RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

bug fix openssl v1.1.0 (#166) and DOMAIN_PEM_LOCATION (#167)

pull/168/merge
srvrco 9 years ago
parent
724d30a132
commit
36e3428ac5
3 changed files with 39 additions and 16 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +18
    -6
      dns_scripts/dns_add_cloudflare
  2. +15
    -6
      dns_scripts/dns_del_cloudflare
  3. +6
    -4
      getssl

+ 18
- 6
dns_scripts/dns_add_cloudflare View File

@ -3,6 +3,14 @@
email=${CF_EMAIL:-''} email=${CF_EMAIL:-''}
key=${CF_KEY:-''} key=${CF_KEY:-''}
# This script adds a token to cloudflare DNS for the ACME challenge
# usage dns_add_cloudflare "domain name" "token"
# return codes are;
# 0 - success
# 1 - error in input
# 2 - error within internal processing
# 3 - error in result ( domain not found in cloudflare etc)
fulldomain="${1}" fulldomain="${1}"
token="${2}" token="${2}"
API='https://api.cloudflare.com/client/v4/zones' API='https://api.cloudflare.com/client/v4/zones'
@ -55,14 +63,14 @@ while [[ "$resp" ]]; do
domains=( "${domains[@]}" "${BASH_REMATCH[1]}" ) domains=( "${domains[@]}" "${BASH_REMATCH[1]}" )
else else
echo "Error getting domain name" echo "Error getting domain name"
exit 1
exit 2
fi fi
re='"id":"([^"]*)"' re='"id":"([^"]*)"'
if [[ "$first" =~ $re ]]; then if [[ "$first" =~ $re ]]; then
ids=( "${ids[@]}" "${BASH_REMATCH[1]}" ) ids=( "${ids[@]}" "${BASH_REMATCH[1]}" )
else else
echo "Error getting domain id" echo "Error getting domain id"
exit 1
exit 2
fi fi
done done
@ -93,7 +101,7 @@ done
if [[ -z "$domain" ]]; then if [[ -z "$domain" ]]; then
echo 'domain name not found on your cloudflare account' echo 'domain name not found on your cloudflare account'
exit 1
exit 3
fi fi
txt_record="_acme-challenge.${fulldomain%.$domain}" txt_record="_acme-challenge.${fulldomain%.$domain}"
@ -102,12 +110,16 @@ resp=$(curl --silent "${curl_params[@]}" -X POST "$API/$domain_id/dns_records" \
# if it failed (success:false) then give error message # if it failed (success:false) then give error message
if [[ "${resp// }" == *'"success":false'* ]]; then if [[ "${resp// }" == *'"success":false'* ]]; then
if [[ "${resp// }" == *'"code":81057'[^0-9]* ]]; then
echo "DNS challenge token already exists"
exit
fi
re='"message":"([^"]+)"' re='"message":"([^"]+)"'
if [[ "$resp" =~ $re ]]; then if [[ "$resp" =~ $re ]]; then
echo "Error: DNS challenge not added: ${BASH_REMATCH[1]:-unknown error}"
exit 2
echo "Error: DNS challenge not added: ${BASH_REMATCH[1]}"
exit 3
else else
echo "Error: DNS challenge not added: unknown error - ${resp}" echo "Error: DNS challenge not added: unknown error - ${resp}"
exit 2
exit 3
fi fi
fi fi

