[CA] Add support for `--buypass` to use BuyPass Go SSL

generate-acme.sh

@@ -3,27 +3,37 @@
 # Make sure to load environment variables.
 . ~/.bashrc
 
-ACME="/root/.acme.sh/acme.sh --force"
+ACME_DIR="/root/.acme.sh"
+ACME="${ACME_DIR}/acme.sh --force"
 BASE="/srv/ssl"
 ECHO_PREFIX="[acme.sh Helper Script]"
 
+CMD_PARAMS="$@";
+
+# Check if we should use BuyPass instead of Let's Encrypt
+# as the certificate authority for this certificate.
+BUYPASS=0;
+if [[ "${CMD_PARAMS}" =~ "--buypass" ]]; then
+    BUYPASS=1;
+fi
+
 # Create directory if it exists, make sure permissions are as strict as possible.
-echo "$ECHO_PREFIX Creating base certificate directory: $BASE"
+echo "${ECHO_PREFIX} Creating base certificate directory: ${BASE}"
 mkdir -p $BASE
 chmod -R 600 $BASE
 chown -R root:root $BASE
 
-echo "$ECHO_PREFIX Name of folder containing certificates? (Will be created under $BASE)"
+echo "${ECHO_PREFIX} Name of folder containing certificates? (Will be created under ${BASE})"
 read FOLDERNAME
 
-echo "$ECHO_PREFIX Creating folder if it doesn't exist: $BASE/$FOLDERNAME"
-mkdir -p "$BASE/$FOLDERNAME"
+echo "${ECHO_PREFIX} Creating folder if it doesn't exist: ${BASE}/${FOLDERNAME}"
+mkdir -p "${BASE}/${FOLDERNAME}"
 
 # ¯\_(ツ)_/¯ - https://timmurphy.org/2012/03/09/convert-a-delimited-string-into-an-array-in-bash/
 OIFS=$IFS
 IFS=' '
 
-echo "$ECHO_PREFIX Space-separated list of domains to generate a certificate for?"
+echo "${ECHO_PREFIX} Space-separated list of domains to generate a certificate for?"
 read DOMAIN_LIST
 
 DOMAINS=($DOMAIN_LIST)
@@ -35,33 +45,38 @@ for (( i = 0; i < ${#DOMAINS[@]}; i++ )); do
     DOMAIN_PARAMS+=" -d ${DOMAINS[$i]}"
 done
 
-echo "$ECHO_PREFIX DNS? [y/N]"
+echo "${ECHO_PREFIX} DNS? [y/N]"
 read IS_DNS
 
 IS_DNS=${IS_DNS,,}
 if [[ $IS_DNS == *"y"* ]]; then
-    echo "$ECHO_PREFIX DNS provider? For example: Cloudflare = dns_cf."
-    echo "$ECHO_PREFIX Provider also assumes the proper environment variables are set. Read: https://github.com/Neilpang/acme.sh/tree/master/dnsapi#how-to-use-dns-api"
+    echo "${ECHO_PREFIX} DNS provider? For example: Cloudflare = dns_cf."
+    echo "${ECHO_PREFIX} Provider also assumes the proper environment variables are set. Read: https://github.com/Neilpang/acme.sh/tree/master/dnsapi#how-to-use-dns-api"
     read DNS_PROVIDER
 
-    ACME_PARAMS+="--dns $DNS_PROVIDER"
+    ACME_PARAMS+="--dns ${DNS_PROVIDER}"
 else
-    echo "$ECHO_PREFIX Webroot? For example: /var/www/html"
+    echo "${ECHO_PREFIX} Webroot? For example: /var/www/html"
     read WEBROOT_DIR
 
-    ACME_PARAMS+="-w $WEBROOT_DIR"
+    ACME_PARAMS+="-w ${WEBROOT_DIR}"
 fi
 
-echo "$ECHO_PREFIX Reload command? For example: nginx -s reload"
+# Make sure we point to the right CA.
+if [[ $BUYPASS -eq 1 ]]; then
+    ACME_PARAMS+=" --server https://api.buypass.com/acme/directory"
+fi
+
+echo "${ECHO_PREFIX} Reload command? For example: nginx -s reload"
 read RELOADCMD
 
-echo "$ECHO_PREFIX Requesting certificate using the chosen methods:"
-eval "$ACME $DOMAIN_PARAMS $ACME_PARAMS --issue"
+echo "${ECHO_PREFIX} Requesting certificate using the chosen methods:"
+eval "${ACME} ${DOMAIN_PARAMS} ${ACME_PARAMS} --issue"
 
 SSL_PATH="$BASE/$FOLDERNAME"
 if [[ "$?" == "0" ]]; then
-    echo "$ECHO_PREFIX Certificate request completed. Installing certificate with reload command."
-    eval "$ACME $DOMAIN_PARAMS --key-file $SSL_PATH/key.pem --fullchain-file $SSL_PATH/fullchain.pem --cert-file $SSL_PATH/cert.pem --reloadcmd '$RELOADCMD' --install-cert"
+    echo "${ECHO_PREFIX} Certificate request completed. Installing certificate with reload command."
+    eval "${ACME} ${DOMAIN_PARAMS} --key-file '${SSL_PATH}/key.pem' --fullchain-file '${SSL_PATH}/fullchain.pem' --cert-file '${SSL_PATH}/cert.pem' --reloadcmd '${RELOADCMD}' --install-cert"
 else
-    echo "$ECHO_PREFIX An error occurred during certificate request. Aborting."
+    echo "${ECHO_PREFIX} An error occurred during certificate request. Aborting."
 fi