOqxz>k+e5$xW}bSca~!{~C+BOq@D(!s-SyV+#=MdojNj zvmsaYY|qGCDz@|5Iq4Z2BcBGMR#RabJ5rc+yoXEp0<*4xC>diQ+E z19E;!I}K&nvqZ)dl{$`8s*J(+)mJ0@M}Btg|7E{xU5~6UisKXZzu7o#KB)h+4!_3# zzr`~~bb8evi%ZWz3@^n2zEljO8%FDxY@0Z6DxwL8EP4n@r7wn|R1`TIH!@y&io$;3 zDS;?fB2u0s@=K&!MTjh=2xl;G6slDz?6rfnh-9oVA)F?*7a$)%6zu?&fsqusB1WDi zD~i7D0A^9C(D4u@yW4?b7Nj3gWW7JiX6#oOi7R2Gy?~?cyi2S+nCmowo1?76AsE%n zpAijtw~xFh!$8w{{mKAPSmi3ySrstX-i-cAURIP&eNQc_>?Anhp+KJ+nVnTyM?H*% zl0JpYkq5eYtsCli43QoYLz9d}oG7do$TPN9;wfX6#sN@Do&y)6LdM7`1zKqMEcE?w zMN5M(aXpU1+lE1VZBJphc`bT-gD?T9ngrT_XtS$Xms*h9naVr>aPcDS(sE)#4=oB3 zI7mS`1>xIWrV0EPmKY7r$3Jz3mgtYf&2aEzzi0KterJU5`&IE%e|#~x9Se*YcCN>7 z#o%0YuHT9u`q#axu>R|2XpKfB`0*iHJU5`y*MVqjG#1}ET=pai5Dx-4?>W4(1=nih)4*PE|#^Pdd*|X62+5%;r z*O!(?g++BQJN>Jw=yk3-Z!DfQ0FGjwTe{^ z$Hmm2`Xj3Y{m7;-)wTvZKXCuR&72Dc&hB;)5}t((A8&KAMg(wo z6nl4oBesy!pfC**2}z);I4Ys zo_IUB6<4>Tu^12O6TvF`E;PeS5BooM#_-bJ?%)>A_y_Cl-t*^%@$8xCg#p!OjeZ_l z>Mg??!ns-MXPiL{=Sv%rugl}}5Xw3~hnuIyZxgW!E{Q$cr zR-lgnv)ok;f~64YLcw`^7@iIyM~RG-IO3@%CK2_F+r(j8bb&p2h&U6SLa-o0;=t1s z6J%msMmbjb7OhL7DO&^w&JItC<=i8M!zw5e-$et8lsC_WoWzMM5c_n;Y@?bfEobi!p>z02>UFCjB?8Br>sC4lG-q}D|wN)%axCMVwsR#!GY zWO$}bmn)`gqp)RFz3-Z{U}CXd*@`xN<)T!PFyst|47`8;-pG_x%w-TOTeKQ4PsDdQ zEE8n#C=!=v;#Sc?2M`jR?MfEH#u z;k9YLBWv*jq|RdVF|VA$Bh9#1!uf&cD|thL}JIZ>%eWDaZz5v-2fWH?KJ7MJ`>05wgU? zI2F^PSr#jmm?hczJ`64);OqLVdF;G=DP`mIv>^{)y3X;-;|eh^AJOK0RSP=TzIW7@eXpgOe!^n=YyR{&s zN<)o4${=BzL~Twmf|>Z+LFOhiPCP(f(Y(o|C}bJSagmzVyx<{pI%ABNg5Dq3U~TZ5 zC4*mfDr75420|QkN5e{PO=1|?rR@bOQ^8L6$^r#p5;~zT4%pysYaT>NRq}HOim(8V z>pDV5HY%MisRZpBd?s2I5*~%ou`{!wk>c%++9-P|H5?3ErhekVwU@?U55`v8$dv6{ zra=?`m@BhYd12+QJ#8AFi8q;b0`(6^J?#r0x2YP!W@wdZAiWjiSjif|+h5DV(X za6~Z;;d@uBm05<$4yD{s`QH<|FKQSo?-M0Pooi7eZSdyM2S}h+Y=Eohfuo~UCH8`3 zCidT9#?Sv9WR)=ZnrleIS?_w(E)!LyhF#M4E0t}QY-_|(TU=2%tZj~*(loIMp#u(; z#$+(ht__r;9LWA1&k!)OESx!83odS}7etnC2yDj_g?_Lg5lR&<^Ggc4Ou2+hDMc?U z&-V+r$$LWg7-%CyB@I0>E04nIlQH0^Fp>_JHR+B50F=WImogZg5U4bkI_x01Ffssy zoN^CW$5;$|-&{%GuYC-#d~J9OUSXHh*cXwVEHahUi#Br8z)Of^%;pM_qEDK2F&^I( zwug$PAxz(k#!mLb3&3}SH-X!9khr~3;?A=*!~+{Zwe2UU)Hb38&5+8F8?KnSCb9@H z_e;Pu0}gaim;k8M%R(7qpQ;$kkAN;}@Jn<*1(H`UrmK3P=>dY8dmypy?Ir0T88F?J zWp)4HgGZmDxd6+4#b0&bBp|c5rHZ=({>sqPLq}J)>%Xu&87g{g--8u=jPO^*m?U0L zG*AB{jXiPJYP59czcfzMG`W^e+ZN6=YqVM$|Ju>BRvQ*IVRJVRwo@9I+-u5_@^qV% z2tKcTko#^zMiOMgO*?