RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

added drill, dig or host as alternatives to nslookup

pull/238/head
srvrco 9 years ago
parent
467143b1ea
commit
60e04aeeaa
1 changed files with 92 additions and 9 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +92
    -9
      getssl

+ 92
- 9
getssl View File

@ -176,10 +176,11 @@
# 2017-01-02 Added option to limit amount of old versions to keep (2.01)
# 2017-01-03 Created check_config function to list all obvious config issues (2.02)
# 2017-01-10 force renew if FORCE_RENEWAL file exists (2.03)
# 2017-01-12 added drill, dig or host as alternatives to nslookup (2.04)
# ----------------------------------------------------------------------------------------
PROGNAME=${0##*/}
VERSION="2.03"
VERSION="2.04"
# defaults
ACCOUNT_KEY_LENGTH=4096
@ -369,7 +370,21 @@ check_config() { # check the config files for all obvious errors
config_errors=true
fi
# check domain exist
if [[ "$(nslookup -query=AAAA "${d}"|grep -c "^${d}.*has AAAA address")" -ge 1 ]]; then
if [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" SOA|grep -c "^${d}")" -ge 1 ]]; then
debug "found IP for ${d}"
else
info "${DOMAIN}: DNS lookup failed for ${d}"
config_errors=true
fi
elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "^${d}")" -ge 1 ]]; then
debug "found IP for ${d}"
else
info "${DOMAIN}: DNS lookup failed for ${d}"
config_errors=true
fi
elif [[ "$(nslookup -query=AAAA "${d}"|grep -c "^${d}.*has AAAA address")" -ge 1 ]]; then
debug "found IPv6 record for ${d}"
elif [[ "$(nslookup "${d}"| grep -c ^Name)" -ge 1 ]]; then
debug "found IPv4 record for ${d}"
@ -377,7 +392,7 @@ check_config() { # check the config files for all obvious errors
info "${DOMAIN}: DNS lookup failed for $d"
config_errors=true
fi
fi # end http-01 check
fi # end using http-01 challenge
((dn++))
done
@ -675,7 +690,53 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
return
fi
res=$(nslookup -debug=1 -type=soa -type=ns "$1" ${gad_s})
if [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
if [[ -z "$gad_s" ]]; then #checking for CNAMEs
res=$($DNS_CHECK_FUNC CNAME "$gad_d"| grep "^$gad_d")
else
res=$($DNS_CHECK_FUNC CNAME "$gad_d" "@$gad_s"| grep "^$gad_d")
fi
if [[ ! -z "$res" ]]; then # domain is a CNAME so get main domain
gad_d=$(echo "$res"| awk '{print $5}' |sed 's/\.$//g')
fi
if [[ -z "$gad_s" ]]; then #checking for CNAMEs
res=$($DNS_CHECK_FUNC NS "$gad_d"| grep "^$gad_d")
else
res=$($DNS_CHECK_FUNC NS "$gad_d" "@$gad_s"| grep "^$gad_d")
fi
if [[ -z "$res" ]]; then
error_exit "couldn't find primary DNS server - please set AUTH_DNS_SERVER in config"
else
all_auth_dns_servers=$(echo "$res" | awk '$4 ~ "NS" {print $5}' | sed 's/\.$//g'|tr '\n' ' ')
fi
if [[ $CHECK_ALL_AUTH_DNS == "true" ]]; then
primary_ns="$all_auth_dns_servers"
else
primary_ns=$(echo "$all_auth_dns_servers" | awk '{print $1}')
fi
return
fi
if [[ "$DNS_CHECK_FUNC" == "host" ]]; then
if [[ -z "$gad_s" ]]; then
res=$($DNS_CHECK_FUNC -t NS "$gad_d"| grep "name server")
else
res=$($DNS_CHECK_FUNC -t NS "$gad_d" "$gad_s"| grep "name server")
fi
if [[ -z "$res" ]]; then
error_exit "couldn't find primary DNS server - please set AUTH_DNS_SERVER in config"
else
all_auth_dns_servers=$(echo "$res" | awk '{print $4}' | sed 's/\.$//g'|tr '\n' ' ')
fi
if [[ $CHECK_ALL_AUTH_DNS == "true" ]]; then
primary_ns="$all_auth_dns_servers"
else
primary_ns=$(echo "$all_auth_dns_servers" | awk '{print $1}')
fi
return
fi
res=$(nslookup -debug=1 -type=soa -type=ns "$gad_d" ${gad_s})
if [[ "$(echo "$res" | grep -c "Non-authoritative")" -gt 0 ]]; then
# this is a Non-authoritative server, need to check for an authoritative one.
@ -975,10 +1036,25 @@ revoke_certificate() { # revoke a certificate
}
requires() { # check if required function is available
result=$(which "$1" 2>/dev/null)
debug "checking for required $1 ... $result"
if [[ -z "$result" ]]; then
error_exit "This script requires $1 installed"
if [[ "$#" -gt 1 ]]; then # if more than 1 value, check list
for i in "$@"; do
if [[ "$i" == "${!#}" ]]; then # if on last variable then exit as not found
error_exit "this script requires one of: ${*:1:$(($#-1))}"
fi
res=$(which "$i" 2>/dev/null)
debug "checking for $i ... $res"
if [[ ! -z "$res" ]]; then # if function found, then set variable to function and return
debug "function $i found at $res - setting ${!#} to $i"
eval "${!#}=\$i"
return
fi
done
else # only one value, so check it.
result=$(which "$1" 2>/dev/null)
debug "checking for required $1 ... $result"
if [[ -z "$result" ]]; then
error_exit "This script requires $1 installed"
fi
fi
}
@ -1338,13 +1414,14 @@ get_os
requires which
requires openssl
requires curl
requires nslookup
requires nslookup drill dig host DNS_CHECK_FUNC
requires awk
requires tr
requires date
requires grep
requires sed
requires sort
requires mktemp
# Check if upgrades are available (unless they have specified -U to ignore Upgrade checks)
if [[ $_UPGRADE_CHECK -eq 1 ]]; then
@ -1868,6 +1945,12 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \
| grep ^_acme -A2\
| grep '"'|awk -F'"' '{ print $2}')
elif [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${d}" "@${ns}" \
| grep ^_acme|awk -F'"' '{ print $2}')
elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${d}" "${ns}" \
| grep ^_acme|awk -F'"' '{ print $2}')
else
check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \
| grep ^_acme|awk -F'"' '{ print $2}')


Write Preview
Loading…
Cancel
Save