From 13be6817b375c36e50ae5b03a5e3723da0c7390d Mon Sep 17 00:00:00 2001 From: srvrco Date: Sun, 7 Jan 2018 10:48:12 +0000 Subject: [PATCH] adding various updates / from issues to beta --- getssl | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/getssl b/getssl index 23781d7..79ab8da 100755 --- a/getssl +++ b/getssl @@ -378,7 +378,7 @@ check_config() { # check the config files for all obvious errors fi dn=0 - tmplist=$(mktemp) + tmplist=$(mktemp 2>/dev/null || mktemp -t getssl) for d in $alldomains; do # loop over domains (dn is domain number) debug "checking domain $d" if [[ "$(grep "^${d}$" "$tmplist")" = "$d" ]]; then @@ -401,7 +401,7 @@ check_config() { # check the config files for all obvious errors fi # check domain exist if [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then - if [[ "$($DNS_CHECK_FUNC "${d}" SOA|grep -c "^${d}")" -ge 1 ]]; then + if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "${d}")" -ge 1 ]]; then debug "found IP for ${d}" else info "${DOMAIN}: DNS lookup failed for ${d}" @@ -436,7 +436,7 @@ check_config() { # check the config files for all obvious errors } check_getssl_upgrade() { # check if a more recent version of code is available available - TEMP_UPGRADE_FILE="$(mktemp)" + TEMP_UPGRADE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl)" curl --silent "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE" errcode=$? if [[ $errcode -eq 60 ]]; then @@ -631,7 +631,7 @@ create_csr() { # create a csr using a given key (if it doesn't already exist) if [[ ! -s "$csr_file" ]] || [[ "$_RECREATE_CSR" == "1" ]]; then info "creating domain csr - $csr_file" # create a temporary config file, for portability. - tmp_conf=$(mktemp) + tmp_conf=$(mktemp 2>/dev/null || mktemp -t getssl) cat "$SSLCONF" > "$tmp_conf" printf "[SAN]\n%s" "$SANLIST" >> "$tmp_conf" # add OCSP Must-Staple to the domain csr @@ -1251,7 +1251,7 @@ revoke_certificate() { # revoke a certificate ACCOUNT_KEY="$REVOKE_KEY" # need to set the revoke key as "account_key" since it's used in send_signed_request. get_signing_params "$REVOKE_KEY" - TEMP_DIR=$(mktemp -d) + TEMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t getssl) debug "revoking from $CA" rcertdata=$(openssl x509 -in "$REVOKE_CERT" -inform PEM -outform DER | urlbase64) send_signed_request "$URL_revoke" "{\"resource\": \"revoke-cert\", \"certificate\": \"$rcertdata\"}" @@ -1579,6 +1579,7 @@ write_domain_template() { # write out a template file for a domain. # an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true #SERVER_TYPE="https" #CHECK_REMOTE="true" + #CHECK_REMOTE_WAIT="2" # wait 2 seconds before checking the remote server _EOF_domain_ } @@ -2406,6 +2407,7 @@ cert_archive debug "Certificates obtained and archived locally, will now copy to specified locations" # copy certs to the correct location (creating concatenated files as required) +umask 077 copy_file_to_location "domain certificate" "$CERT_FILE" "$DOMAIN_CERT_LOCATION" copy_file_to_location "private key" "$DOMAIN_DIR/${DOMAIN}.key" "$DOMAIN_KEY_LOCATION" @@ -2471,7 +2473,7 @@ if [[ ! -z "$DOMAIN_PEM_LOCATION" ]]; then fi fi # end of copying certs. - +umask "$ORIG_UMASK" # Run reload command to restart apache / nginx or whatever system reload_service