_FOl6f*W|rPeVRq8zBCpsK!c`7|D)L&HbdIQN=~@V~{N8rA z!mMa;wad~`w?37fs#gl8aNX|*h-F)M~CE|7+z z6{uvUir9k%r{_jKl+3Eu&J0Yuq{ENtYpZo6;IMvKX{%3ZEoM&2oUN1PL{jo#>s~!J zoZ`RDl#S2b3`QVEQVth>U#=W2I;Z!j}G3&xzm)5ddMff2uG)4 za2)N?=(2s>C~?ePAkep$rCrj(nzff%D`#}4LW@Jrzc6_98Fuska?7;iN4_ zZ0V_pktShHS5cif3_gTYI;sxlP+zr2_FxmB!OUPCSt8DsU{Bmq3Y4T&dGitMY{y#V zVymu?`L@#al9vtP+G~|Z7lqN$l(5MOXV?S8Ga+TAu_x7@(I@Cc@sixpp7@?(5{{#6 zF}2kqH-miC?YdNM%`;nCTw+hffszs?(hpY#(UIFEJ&|IQJYWD1ZSkJzVeL27;(a^M z^!MtiitAG^sN-AaR|@(31qV|av+HMeEz0M)nHVLS%bkyLE)A8DKd3W9Y3ZFy=Nkbw9)@s5IaU{d zgDn-%TDn>MU;N}17$6R$IXAPr)kd>%_@dT0s!`dE1BG2?F|T-2p=N6eEudC;9qvgM z<~p}4Od?s4C>;bL#iUc@p>(&TN~_F@=qjO1g%1ZPU(ja*A95{MyAhL6zP>F8!xGOq zQ34wPj#C9)_o#4zaOT}t!9s{CRmYcMmc=l~sLCW(bQVEme;aRh_pz1c#)Yold&T{b z4dcq>=^%}Z|6+5wN9jNh>z_-V*iL=eJHm~{XT@@d@**3Gq!ehQDoz%43AWoV#czS8 zZxeZM-8RX}Ir)hNU&Yxy!g{n!6S&4EA*0YPOUmG)mZ`HSpIku%zoj5u|KQEl<#c@s zi7K0h&Vs=VsK0kpJO)l`b-B&wjB%50=)xi&-?Hz{Nq(%t_bDixk0?Qx0`^#8&Y{Co z&|611lKt`pDyL77p)-6tYhhEN6TAWI=~GKN%%pO{C^x6BgqpLcE-@jBbowJ5>A_G> z(|P{04IUn)zF!>KR0Y|e&1oi)50Rs5cNC_~AnZt9l&%-$N~jAZ3CyJ~-W2D!e0h&- z4baPgD?eV5vH^t$9pUrv?BFR_Q<-qJ2w8_!p0v@=S@LttT)By=oSIDqnF?h(rO(fw zSv(XY17+F3s!^+I)%be<=Qnst$$<>+@?U-ElQ(@sbo<_KHM0|R zXSlfJN?A&Faa_Qkl@2B!+_5nb)llgc5fGn<@!eGzNYclupu;Wr9LlsP-6BhP(!yUa zu$AL^@L1jwQ(#CJzBjFkxVV>_$opg!+fkK%9ml^kL<*{ZtHNi$Y3yT$nOBfAD$q*S zqbi13JN?Lv^P?j}-a8Tovd<%}I1b|n;F_O?(=?2pb>6wX98bC(ake>D%}yhmkDW&D zV}8%N8Cu=W*y`=^mCPJUuaD;OVEA@&JG>PA>(SWi^o+-QKNH>N@N?fVE(dSkSVK(B z_-M{$a*0+?ayFkCqk zz%W77a*#Rl2?tZiD66{q3F>%P&orp2=yuLFJmss`6-7V%3awp0DQ4GkU?IRlcu=)tj(D3SmPwbighcpC|L60a>y4LYb zETm5v`bui5cqbG)YjDu{hiG`_uw|A}E zZ5v7YKc50Yb`QaXf~bp~gd2{-k>x}uw&fM&%+6382qHlVYZ7D#(6ZvuKKs_CuK-9& zj-$jA^hsm_=zCXpS65ek6^QwqDD|5 z+^o@%cacB~kVA$cOm$U;(~$@N2PkZU*_pwKqQh;+w{Zd|2k{&&7Qr;V?6?PeF@jv4*v)giry0`u=1su)N_Rf3{00xn9^WkSrW zr)sXF$77DhJxyctS;uMVYSS=;F$~qwF}2Ba-?whhlJ`5euFpCip6CH8x6#Ot9@J>{ zC=lNx7b!ZsvHVCJN?3`26cSkJiEPQl5RGPmNa+D-G||2|%#R5V1AK#}?W)r<#zQTa zy1MBcdQB{C-bo>A`~zz-Pms=g_kcA+woY&6k=u4$U|uINix#($xWB}DBN@Ji6T(*a z65>)cxiz@AMrX+y1Y8P^genVag`a$6;XOt2E|NT2fzUTtQ|PUH7D-k9a&_lHM4m7z zHlGTI(xURBkXm3X3bSnCLG4_O1aI*?19S=R?B?X#098~;@te!