From 7db7948197eee2be682bf3bae92749a5b54be160 Mon Sep 17 00:00:00 2001
From: srvrco <andy@serverco.com>
Date: Sat, 28 May 2016 15:16:33 +0100
Subject: [PATCH] added FTP method of uploading tokens to remote server
 (blocked for certs as not secure) (0.38)

---
 README.md |  5 ++++-
 getssl    | 42 +++++++++++++++++++++++++++++++++++++++---
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 49bbb54..3b6b8b8 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Obtain SSL certificates from the letsencrypt.org ACME server.  Suitable for auto
 This was written in standard bash ( so can be run on a server,  a desktop computer, or even virtualbox) and add the checks, and certificates to a remote server ( providing you have an ssh key on the remote server with access).  
 
 ```
-getssl ver. 0.30
+getssl ver. 0.38
 Obtain SSL certificates from the letsencrypt.org ACME server
 
 Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-w working_dir] domain
@@ -116,6 +116,9 @@ RELOAD_CMD="service apache2 reload"
 if a location for a file starts with ssh:  it is assumed the next part of the file is the hostname, followed by a colon, and then the path. 
 files will be copied using scp, and it assumes that you have a key on the server ( for passwordless access).  You can set the user, port etc for the server in your .ssh/config file
 
+if an ACL starts with ftp:  it as assumed that the line is in the format "ftp:UserID:Password:someserver.com:/path/to/acme-challenge" 
+Note:  FTP can not be used for uploading private key or certificates as it's not a secure method of transfer. 
+
 ssh can also be used for the reload command if using on remote servers. 
 
 ## Getting started
diff --git a/getssl b/getssl
index 9c10d95..59101dc 100755
--- a/getssl
+++ b/getssl
@@ -53,11 +53,11 @@
 # 2016-05-21 added AUTH_DNS_SERVER to getssl.cfg as optional definition of authoritative DNS server (0.35)
 # 2016-05-21 added DNS_WAIT to getssl.cfg as (default = 10 seconds as before) (0.36)
 # 2016-05-21 added PUBLIC_DNS_SERVER option, for when an external, not internal DNS server is required. (0.37)
+# 2016-05-28 added FTP method of uploading tokens to remote server (blocked for certs as not secure) (0.38)
 # ---------------------------------------------------------------------------
 
-
 PROGNAME=${0##*/}
-VERSION="0.37"
+VERSION="0.38"
 
 # defaults
 CA="https://acme-staging.api.letsencrypt.org"
@@ -84,7 +84,8 @@ _QUIET=0
 clean_up() { # Perform pre-exit housekeeping
   umask "$ORIG_UMASK"
   if [ ! -z "$DOMAIN_DIR" ]; then
-    rm -rf "${TEMP_DIR:?}"
+    a=1
+#    rm -rf "${TEMP_DIR:?}"
   fi
   if [[ $VALIDATE_VIA_DNS == "true" ]]; then
     if [[ ! -z "$DNS_DEL_COMMAND" ]]; then
@@ -375,6 +376,28 @@ copy_file_to_location() { # copies a file, using scp if required.
         error_exit "problem copying file to the server using scp.
         scp $from ${to:4}"
       fi
+    elif [[ "${to:0:4}" == "ftp:" ]] ; then
+      if [[ "$cert" != "challenge token" ]] ; then
+        error_exit "ftp is not a sercure method for copying certificates or keys"
+      fi
+      debug "using ftp to copy the file from $from"
+      ftpuser=$(echo "$to"| awk -F: '{print $2}')
+      ftppass=$(echo "$to"| awk -F: '{print $3}')
+      ftphost=$(echo "$to"| awk -F: '{print $4}')
+      ftplocn=$(echo "$to"| awk -F: '{print $5}')
+      ftpdirn=$(dirname $ftplocn)
+      ftpfile=$(basename $ftplocn)
+      fromdir=$(dirname $from)
+      fromfile=$(basename $from)
+      debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
+      debug "from dir=$fromdir  file=$fromfile"
+      ftp -n <<- _EOF
+			open $ftphost
+			user $ftpuser $ftppass
+			cd $ftpdirn
+			lcd $fromdir
+			put $fromfile
+			_EOF
     else
       mkdir -p "$(dirname "$to")"
       if [ $? -gt 0 ]; then
@@ -934,6 +957,19 @@ for d in $alldomains; do
       # shellcheck disable=SC2029
       ssh "$sshhost" "${command}" 1>/dev/null 2>&1
       rm -f "${TEMP_DIR:?}/${token:?}"
+    elif [[ "${ACL[$dn]:0:4}" == "ftp:" ]] ; then
+      debug "using ftp to remove token file"
+      ftpuser=$(echo "${ACL[$dn]}"| awk -F: '{print $2}')
+      ftppass=$(echo "${ACL[$dn]}"| awk -F: '{print $3}')
+      ftphost=$(echo "${ACL[$dn]}"| awk -F: '{print $4}')
+      ftplocn=$(echo "${ACL[$dn]}"| awk -F: '{print $5}')
+      debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost loction=$ftplocn"
+      ftp -n <<- EOF
+			open $ftphost
+			user $ftpuser $ftppass
+			cd $ftplocn 
+			delete ${token:?}
+			EOF
     else
       rm -f "${ACL[$dn]:?}/${token:?}"
     fi