RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

enable use of a single ACL for all checks (if USE_SINGLE_ACL=true) #84

pull/94/head
srvrco 10 years ago
parent
c3d0c65178
commit
83e2a17e96
1 changed files with 22 additions and 15 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +22
    -15
      getssl

+ 22
- 15
getssl View File

@ -93,10 +93,11 @@
# 2016-08-04 set permissions for token folders - issue #81 (1.27)
# 2016-08-07 allow default chained file creation - issue #85 (1.28)
# 2016-08-07 use copy rather than move when archiving certs - issue #86 (1.29)
# 2016-08-07 enable use of a single ACL for all checks (if USE_SINGLE_ACL="true" (1.30)
# ---------------------------------------------------------------------------
PROGNAME=${0##*/}
VERSION="1.29"
VERSION="1.30"
# defaults
CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
@ -111,6 +112,7 @@ RENEW_ALLOW="30"
PRIVATE_KEY_ALG="rsa"
SERVER_TYPE="https"
CHECK_REMOTE="true"
USE_SINGLE_ACL="false"
DNS_WAIT=10
DNS_EXTRA_WAIT=""
PUBLIC_DNS_SERVER=""
@ -1044,7 +1046,12 @@ dn=0
for d in $alldomains; do
# $d is domain in current loop, which is number $dn for ACL
info "Verifing $d"
debug "domain $d has location ${ACL[$dn]}"
if [[ "$USE_SINGLE_ACL" == "true" ]]; then
DOMAIN_ACL="${ACL[0]}"
else
DOMAIN_ACL="${ACL[$dn]}"
fi
debug "domain $d has location ${DOMAIN_ACL}"
# check if we have the information needed to place the challenge
if [[ $VALIDATE_VIA_DNS == "true" ]]; then
@ -1055,7 +1062,7 @@ for d in $alldomains; do
error_exit "DNS_DEL_COMMAND not defined for domain $d"
fi
else
if [ -z "${ACL[$dn]}" ]; then
if [ -z "${DOMAIN_ACL}" ]; then
error_exit "ACL location not specified for domain $d in $DOMAIN_DIR/getssl.cfg"
fi
fi
@ -1151,8 +1158,8 @@ for d in $alldomains; do
# copy to token to acme challenge location
umask 0022
debug "copying file from $TEMP_DIR/$token to ${ACL[$dn]}"
copy_file_to_location "challenge token" "$TEMP_DIR/$token" "${ACL[$dn]}/$token"
debug "copying file from $TEMP_DIR/$token to ${DOMAIN_ACL}"
copy_file_to_location "challenge token" "$TEMP_DIR/$token" "${DOMAIN_ACL}/$token"
umask "$ORIG_UMASK"
wellknown_url="${CHALLENGE_CHECK_TYPE}://$d/.well-known/acme-challenge/$token"
@ -1165,21 +1172,21 @@ for d in $alldomains; do
check_challenge_completion "$uri" "$d" "$keyauthorization"
debug "remove token from ${ACL[$dn]}"
if [[ "${ACL[$dn]:0:4}" == "ssh:" ]] ; then
sshhost=$(echo "${ACL[$dn]}"| awk -F: '{print $2}')
command="rm -f ${ACL[$dn]:(( ${#sshhost} + 5))}/${token:?}"
debug "remove token from ${DOMAIN_ACL}"
if [[ "${DOMAIN_ACL:0:4}" == "ssh:" ]] ; then
sshhost=$(echo "${DOMAIN_ACL}"| awk -F: '{print $2}')
command="rm -f ${DOMAIN_ACL:(( ${#sshhost} + 5))}/${token:?}"
debug "running following comand to remove token"
debug "ssh $sshhost ${command}"
# shellcheck disable=SC2029
ssh "$sshhost" "${command}" 1>/dev/null 2>&1
rm -f "${TEMP_DIR:?}/${token:?}"
elif [[ "${ACL[$dn]:0:4}" == "ftp:" ]] ; then
elif [[ "${DOMAIN_ACL:0:4}" == "ftp:" ]] ; then
debug "using ftp to remove token file"
ftpuser=$(echo "${ACL[$dn]}"| awk -F: '{print $2}')
ftppass=$(echo "${ACL[$dn]}"| awk -F: '{print $3}')
ftphost=$(echo "${ACL[$dn]}"| awk -F: '{print $4}')
ftplocn=$(echo "${ACL[$dn]}"| awk -F: '{print $5}')
ftpuser=$(echo "${DOMAIN_ACL}"| awk -F: '{print $2}')
ftppass=$(echo "${DOMAIN_ACL}"| awk -F: '{print $3}')
ftphost=$(echo "${DOMAIN_ACL}"| awk -F: '{print $4}')
ftplocn=$(echo "${DOMAIN_ACL}"| awk -F: '{print $5}')
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost loction=$ftplocn"
ftp -n <<- EOF
open $ftphost
@ -1188,7 +1195,7 @@ for d in $alldomains; do
delete ${token:?}
EOF
else
rm -f "${ACL[$dn]:?}/${token:?}"
rm -f "${DOMAIN_ACL:?}/${token:?}"
fi
fi
# increment domain-counter


Write Preview
Loading…
Cancel
Save