*2-Nuf?fPMn^}-JI z$x7Z+uNy#DkcjR`Eoxa#vO@EJ3Mb3R*xS_P4B^=Qxx+vZoC9V?r!|b7niGa-$@$jV zfun;w!#JIevoD@i)%x`eNTWW$k1kAwHtJNhNiLqYkqp|DdHW(9y+kpbTRQE4{dmVS z&uTND)UXaP&lWd)uz;ML1hcX#Ocg}24xIY>aNud8ffN4OAC#4-JBj9c`z(3An6w?3 z@n^|XC>?(8!p{>iA%S%oMeuIVcn6RBCF_HlOOn8Kiweues>!fnEfIn^r8lWo3t#|7 zfe;*6%f>vsVOgQ7W^u6)abN?3k#uR**^j;QFtfA@ce78j8gc94=y2Wnf0axESfcOp2j zwG=0fhdLksc)EEkMdrwAc9HfUzUkMw2-r(da+fRC9!A*8P)*V^N`baP@!vXok6SGm zHun{@g~Ysk1&+tB9p?&#QsRx3A!P(-;b`u)a3RQ5l9qto0w+U_4&XnWTq_66V%N&{ z0LVrT7;o>Uh6(KXsK2Xq>&5-V%JRxlNX~(NK>rJQLmRnwSwVYm%%BS2eg)GSDUCGOpmftu1QHgpIqAr5Nn!W4hf9xh@!@iv~ECC-=Ff&{96mXtPN z#f%^(f+T94&H1p9qUAV;9!FzKAXZd5*$U3tr==$KxI=wRA5R5iz^C zNLov)JP}$ak`-KreUj>O2K7PHEF1`oyKP&R9~F!NXve;cd?rOhB!HVp@RY?I2VR`gO`Z%`x4-!`0$#o$))><5l{BsqdOoDx=g*6L1-^)zzk7254B&E79+HkgtV%``60C$033xqz0&X|H+x`UMz9p9IHk*m zLDP^cZA^L_684Su`e8GAYNnSiS-4o`WH5T2>bpWFf@co7BIC$eafCI#x2IZX_M(aQoJBmlN>C-KPD4gW!1%k8*$dFN{KI=v1MzU-Vhs;si3fElN zWy+UPT0)@}zX|Zs{Ori>g6x zjvSEZy6%~^V30VNT7;$HC8_Vz>57qVknpJ`{ zW_X<%bf*~;084LZTpiN(1^#fsgal$tGj+e8(uv?`~F&@T< zLu&}}O8W+6Vsi=2*2%&sKRjmSOj+Tw5* zxl1u?@FLb1Ap3k%DL8Z24M1Mzv!XaCA+CDiv@PY9zGLuYf6HSaMsbeaV^fgQ)dQ z>a)V1I63QPKvx0jOHEV~JOlx*-a+8vJ^FkRUQWX{TDY-03e1nVAj}jyvcH4k_TO9Y z`i~Ow`u_|9KOBEd-)kH2zgw-{uL}DAySsap{{I7nJ{;(x$)L7OVgwrtC$#TY)8o$) z%IE*bv;D!a3I8AFeqsLa>^!dK{{sX%Fw>wD%%L=Bp*M�spW#05{x@p{&iv{3Wm` z>2Mkdph9Na`3vm&ZV3!#!6HcH#4IB)bC$W0^)ZN$qe5nwviR;29|^##SGNtSlr z<1Ju1n_v%NCDMA^>8rzDT^nI{^g+FitV*3T8{G20Gzfu&0)t}paADuevPnY2_knng zqYHYN=iD90+7Ir4OPBe zgwrWuj0$H(n1ao%?j93=?cOuG|JD5x?AfKWdEAJ+@S2L5kf zjMpBv2L!q!LZz~4REypbFlZ{!`9xg^g2ieHW1vNoF$3E$lo(>GESU32YqcGp(LF;> znl3Md_Rg5mclq*%aDx%t1MiD^=+TedBOp{@@-|+~67o+qsY&Z!b$NvNY7>z)ovvVi z{K7dlzqXz8h_881Pr5%H^@69zFSswDW3y{N{EtO4Zi}V zpZ|xI+qr;GW-%P95X{E3Ri6uu5j*<2n~rnDLo}08D^T>@{u;ved2QD>;gK0F51Kz* zK*wD~*>x1H=pBV4EMXq0mFEge7(Z_b>*>AS^E>oq@37Z9I)2%4zs1C}X@H)(lFI-w zl>XwL*YfO=EN>2B#xHLBL;s-?rZtSjWQyjUjL^1C~X+&Jd6)oa3`z-th^mlAPu&M)(BFVAa_dsOWHH-xxAnzxei1 z9cB`Kq4T$^8^RdJUVKukb=8tYLhZB^nV59%EP%Ik8N&LC1E;kyMzh)&p?