Merge c8703eac74 into a5754e9ec4

Merge pull request #6551 from acmesh-official/dev
sync
2025-11-04 05:46:05 +08:00 · 2025-10-11 08:27:09 +02:00 · 2025-10-06 12:32:49 +01:00 · 2025-10-06 12:30:49 +01:00 · 2025-09-28 19:20:08 -04:00 · 2025-09-28 15:42:50 +01:00
1 changed files with 54 additions and 4 deletions
--- a/acme.sh
+++ b/acme.sh
@@ -4790,7 +4790,8 @@ $_authorizations_map"
      fi

      # Fix for empty error objects in response which mess up the original code, adapted from fix suggested here: https://github.com/acmesh-official/acme.sh/issues/4933#issuecomment-1870499018
-      entry="$(echo "$response" | sed s/'"error":{}'/'"error":null'/ | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
+      # Additional fix for issue 4972 "cannot get domain token entry" with ZeroSSL (https://github.com/acmesh-official/acme.sh/issues/4972)
+      entry="$(echo "$response" | sed s/'"error":{}'/'"error":null'/ | _egrep_o "\"challenges\":\[[^]]*]" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
      _debug entry "$entry"

      if [ -z "$keyauthorization" -a -z "$entry" ]; then
@@ -5804,7 +5805,7 @@ list() {
  _sep="|"
  if [ "$_raw" ]; then
    if [ -z "$_domain" ]; then
-      printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}CA${_sep}Created${_sep}Renew"
+      printf "%s\n" "Main_Domain${_sep}KeyLength${_sep}SAN_Domains${_sep}Profile${_sep}CA${_sep}Created${_sep}Renew"
    fi
    for di in "${CERT_HOME}"/*.*/; do
      d=$(basename "$di")
@@ -5819,7 +5820,7 @@ list() {
          . "$DOMAIN_CONF"
          _ca="$(_getCAShortName "$Le_API")"
          if [ -z "$_domain" ]; then
-            printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$_ca${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
+            printf "%s\n" "$Le_Domain${_sep}\"$Le_Keylength\"${_sep}$Le_Alt${_sep}$Le_Certificate_Profile${_sep}$_ca${_sep}$Le_CertCreateTimeStr${_sep}$Le_NextRenewTimeStr"
          else
            if [ "$_domain" = "$d" ]; then
              cat "$DOMAIN_CONF"
@@ -5838,6 +5839,48 @@ list() {

 }

+list_profiles() {
+  _initpath
+  _initAPI
+
+  _l_server_url="$ACME_DIRECTORY"
+  _l_server_name="$(_getCAShortName "$_l_server_url")"
+  _info "Fetching profiles from $_l_server_name ($_l_server_url)..."
+
+  response=$(_get "$_l_server_url" "" 10)
+  if [ "$?" != "0" ]; then
+    _err "Failed to connect to CA directory: $_l_server_url"
+    return 1
+  fi
+
+  normalized_response=$(echo "$response" | _normalizeJson)
+  profiles_json=$(echo "$normalized_response" | _egrep_o '"profiles" *: *\{[^\}]*\}')
+
+  if [ -z "$profiles_json" ]; then
+    _info "The CA '$_l_server_name' does not publish certificate profiles via its directory endpoint."
+    return 0
+  fi
+
+  # Strip the outer layer to get the key-value pairs
+  profiles_kv=$(echo "$profiles_json" | sed 's/"profiles" *: *{//' | sed 's/}$//' | tr ',' '\n')
+
+  printf "\n%-15s %s\n" "name" "info"
+  printf -- "--------------------------------------------------------------------\n"
+
+  _old_IFS="$IFS"
+  IFS='
+'
+  for pair in $profiles_kv; do
+    # Trim quotes and whitespace
+    _name=$(echo "$pair" | cut -d: -f1 | tr -d '" \t')
+    _info_url=$(echo "$pair" | cut -d: -f2- | sed 's/^ *//' | tr -d '"')
+    printf "%-15s %s\n" "$_name" "$_info_url"
+  done
+  IFS="$_old_IFS"
+
+  return 0
+}
+
 _deploy() {
  _d="$1"
  _hooks="$2"
@@ -6377,7 +6420,8 @@ _deactivate() {
    _debug "Trigger validation."
    vtype="$(_getIdType "$_d_domain")"
    # Fix for empty error objects in response which mess up the original code, adapted from fix suggested here: https://github.com/acmesh-official/acme.sh/issues/4933#issuecomment-1870499018
-    entry="$(echo "$response" | sed s/'"error":{}'/'"error":null'/ | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
+    # Additional fix for issue 4972 "cannot get domain token entry" with ZeroSSL (https://github.com/acmesh-official/acme.sh/issues/4972)
+    entry="$(echo "$response" | sed s/'"error":{}'/'"error":null'/ | _egrep_o "\"challenges\":\[[^]]*]" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
    _debug entry "$entry"
    if [ -z "$entry" ]; then
      _err "$d: Cannot get domain token"
@@ -7498,6 +7542,9 @@ _process() {
    --set-default-chain)
      _CMD="setdefaultchain"
      ;;
+    --list-profiles)
+      _CMD="list_profiles"
+      ;;
    -d | --domain)
      _dvalue="$2"

