Allow dns checks to deal with CNAME records

Some environments might delegate dns validation to a subzone by using CNAME records. These changes allow getssl to validate dns updates when the verification name is a CNAME to the TXT record rather than a TXT record itself.

getssl

@@ -186,10 +186,11 @@
 # 2017-02-18 add OCSP Must-Staple to the domain csr generation (2.10)
 # 2019-09-30 issue #423 Use HTTP 1.1 as workaround atm (2.11)
 # 2019-10-02 issue #425 Case insensitive processing of agreement url because of HTTP/2 (2.12)
+# 2019-10-07 update DNS checks to allow use of CNAMEs (2.13)
 # ----------------------------------------------------------------------------------------
 
 PROGNAME=${0##*/}
-VERSION="2.12"
+VERSION="2.13"
 
 # defaults
 ACCOUNT_KEY_LENGTH=4096
@@ -1990,13 +1991,13 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
                            | grep '"'|awk -F'"' '{ print $2}')
           elif [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
             check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${d}" "@${ns}" \
-                           | grep ^_acme|awk -F'"' '{ print $2}')
+                           | grep '300 IN TXT'|awk -F'"' '{ print $2}')
           elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
             check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${d}" "${ns}" \
-                           | grep ^_acme|awk -F'"' '{ print $2}')
+                           | grep 'descriptive text'|awk -F'"' '{ print $2}')
           else
             check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \
-                           | grep ^_acme|awk -F'"' '{ print $2}')
+                           | grep 'text ='|awk -F'"' '{ print $2}')
           fi
           debug "expecting  $auth_key"
           debug "${ns} gave ... $check_result"