`42y<7;F zb&LUYjknVoyR??K*$jj%u7nCj!c;DLMzB|B>`p{V4kuEvQ7Wq45F`-k*WCEHmqZA| zTsviYK0psD5qZ*}dvj^gV0iYES~fBJHFbV^!Pno{k*t0V^(vH7Tq^GYQ2_|=8HJx6 ztPhqY9gG;26`=ISoJK1#8Ww>?g#b^a1i;#;xW&;|fh9(nr}1=&-oDe?MZ`J?RD_H& z(_4-YBOfKk7PNZ2rK`f}Z1_fG)#RdI9rsRChV9O`8%hovC zF=(*O1b-D@UWo*98qN|8ohjBSXd%ir=x$9DSfg@9_iI8q{~rYCbS4Nsjv#o`{m;%$ z!T;;y$B!!fr-uk6`}A?tg7l{C*qH2mpM9(@F85>Jd5R$pdlV)OoDLY zk9Yu(uaTi?IzrG7NA9NcoVBZ7#P5!h`yjRbN`N*Cm+f=O%MuH!PjC{ec1Ga5gwo2g zkQyJ1*@OfRJ8)p}Tdb48axS@U(*9Y5CSItFJy97i6{u(l8AW?S3lfseW+PLt z)U*L4oc~VAPzgJB2G_E5(b@lyD^$>J<9;8n`{2uNYyWF^(D1LrIP;Wx^mP=zaduj} z`y>dGHNm$ZqZ%?FSqChrSO@A1-Di9ONRON9AY!4m=lyCbmG_hAniVe*8=*~I#Ma)U zh%E0=r;D4SE5waaS1B&JJi^H6oypWhXF_V|?$FhxJPI8leSe3OY>SMyg_|h4It(|q zlcJ#4u{CjU4v2mT(CZT7Ce_Iw)BH`molR2HCllK1m-%Wkjqgx{Usz$0$H3GxvTwAV z3pnJwv8pE&!Dvv-xDuJmfFM8wg0i&kS+d$m6oI(q2Vs4#X%xNjT6dwAJZuhA&s~Uv zq6?o`_#5g^uh>@t{8Y8cXTiiH2%wyD;)F~lmCn;;+FWS9?U?+*6P-gR5> z@9x>VzwYwC-Bz&b11kZjRvRrSZ+S9Hi0<%8JlA^T)9=^=`>p-b?L)UQSI_cxN+nZa zEs<-gTbsV|7Km_^I_^O8oEvMB(F$Nn} z=?5c*m~-%1{4%~7lnLLBCliRp9$ADZv)?p}E#`Q}lSE(vZez@M8$wXU7aw$AFmr}s zHoTI4NOSguWFh>lhqmUoHBv5dUcn#qa=pB~@=OlSUjJ;oAlsT8s+T|#v{qqc}CGl9)Q7Ox5(8zzGy@wldHE0m9o zx?U{d=WIMqqYTpqB(9@l0V3F(Q3x74HEqknjbV1BohxRuBl|lCWt>rJX{d{QRH4WchVvY?A-A_VV(- zUHEUmI{!aFP`7zCJh0DiYSP5BnjU|OP(J^aFyy0@v0?u2?mQ~W|MzzvRrCJ=f+7Dy zX9`!-aLDqz>+}+K0668M8>&e7DU{+ggccUBYPBB^{~mN-pZ;)sa`cbxDR3wPayLdW zqHW2lAcAa|h4{|Bt=TM1sYETu?%YIzD#$KJ1+a zFAkwnPX#;;-lw{j1OnUY6DZjNt=$M0kkUiylfMVO)03l@-=np@U7?&&^2Ka)6HEx? zW*R313rU%v?cm|d)8P5x%kNKrs1JZW`KHwqRu6C7@Rz%mV)aUONNJd09z zoikqn>|jJYX<^t9rXATiWtddr-uaN#4kEm4%nJvbGQ;FKCOw^db;Jo{NAsh4 z)9L3j6r5q-b#pQp4K0KqV?}6m&)skBp+obFcr=O-Wn*R5cEr+h>@wET%&YF{4*~kL zK!RD-wT+Vc*3s(!_{TMUu(ESMplkNw(3ClZF1WsH%!q|@YR3HcT&4R3IimJg6DMcG zr_TX$-59H4xBr--eE&D^dVf6^uwnn-f!#j8|9|zk(*J#sAn(V7`dUr#1M-)=43y95 z)iR4G>PcMz)@njXWatEVGFu;C9)zj#vJ;W=@as8A3yfuv6m_vk1mNhX!u{!+5&kv+ z!VP?RvN#XWLyFgTwYH(#w6Yr*(vU0)7f)x`NuhXZoWGc6i-?6KGPRLdmk?aUiI8^; zr=y~y9t&yC%ndf>3xoM^`%wOW_~2ty>ctt`#)4zv;MO_&__4~u3!Im9`EiH*Z=+fud4O`0YYy5H=OUu zwO4!8Tc`BVbkNI3PL-oaD(OeZGNyVq)G*d+am2ILN%v~Xm!Pzs6`E?Sy(CjgJqkLg z_6P<=Dpr_V7VEmL+_7AIW^Gjs-XsB48gA_l+uGBklTxpILY4L|-uXUYo5YwX+6#ok zHF=vS_6Ss1u~oi4WZSd~@e#K=Mvvet>ml#)GFNcjdtpMjR6K=KY~djVWzIWlF; z+aus!j*yNPZRg-+=NaCjK0kDh4Daf;KLVvCQckvM_~CSG==glv#4B#ZE6V+pD7WNz zaIX~?wHp!Fk_|-1;n1dEXhyEb?BUisl?n6cmJrXUx3=DOs7oE1e(Ll!jS2NPFb1iN z&ZH+Pyy(AXgIj_KCMaTZ6kxc(ic?2qYtdMl8_hc`dZm=*ZjWcP?Tc`cBfJir_|jk_eWGZ;wedVl40aYS7yR<>PiA(7-u9+9E(>1YV=0|Sc-X| zszypz3FTw~z4k%maL_w>2r{_a0%H-y2Fm$2rUU8dN_W5pB9OXyWfWjrA}%6ijZ#)h z$8+6pJmRuun}_?