+ 15
- 6
dns_scripts/dns_del_cloudflare View File

@ -3,6 +3,15 @@
email=${CF_EMAIL:-''} email=${CF_EMAIL:-''}
key=${CF_KEY:-''} key=${CF_KEY:-''}
# This script removes a token from cloudflare DNS for the ACME challenge
# usage dns_del_cloudflare "domain name" "token (optional)"
# if token is not specified, then all tokens are removed.
# return codes are;
# 0 - success
# 1 - error in input
# 2 - error within internal processing
# 3 - error in result ( domain not found in cloudflare etc)
fulldomain="${1}" fulldomain="${1}"
token="${2}" token="${2}"
API='https://api.cloudflare.com/client/v4/zones' API='https://api.cloudflare.com/client/v4/zones'
@ -50,14 +59,14 @@ while [[ "$resp" ]]; do
domains=( "${domains[@]}" "${BASH_REMATCH[1]}" ) domains=( "${domains[@]}" "${BASH_REMATCH[1]}" )
else else
echo "Error getting domain name" echo "Error getting domain name"
exit 1
exit 2
fi fi
re='"id":"([^"]*)"' re='"id":"([^"]*)"'
if [[ "$first" =~ $re ]]; then if [[ "$first" =~ $re ]]; then
ids=( "${ids[@]}" "${BASH_REMATCH[1]}" ) ids=( "${ids[@]}" "${BASH_REMATCH[1]}" )
else else
echo "Error getting domain id" echo "Error getting domain id"
exit 1
exit 2
fi fi
done done
@ -88,7 +97,7 @@ done
if [[ -z "$domain" ]]; then if [[ -z "$domain" ]]; then
echo 'domain name not found on your cloudflare account' echo 'domain name not found on your cloudflare account'
exit 1
exit 3
fi fi
curl_request="$API/$domain_id/dns_records?type=TXT&name=_acme-challenge.$fulldomain" curl_request="$API/$domain_id/dns_records?type=TXT&name=_acme-challenge.$fulldomain"
@ -102,11 +111,11 @@ if [[ "${resp// }" =~ $re ]]; then
resp="${BASH_REMATCH[1]}" resp="${BASH_REMATCH[1]}"
if [ -z "$resp" ]; then if [ -z "$resp" ]; then
echo 'challenge TXT record not found on your cloudflare account' echo 'challenge TXT record not found on your cloudflare account'
exit 2
exit 3
fi fi
else # results section not found else # results section not found
echo "error in results section response from cloudflare" echo "error in results section response from cloudflare"
exit 1
exit 3
fi fi
while [[ "$resp" ]]; do # iterate through records returned while [[ "$resp" ]]; do # iterate through records returned
@ -120,7 +129,7 @@ while [[ "$resp" ]]; do # iterate through records returned
id="${BASH_REMATCH[1]}" id="${BASH_REMATCH[1]}"
else else
echo "Error: domain ID not found" echo "Error: domain ID not found"
exit -1
exit 2
fi fi
respd=$(curl --silent "${curl_params[@]}" -X DELETE "$API/$domain_id/dns_records/$id") respd=$(curl --silent "${curl_params[@]}" -X DELETE "$API/$domain_id/dns_records/$id")
if [[ "${respd// }" == *'"success":false'* ]]; then if [[ "${respd// }" == *'"success":false'* ]]; then


+ 6
- 4
getssl View File

@ -151,10 +151,12 @@
# 2016-11-05 added TOKEN_USER_ID (to set ownership of token files ) # 2016-11-05 added TOKEN_USER_ID (to set ownership of token files )
# 2016-11-05 updated style to work with latest shellcheck (1.78) # 2016-11-05 updated style to work with latest shellcheck (1.78)
# 2016-11-07 style updates # 2016-11-07 style updates
# 2016-11-07 bug fix DOMAIN_PEM_LOCATION starting with ./ #167
# 2016-11-08 Fix for openssl 1.1.0 #166 (1.79)
# ---------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------
PROGNAME=${0##*/} PROGNAME=${0##*/}
VERSION="1.78"
VERSION="1.79"
# defaults # defaults
CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
@ -677,7 +679,7 @@ get_signing_params() { # get signing parameters from key
else else
error_exit "Invlid key file" error_exit "Invlid key file"
fi fi
thumbprint="$(printf "%s" "$jwk" | openssl sha -sha256 -binary | urlbase64)"
thumbprint="$(printf "%s" "$jwk" | openssl dgst -sha256 -binary | urlbase64)"
debug "jwk alg = $jwkalg" debug "jwk alg = $jwkalg"
debug "jwk = $jwk" debug "jwk = $jwk"
debug "thumbprint $thumbprint" debug "thumbprint $thumbprint"
@ -1608,7 +1610,7 @@ for d in $alldomains; do
debug keyauthorization "$keyauthorization" debug keyauthorization "$keyauthorization"
#create signed authorization key from token. #create signed authorization key from token.
auth_key=$(printf '%s' "$keyauthorization" | openssl sha -sha256 -binary \
auth_key=$(printf '%s' "$keyauthorization" | openssl dgst -sha256 -binary \
| openssl base64 -e \ | openssl base64 -e \
| tr -d '\n\r' \ | tr -d '\n\r' \
| sed -e 's:=*$::g' -e 'y:+/:-_:') | sed -e 's:=*$::g' -e 'y:+/:-_:')
@ -1838,7 +1840,7 @@ if [[ ! -z "$DOMAIN_PEM_LOCATION" ]]; then
to_location="${DOMAIN_PEM_LOCATION}" to_location="${DOMAIN_PEM_LOCATION}"
fi fi
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem" cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem"
copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem" "$DOMAIN_PEM_LOCATION"
copy_file_to_location "full key, cert and chain pem" "$TEMP_DIR/${DOMAIN}.pem" "$to_location"
fi fi
# end of copying certs. # end of copying certs.


Write Preview
Loading…
Cancel
Save