@@ -8063,6 +8110,9 @@ _process() {
  setdefaultchain)
    setdefaultchain "$_preferred_chain"
    ;;
+  list_profiles)
+    list_profiles
+    ;;
  *)
    if [ "$_CMD" ]; then
      _err "Invalid command: $_CMD"
Author	SHA1	Message	Date
Ciaran Walsh	2989b5c910	Merge `c8703eac74` into `a5754e9ec4`	2025-10-11 08:27:09 +02:00
neil	a5754e9ec4	Merge pull request #6551 from acmesh-official/dev sync	2025-10-06 12:32:49 +01:00
neil	2584f09083	Merge pull request #6543 from szhu25/add-to-list Add "Profile" column to --list command	2025-10-06 12:30:49 +01:00
Steven Zhu	d439933b52	add Profile column to --list output This commit adds a new "Profile" column to the output of the `--list` command. The column displays the value of the `Le_Certificate_Profile` variable stored in each domain's respective configuration file. If a profile is not set for a certificate, the column is left empty. This enhances the utility of the list command by providing more at-a-glance information about each certificate's configuration, which is particularly useful for CAs that support different certificate profiles.	2025-09-28 19:20:08 -04:00
neil	094d03bf7a	Merge pull request #6542 from szhu25/list-profiles Implement discovery of CA certificate profiles	2025-09-28 15:42:50 +01:00
Steven Zhu	0f5093c0b7	Remove space	2025-09-27 17:52:44 -04:00
Steven Zhu	80748b9fe0	Quick Patch	2025-09-27 17:37:37 -04:00
Steven Zhu	b244c76dd5	Add --list-profiles command to show CA profiles This commit introduces a new command, `--list-profiles`, to allow users to discover the certificate profiles supported by a Certificate Authority. The command queries the `meta.profiles` object within the ACME directory JSON for the selected server and formats the output for readability. If a CA does not publish profiles in its directory, the command reports that none were found. Usage: acme.sh --list-profiles [--server letsencrypt]	2025-09-27 17:29:12 -04:00
Ciaran Walsh	c8703eac74	Fix for issue 4972 Fix for issue 4972 (https://github.com/acmesh-official/acme.sh/issues/4972) "can not get domain token entry" which appears to happen occasionally with ZeroSSL responses. Extends the previous fix where responses include empty response objects. Issue appears to be related to the _egrep_o regex not being able to match the `"type":"http-01"` or `"type":"dns-01"` challenge types as expected for some reason which is unclear to me. This fix adds a prior call to _egrep_o to extract the `"challenges":[{"type":"http-01",.....},{"type":"dns-01",....}]` array section of text from the response, which then appears to allow the extraction of the specific entry for the type being parsed to work.	2025-08-08 14:58:25 +01:00