~ehn}jHmn+cc1t*O(kV(FH;uYfh~z%I``Fu>%)d1S+-uHr5<}DT z&qxJFVtj^IAp(S;B0=Ijec7YK%top()n8XrM(+y!ejsxDG9mm8X_j23?fr)%kerI| zpOHvPeYb2R4x_Kv5XV7?nW9Nro?#^WF2ObY;i$q;=>9WOgn5|MPHmm(GDQ#>XB3ae z(E?|6b`>V(sBWYh0XJPnDg*_TqJq2xJt_GAL(qeZh#dc!B=flwjz+NF2zj{!l^RVX ze8e!Eqt-p6K%h$xj3#j8RSxhf5YY0aqMA{3vAhgqz8zVT4^g9V`UAiBbS{SPAVstS zBpj+L<6F5ljOO6Io=(Yjk_erd>yJ-T67|qWeOU#CGVcm__)+vWgTec5g}IN2bumlR z@+iNrxJ%Pop(OmophQfmGT!M-|RG|u0s6rL0P=zW~p$b)~ uLKUh|g(_5`3RS2=6{=8$Dpa8gRj5K0s!)Y0RG|v@4F3private/account.key +fi + +rc="0" +for csr in csr/*.csr; do + test -s "$csr" || continue + test -r "$csr" || continue + crt="${csr%%.csr}" + tmp="certs/${crt##csr/}.tmp" + crt="certs/${crt##csr/}.crt" + if test -s "$crt" && /usr/sbin/cert-check --days="$DAYS" "$crt"; then + continue + fi + if test -w "$crt" || test ! -e "$crt"; then + echo acme_tiny --account-key private/account.key --csr "$csr" \ + --acme-dir /var/www/challenges/ --out "$crt" + else + echo "Can't write to $crt" + rc="1" + continue + fi + + if /usr/sbin/acme_tiny --account-key private/account.key --csr "$csr" \ + --acme-dir /var/www/challenges/ > "$tmp"; then + mv "$tmp" "$crt" || exit 1 + else + test -e "$tmp" && test ! -s "$tmp" && rm "$tmp" + fi + # append intermediate certs + #cat *.pem >>"$crt" +done +exit "$rc" diff --git a/acme-tiny.service b/acme-tiny.service new file mode 100644 index 0000000..a9bedfc --- /dev/null +++ b/acme-tiny.service @@ -0,0 +1,15 @@ +[Unit] +Description=Check for acme certs about to expire + +[Service] +Type=oneshot +Nice=19 +ProtectHome=true +ProtectSystem=true +User=acme +Group=acme +SyslogIdentifier=acme-tiny +ExecStart=/usr/libexec/acme-tiny/sign 7 + +[Install] +Also=acme-tiny.timer diff --git a/acme-tiny.spec b/acme-tiny.spec new file mode 100644 index 0000000..6cdc68d --- /dev/null +++ b/acme-tiny.spec @@ -0,0 +1,106 @@ +Name: acme-tiny +Version: 4.1.0 +Release: 1 +Summary: Tiny auditable script to issue, renew