From 36e3428ac529474e0ef1ad6c3fe4345ec89026b8 Mon Sep 17 00:00:00 2001 From: srvrco Date: Tue, 8 Nov 2016 09:12:36 +0000 Subject: [PATCH] bug fix openssl v1.1.0 (#166) and DOMAIN_PEM_LOCATION (#167) --- dns_scripts/dns_add_cloudflare | 24 ++++++++++++++++++------ dns_scripts/dns_del_cloudflare | 21 +++++++++++++++------ getssl | 10 ++++++---- 3 files changed, 39 insertions(+), 16 deletions(-) diff --git a/dns_scripts/dns_add_cloudflare b/dns_scripts/dns_add_cloudflare index 78af21e..28e3e2b 100755 --- a/dns_scripts/dns_add_cloudflare +++ b/dns_scripts/dns_add_cloudflare @@ -3,6 +3,14 @@ email=${CF_EMAIL:-''} key=${CF_KEY:-''} +# This script adds a token to cloudflare DNS for the ACME challenge +# usage dns_add_cloudflare "domain name" "token" +# return codes are; +# 0 - success +# 1 - error in input +# 2 - error within internal processing +# 3 - error in result ( domain not found in cloudflare etc) + fulldomain="${1}" token="${2}" API='https://api.cloudflare.com/client/v4/zones' @@ -55,14 +63,14 @@ while [[ "$resp" ]]; do domains=( "${domains[@]}" "${BASH_REMATCH[1]}" ) else echo "Error getting domain name" - exit 1 + exit 2 fi re='"id":"([^"]*)"' if [[ "$first" =~ $re ]]; then ids=( "${ids[@]}" "${BASH_REMATCH[1]}" ) else echo "Error getting domain id" - exit 1 + exit 2 fi done @@ -93,7 +101,7 @@ done if [[ -z "$domain" ]]; then echo 'domain name not found on your cloudflare account' - exit 1 + exit 3 fi txt_record="_acme-challenge.${fulldomain%.$domain}" @@ -102,12 +110,16 @@ resp=$(curl --silent "${curl_params[@]}" -X POST "$API/$domain_id/dns_records" \ # if it failed (success:false) then give error message if [[ "${resp// }" == *'"success":false'* ]]; then + if [[ "${resp// }" == *'"code":81057'[^0-9]* ]]; then + echo "DNS challenge token already exists" + exit + fi re='"message":"([^"]+)"' if [[ "$resp" =~ $re ]]; then - echo "Error: DNS challenge not added: ${BASH_REMATCH[1]:-unknown error}" - exit 2 + echo "Error: DNS challenge not added: ${BASH_REMATCH[1]}" + exit 3 else echo "Error: DNS challenge not added: unknown error - ${resp}" - exit 2 + exit 3 fi fi diff --git a/dns_scripts/dns_del_cloudflare b/dns_scripts/dns_del_cloudflare index 0013bf7..5a62c05 100755 --- a/dns_scripts/dns_del_cloudflare +++ b/dns_scripts/dns_del_cloudflare @@ -3,6 +3,15 @@ email=${CF_EMAIL:-''} key=${CF_KEY:-''} +# This script removes a token from cloudflare DNS for the ACME challenge +# usage dns_del_cloudflare "domain name" "token (optional)" +# if token is not specified, then all tokens are removed. +# return codes are; +# 0 - success +# 1 - error in input +# 2 - error within internal processing +# 3 - error in result ( domain not found in cloudflare etc) + fulldomain="${1}" token="${2}" API='https://api.cloudflare.com/client/v4/zones' @@ -50,14 +59,14 @@ while [[ "$resp" ]]; do domains=( "${domains[@]}" "${BASH_REMATCH[1]}" ) else echo "Error getting domain name" - exit 1 + exit 2 fi re='"id":"([^"]*)"' if [[ "$first" =~ $re ]]; then ids=( "${ids[@]}" "${BASH_REMATCH[1]}" ) else echo "Error getting domain id" - exit 1 + exit 2 fi done @@ -88,7 +97,7 @@ done if [[ -z "$domain" ]]; then echo 'domain name not found on your cloudflare account' - exit 1 + exit 3 fi curl_request="$API/$domain_id/dns_records?type=TXT&name=_acme-challenge.$fulldomain" @@ -102,11 +111,11 @@ if [[ "${resp// }" =~ $re ]]; then resp="${BASH_REMATCH[1]}" if [ -z "$resp" ]; then echo 'challenge TXT record not found on your cloudflare account' - exit 2 + exit 3 fi else # results section not found echo "error in results section response from cloudflare" - exit 1 + exit 3 fi while [[ "$resp" ]]; do # iterate through records returned @@ -120,7 +129,7 @@ while [[ "$resp" ]]; do # iterate through records returned id="${BASH_REMATCH[1]}" else echo "Error: domain ID not found" - exit -1 + exit 2 fi respd=$(curl --silent "${curl_params[@]}" -X DELETE "$API/$domain_id/dns_records/$id") if [[ "${respd// }" == *'"success":false'* ]]; then diff --git a/getssl b/getssl index 3176eb3..2d74a5a 100755 --- a/getssl +++ b/getssl @@ -151,10 +151,12 @@ # 2016-11-05 added TOKEN_USER_ID (to set ownership of token files ) # 2016-11-05 updated style to work with latest shellcheck (1.78) # 2016-11-07 style updates +# 2016-11-07 bug fix DOMAIN_PEM_LOCATION starting with ./ #167 +# 2016-11-08 Fix for openssl 1.1.0 #166 (1.79) # ---------------------------------------------------------------------------------------- PROGNAME=${0##*/} -VERSION="1.78" +VERSION="1.79" # defaults CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" @@ -677,7 +679,7 @@ get_signing_params() { # get signing parameters from key else error_exit "Invlid key file" fi - thumbprint="$(printf "%s" "$jwk" | openssl sha -sha256 -binary | urlbase64)" + thumbprint="$(printf "%s" "$jwk" | openssl dgst -sha256 -binary | urlbase64)" debug "jwk alg = $jwkalg" debug "jwk = $jwk" debug "thumbprint $thumbprint" @@ -1608,7 +1610,7 @@ for d in $alldomains; do debug keyauthorization "$keyauthorization" #create signed authorization key from token. - auth_key=$(printf '%s' "$keyauthorization" | openssl sha -sha256 -binary \ + auth_key=$(printf '%s' "$keyauthorization" | openssl dgst -sha256 -binary \ | openssl base64 -e \ | tr -d '\n\r' \ | sed -e 's:=*$::g' -e 'y:+/:-_:') @@ -1838,7 +1840,7 @@ if [[ ! -z "$DOMAIN_PEM_LOCATION" ]]; then to_location="${DOMAIN_PEM_LOCATION}" fi cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem" - copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem" "$DOMAIN_PEM_LOCATION" + copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem" "$to_location" fi # end of copying certs.