From 83020bd5012198553f0de6895c99974bca86cead Mon Sep 17 00:00:00 2001 From: Damon Dransfeld Date: Wed, 4 Jan 2017 09:39:56 +0100 Subject: [PATCH] Add flag to skip HTTP_TOKEN check In case that routing to $wellknown_url is different from the local host than it is from LE servers, it might be necessary to skip downloading the HTTP Token in order to proceed with ACME Challenge Auth --- getssl | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/getssl b/getssl index 3a7cf7a..b27f7c0 100755 --- a/getssl +++ b/getssl @@ -219,6 +219,7 @@ _CREATE_CONFIG=0 _FORCE_RENEW=0 _KEEP_VERSIONS="" _MUTE=0 +_NO_TOKENCHECK=0 _QUIET=0 _RECREATE_CSR=0 _REVOKE=0 @@ -1188,6 +1189,8 @@ while [[ -n $1 ]]; do _CHECK_ALL=1 ;; -k | --keep) shift; _KEEP_VERSIONS="$1";; + -n | --no-tokencheck) + _NO_TOKENCHECK=1 -q | --quiet) _QUIET=1 ;; -Q | --mute) @@ -1777,11 +1780,13 @@ for d in $alldomains; do if [[ "$SKIP_HTTP_TOKEN_CHECK" == "true" ]]; then info "SKIP_HTTP_TOKEN_CHECK=true so not checking that token is working correctly" else - sleep "$HTTP_TOKEN_CHECK_WAIT" - # check that we can reach the challenge ourselves, if not, then error - if [[ ! "$(curl -k --silent --location "$wellknown_url")" == "$keyauthorization" ]]; then - error_exit "for some reason could not reach $wellknown_url - please check it manually" - fi + if [[ ${_NO_TOKENCHECK} -eq 0 ]]; then + sleep "$HTTP_TOKEN_CHECK_WAIT" + # check that we can reach the challenge ourselves, if not, then error + if [[ ! "$(curl -k --silent --location "$wellknown_url")" == "$keyauthorization" ]]; then + error_exit "for some reason could not reach $wellknown_url - please check it manually" + fi + fi fi check_challenge_completion "$uri" "$d" "$keyauthorization"