Let's Encrypt certificates +License: MIT +URL: https://github.com/diafygi/acme-tiny +Source0: https://github.com/diafygi/acme-tiny/archive/refs/tags/4.1.0.tar.gz +Source1: acme-tiny-sign.sh +Source2: cert-check.py +Source3: acme.conf +Source4: acme-tiny.timer +Source5: acme-tiny.service +Source6: notify.sh + +BuildRequires: systemd +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires: acme-tiny-core = 4.1.0-1 +BuildArch: noarch + +%description +This is a tiny, auditable script that you can throw on your server to issue and +renew Let's Encrypt certificates. Since it has to be run on your server and +have access to your private Let's Encrypt account key, I tried to make it as +tiny as possible (currently less than 200 lines). The only prerequisites are +python and openssl. + +%package core +Summary: core python module of acme-tiny +Requires: openssl +BuildArch: noarch + +%description core +Includes only the core acme_tiny.py script and its dependencies. +Alternate frameworks that use acme_tiny.py can install this to avoid pulling in +unneeded packages. + +%prep +%setup -q -n acme-tiny-4.1.0 +cp -p %{SOURCE1} %{SOURCE2} . +sed -i.orig -e '1,1 s,^.*python$,#!/usr/bin/python,' acme_tiny.py +sed -i.old -e '1,1 s/python$/python3/' *.py + +%build + +%install +mkdir -p %{buildroot}/var/www/challenges +mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}%{_libexecdir}/acme-tiny +mkdir -p %{buildroot}%{_sharedstatedir}/acme/{private,csr,certs} +mkdir -p %{buildroot}%{_sysconfdir}/acme-tiny/notify.d +chmod 0700 %{buildroot}%{_sharedstatedir}/acme/private + +install -m 0755 acme-tiny-sign.sh %{buildroot}%{_libexecdir}/acme-tiny/sign +install -m 0755 acme_tiny.py %{buildroot}%{_sbindir}/acme_tiny +ln -sf acme_tiny %{buildroot}%{_sbindir}/acme-tiny +ln -sf %{_libexecdir}/acme-tiny/sign %{buildroot}%{_sbindir}/acme-tiny-sign +install -m 0755 cert-check.py %{buildroot}%{_sbindir}/cert-check +install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/conf.d +install -m 0755 %{SOURCE6} %{buildroot}%{_sysconfdir}/acme-tiny +mkdir -p %{buildroot}%{_unitdir} +install -pm 644 %{SOURCE4} %{buildroot}%{_unitdir} +install -pm 644 %{SOURCE5} %{buildroot}%{_unitdir} + +%pre +getent group acme > /dev/null || groupadd -r acme +getent passwd acme > /dev/null || /usr/sbin/useradd -g acme \ + -c "Tiny Auditable ACME Client" \ + -r -d %{_sharedstatedir}/acme -s /sbin/nologin acme +exit 0 + + +%post +%systemd_post acme-tiny.service acme-tiny.timer + +%postun +%systemd_postun_with_restart acme-tiny.service acme-tiny.timer + +%preun +%systemd_preun acme-tiny.service acme-tiny.timer + + +%files +%{!?_licensedir:%global license %%doc} +%license LICENSE +%attr(0755,acme,acme) /var/www/challenges +%attr(-,acme,acme) %{_sharedstatedir}/acme +%{_libexecdir}/acme-tiny +%config(noreplace) %{_sysconfdir}/httpd/conf.d/acme.conf +%{_unitdir}/* +%{_sbindir}/acme-tiny-sign +%{_sbindir}/cert-check +%{_sbindir}/acme-tiny +%{_sysconfdir}/acme-tiny + +%files core +%license LICENSE +%doc README.md +%{_sbindir}/acme_tiny + +%changelog +* Tue Jul 13 2021 wangziliang - 4.1.0-1 +- Package init. diff --git a/acme-tiny.timer b/acme-tiny.timer new file mode 100644 index 0000000..687c820 --- /dev/null +++ b/acme-tiny.timer @@ -0,0 +1,13 @@ +[Unit] +Description=check for acme certs about to expire and renew them +ConditionKernelCommandLine=!rd.live.image +After=network-online.target +After=httpd.service nginx.service + +[Timer] +OnBootSec=20min +OnUnitInactiveSec=24h +Unit=acme-tiny.service + +[Install] +WantedBy=timers.target diff --git a/acme.conf b/acme.conf new file mode 100644 index 0000000..3768c5c --- /dev/null +++ b/acme.conf @@ -0,0 +1,17 @@ +Alias /.well-known/acme-challenge/ "/var/www/challenges/" + +# Note, blocking access to in a will override +# these global permissions. You will need to modify those domains +# to allow access to /.well-known/, or just copy the from below. +# See: http://httpd.apache.org/docs/2.2/sections.html + + + Options -Indexes + Order allow,deny + Allow from all + + + Options -Indexes + Order allow,deny + Allow from all + diff --git a/cert-check.py b/cert-check.py new file mode 100644 index 0000000..89f545c --- /dev/null +++ b/cert-check.