|
|
|
@ -1222,7 +1222,7 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then |
|
|
|
done |
|
|
|
|
|
|
|
if [[ "$DNS_EXTRA_WAIT" -gt 0 && "$PREVIOUSLY_VALIDATED" != "true" ]]; then |
|
|
|
info "sleeping $DNS_EXTRA_WAIT seconds before asking the ACME-server to check the dns" |
|
|
|
info "sleeping $DNS_EXTRA_WAIT seconds before asking the ACME server to check the dns" |
|
|
|
sleep "$DNS_EXTRA_WAIT" |
|
|
|
fi |
|
|
|
|
|
|
|
@ -1267,20 +1267,22 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n |
|
|
|
|
|
|
|
if [[ -n "$HAS_DIG_OR_DRILL" ]]; then |
|
|
|
gad_d="$orig_gad_d" |
|
|
|
debug Using "$HAS_DIG_OR_DRILL SOA +trace +nocomments $gad_d @$gad_s" to find primary nameserver |
|
|
|
# Use SOA +trace to find the name server |
|
|
|
if [[ -z "$gad_s" ]]; then |
|
|
|
res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" 2>/dev/null | grep "IN\WNS\W" | tail -1) |
|
|
|
debug Using "$HAS_DIG_OR_DRILL SOA +trace +nocomments $gad_d" to find primary nameserver |
|
|
|
res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" 2>/dev/null | grep "IN\WNS\W") |
|
|
|
else |
|
|
|
res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" "@$gad_s" 2>/dev/null | grep "IN\WNS\W" | tail -1) |
|
|
|
debug Using "$HAS_DIG_OR_DRILL SOA +trace +nocomments $gad_d @$gad_s" to find primary nameserver |
|
|
|
res=$($HAS_DIG_OR_DRILL SOA +trace +nocomments "$gad_d" "@$gad_s" 2>/dev/null | grep "IN\WNS\W") |
|
|
|
fi |
|
|
|
|
|
|
|
# fallback to existing code |
|
|
|
if [[ -z "$res" ]]; then |
|
|
|
debug Checking for CNAME using "$HAS_DIG_OR_DRILL CNAME $gad_d @$gad_s" |
|
|
|
if [[ -z "$gad_s" ]]; then #checking for CNAMEs (need grep as dig 9.11 sometimes returns everything not just CNAME entries) |
|
|
|
debug Checking for CNAME using "$HAS_DIG_OR_DRILL CNAME $gad_d" |
|
|
|
res=$($HAS_DIG_OR_DRILL CNAME "$gad_d"| grep "^$gad_d" | grep CNAME) |
|
|
|
else |
|
|
|
debug Checking for CNAME using "$HAS_DIG_OR_DRILL CNAME $gad_d @$gad_s" |
|
|
|
res=$($HAS_DIG_OR_DRILL CNAME "$gad_d" "@$gad_s"| grep "^$gad_d" | grep CNAME) |
|
|
|
fi |
|
|
|
if [[ -n "$res" ]]; then # domain is a CNAME so get main domain |
|
|
|
@ -1294,11 +1296,12 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n |
|
|
|
# dig NS www.getssl.text |
|
|
|
# > www.getssl.test. IN CNAME getssl.test |
|
|
|
# > getssl.test. IN NS ns1.duckdns.org |
|
|
|
debug Using "$HAS_DIG_OR_DRILL NS $gad_d @$gad_s" to find primary nameserver |
|
|
|
if [[ -z "$gad_s" ]]; then |
|
|
|
res=$($HAS_DIG_OR_DRILL NS "$gad_d"| grep -E "IN\W(NS|SOA)\W" | tail -1) |
|
|
|
debug Using "$HAS_DIG_OR_DRILL NS $gad_d" to find primary nameserver |
|
|
|
res=$($HAS_DIG_OR_DRILL NS "$gad_d"| grep -E "IN\W(NS|SOA)\W") |
|
|
|
else |
|
|
|
res=$($HAS_DIG_OR_DRILL NS "$gad_d" "@$gad_s"| grep -E "IN\W(NS|SOA)\W" | tail -1) |
|
|
|
debug Using "$HAS_DIG_OR_DRILL NS $gad_d @$gad_s" to find primary nameserver |
|
|
|
res=$($HAS_DIG_OR_DRILL NS "$gad_d" "@$gad_s"| grep -E "IN\W(NS|SOA)\W") |
|
|
|
fi |
|
|
|
fi |
|
|
|
if [[ -n "$res" ]]; then |
|
|
|
@ -2194,6 +2197,7 @@ write_domain_template() { # write out a template file for a domain. |
|
|
|
# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. |
|
|
|
# You can also user WebDAV over HTTPS as transport mechanism. To do so, start with davs: followed by username, |
|
|
|
# password, host, port (explicitly needed even if using default port 443) and path on the server. |
|
|
|
# Multiple locations can be defined for a file by separating the locations with a semi-colon. |
|
|
|
#ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge' |
|
|
|
# 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' |
|
|
|
# 'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' |
|
|
|
|
Tim Kimber
5 years ago