RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

added FTP method of uploading tokens to remote server (blocked for certs as not secure) (0.38)

pull/41/head
srvrco 10 years ago
parent
6ece38afa3
commit
7db7948197
2 changed files with 43 additions and 4 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      README.md
  2. +39
    -3
      getssl

+ 4
- 1
README.md View File

@ -4,7 +4,7 @@ Obtain SSL certificates from the letsencrypt.org ACME server. Suitable for auto
This was written in standard bash ( so can be run on a server, a desktop computer, or even virtualbox) and add the checks, and certificates to a remote server ( providing you have an ssh key on the remote server with access). This was written in standard bash ( so can be run on a server, a desktop computer, or even virtualbox) and add the checks, and certificates to a remote server ( providing you have an ssh key on the remote server with access).
``` ```
getssl ver. 0.30
getssl ver. 0.38
Obtain SSL certificates from the letsencrypt.org ACME server Obtain SSL certificates from the letsencrypt.org ACME server
Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-w working_dir] domain Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-w working_dir] domain
@ -116,6 +116,9 @@ RELOAD_CMD="service apache2 reload"
if a location for a file starts with ssh: it is assumed the next part of the file is the hostname, followed by a colon, and then the path. if a location for a file starts with ssh: it is assumed the next part of the file is the hostname, followed by a colon, and then the path.
files will be copied using scp, and it assumes that you have a key on the server ( for passwordless access). You can set the user, port etc for the server in your .ssh/config file files will be copied using scp, and it assumes that you have a key on the server ( for passwordless access). You can set the user, port etc for the server in your .ssh/config file
if an ACL starts with ftp: it as assumed that the line is in the format "ftp:UserID:Password:someserver.com:/path/to/acme-challenge"
Note: FTP can not be used for uploading private key or certificates as it's not a secure method of transfer.
ssh can also be used for the reload command if using on remote servers. ssh can also be used for the reload command if using on remote servers.
## Getting started ## Getting started


+ 39
- 3
getssl View File

@ -53,11 +53,11 @@
# 2016-05-21 added AUTH_DNS_SERVER to getssl.cfg as optional definition of authoritative DNS server (0.35) # 2016-05-21 added AUTH_DNS_SERVER to getssl.cfg as optional definition of authoritative DNS server (0.35)
# 2016-05-21 added DNS_WAIT to getssl.cfg as (default = 10 seconds as before) (0.36) # 2016-05-21 added DNS_WAIT to getssl.cfg as (default = 10 seconds as before) (0.36)
# 2016-05-21 added PUBLIC_DNS_SERVER option, for when an external, not internal DNS server is required. (0.37) # 2016-05-21 added PUBLIC_DNS_SERVER option, for when an external, not internal DNS server is required. (0.37)
# 2016-05-28 added FTP method of uploading tokens to remote server (blocked for certs as not secure) (0.38)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
PROGNAME=${0##*/} PROGNAME=${0##*/}
VERSION="0.37"
VERSION="0.38"
# defaults # defaults
CA="https://acme-staging.api.letsencrypt.org" CA="https://acme-staging.api.letsencrypt.org"
@ -84,7 +84,8 @@ _QUIET=0
clean_up() { # Perform pre-exit housekeeping clean_up() { # Perform pre-exit housekeeping
umask "$ORIG_UMASK" umask "$ORIG_UMASK"
if [ ! -z "$DOMAIN_DIR" ]; then if [ ! -z "$DOMAIN_DIR" ]; then
rm -rf "${TEMP_DIR:?}"
a=1
# rm -rf "${TEMP_DIR:?}"
fi fi
if [[ $VALIDATE_VIA_DNS == "true" ]]; then if [[ $VALIDATE_VIA_DNS == "true" ]]; then
if [[ ! -z "$DNS_DEL_COMMAND" ]]; then if [[ ! -z "$DNS_DEL_COMMAND" ]]; then
@ -375,6 +376,28 @@ copy_file_to_location() { # copies a file, using scp if required.
error_exit "problem copying file to the server using scp. error_exit "problem copying file to the server using scp.
scp $from ${to:4}" scp $from ${to:4}"
fi fi
elif [[ "${to:0:4}" == "ftp:" ]] ; then
if [[ "$cert" != "challenge token" ]] ; then
error_exit "ftp is not a sercure method for copying certificates or keys"
fi
debug "using ftp to copy the file from $from"
ftpuser=$(echo "$to"| awk -F: '{print $2}')
ftppass=$(echo "$to"| awk -F: '{print $3}')
ftphost=$(echo "$to"| awk -F: '{print $4}')
ftplocn=$(echo "$to"| awk -F: '{print $5}')
ftpdirn=$(dirname $ftplocn)
ftpfile=$(basename $ftplocn)
fromdir=$(dirname $from)
fromfile=$(basename $from)
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
ftp -n <<- _EOF
open $ftphost
user $ftpuser $ftppass
cd $ftpdirn
lcd $fromdir
put $fromfile
_EOF
else else
mkdir -p "$(dirname "$to")" mkdir -p "$(dirname "$to")"
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
@ -934,6 +957,19 @@ for d in $alldomains; do
# shellcheck disable=SC2029 # shellcheck disable=SC2029
ssh "$sshhost" "${command}" 1>/dev/null 2>&1 ssh "$sshhost" "${command}" 1>/dev/null 2>&1
rm -f "${TEMP_DIR:?}/${token:?}" rm -f "${TEMP_DIR:?}/${token:?}"
elif [[ "${ACL[$dn]:0:4}" == "ftp:" ]] ; then
debug "using ftp to remove token file"
ftpuser=$(echo "${ACL[$dn]}"| awk -F: '{print $2}')
ftppass=$(echo "${ACL[$dn]}"| awk -F: '{print $3}')
ftphost=$(echo "${ACL[$dn]}"| awk -F: '{print $4}')
ftplocn=$(echo "${ACL[$dn]}"| awk -F: '{print $5}')
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost loction=$ftplocn"
ftp -n <<- EOF
open $ftphost
user $ftpuser $ftppass
cd $ftplocn
delete ${token:?}
EOF
else else
rm -f "${ACL[$dn]:?}/${token:?}" rm -f "${ACL[$dn]:?}/${token:?}"
fi fi


Write Preview
Loading…
Cancel
Save