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +from __future__ import print_function +from sys import stderr + +import subprocess, time, calendar, os, getopt + +def usage(): + print("""Usage: cert-check [options] files ... + -h,--help this message + -q,--quiet do not print cert files needing (re)newing + -d n,--days=n days before expiration to renew (default 7) +Succeeds only if all certs exist and are more than from expiration.""", + file=stderr) + return 2 + +def main(argv): + days = 7 # days ahead to + quiet = False + + try: + opts,args = getopt.getopt(argv,'hqd:',['days=','quiet','help']) + except getopt.GetoptError as err: + # print help information and exit: + print(err,file=stderr) # prints something like "option -a not recognized" + return usage() + + for opt,val in opts: + if opt in ('-h','--help'): + return usage() + if opt in ('-q','--quiet'): + quiet = True + if opt in ('-d','--days'): + try: + days = int(val) + except: + return usage() + + now = time.time() + soon = now + days * 24 * 60 * 60 + rc = 0 + + for fn in args: + try: + size = os.path.getsize(fn) + except: + size = 0 + if size == 0: + if not quiet: print(fn) + rc += 1 + continue + proc = subprocess.Popen( + ["openssl", "x509", "-in", fn, "-noout", "-enddate"], + stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + out, err = proc.communicate() + if proc.returncode != 0: + raise IOError("{1}: OpenSSL Error: {0}".format(err,fn)) + t = time.strptime(out.decode(),'notAfter=%b %d %H:%M:%S %Y GMT\n') + t = calendar.timegm(t) + if soon > t: + if not quiet: print(fn) + rc += 1 + return rc > 0 + +if __name__ == '__main__': + import sys + sys.exit(main(sys.argv[1:])) diff --git a/notify.sh b/notify.sh new file mode 100755 index 0000000..2d04011 --- /dev/null +++ b/notify.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +cert="$1" +name="${cert##*/}" +script="/etc/acme-tiny/notify.d/${name%.crt}.sh" + +# kick apache if cert is mentioned +if grep "$cert" /etc/httpd/conf.d/*.conf >/dev/null 2>&1; then + apachectl graceful +fi + +# kick sendmail if cert is mentioned +if grep "/etc/pki/tls/certs/$name" /etc/mail/*.cf >/dev/null 2>&1; then + cp "$cert" /etc/pki/tls/certs && systemctl restart sendmail +fi + +# run any dropin extension +if test -x "$script"; then + "$script" "$cert" +fi -- Gitee