|
|
|
@ -48,11 +48,12 @@ |
|
|
|
# 2016-04-17 Improving the wording in a couple of comments and info statements. (0.30) |
|
|
|
# 2016-05-04 Improve check for if DNS_DEL_COMMAND is blank. (0.31) |
|
|
|
# 2016-05-06 Setting umask to 077 for security of private keys etc. (0.32) |
|
|
|
# 2016-05-10 update to reflect changes in stating acme server json (0.33) |
|
|
|
# 2016-05-10 update to reflect changes in staging ACME server json (0.33) |
|
|
|
# 2016-05-10 tidying up checking of json following AMCE changes. (0.34) |
|
|
|
# --------------------------------------------------------------------------- |
|
|
|
|
|
|
|
PROGNAME=${0##*/} |
|
|
|
VERSION="0.33" |
|
|
|
VERSION="0.34" |
|
|
|
|
|
|
|
# defaults |
|
|
|
CA="https://acme-staging.api.letsencrypt.org" |
|
|
|
@ -327,7 +328,7 @@ check_challenge_completion() { # checks with the ACME server if our challenge is |
|
|
|
fi |
|
|
|
|
|
|
|
# shellcheck disable=SC2086 |
|
|
|
status=$(echo $response | grep -Po '"status":[ ]*"[^"]+"' | cut -d : -f 2 | sed 's/"//g' | tr -d ' ') |
|
|
|
status=$(echo $response | grep -Po '"status":[ ]*"[^"]+"' | cut -d '"' -f 4) |
|
|
|
|
|
|
|
# If ACME respose is valid, then break out of loop |
|
|
|
if [ "$status" == "valid" ] ; then |
|
|
|
@ -834,14 +835,15 @@ for d in $alldomains; do |
|
|
|
|
|
|
|
if [[ $VALIDATE_VIA_DNS == "true" ]]; then # set up the correct DNS token for verification |
|
|
|
# get the dns component of the ACME response |
|
|
|
dns01=$(echo "$response" | egrep -o '{[^{]*"type":"dns-01"[^}]*') |
|
|
|
# shellcheck disable=SC2086 |
|
|
|
dns01=$(echo $response | grep -Po '{[^{]*"type":[ ]*"dns-01"[^}]*') |
|
|
|
debug dns01 "$dns01" |
|
|
|
|
|
|
|
# get the token from the dns component |
|
|
|
token=$(echo "$dns01" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g') |
|
|
|
token=$(echo "$dns01" | sed 's/,/\n'/g| grep '"token":'| cut -d '"' -f 4) |
|
|
|
debug token "$token" |
|
|
|
|
|
|
|
uri=$(echo "$dns01" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g') |
|
|
|
uri=$(echo "$dns01" | sed 's/,/\n'/g| grep '"uri":'| cut -d '"' -f 4) |
|
|
|
debug uri "$uri" |
|
|
|
|
|
|
|
keyauthorization="$token.$thumbprint" |
|
|
|
@ -883,10 +885,10 @@ for d in $alldomains; do |
|
|
|
debug http01 "$http01" |
|
|
|
|
|
|
|
# get the token from the http component |
|
|
|
token=$(echo "$http01" | sed 's/,/\n'/g| grep '"token":'| cut -d : -f 2|sed 's/"//g' | tr -d ' ') |
|
|
|
token=$(echo "$http01" | sed 's/,/\n'/g| grep '"token":'| cut -d '"' -f 4) |
|
|
|
debug token "$token" |
|
|
|
|
|
|
|
uri=$(echo "$http01" | sed 's/,/\n'/g| grep '"uri":'| cut -d : -f 2,3|sed 's/"//g' | tr -d ' ') |
|
|
|
uri=$(echo "$http01" | sed 's/,/\n'/g| grep '"uri":'| cut -d '"' -f 4) |
|
|
|
debug uri "$uri" |
|
|
|
|
|
|
|
#create signed authorization key from token. |
|
|
|
|
srvrco
10 years ago