diff --git a/getssl b/getssl index 34d78fc..7f8325c 100755 --- a/getssl +++ b/getssl @@ -106,10 +106,11 @@ # 2016-09-17 Improved error messages from invalid certs (1.40) # 2016-09-19 remove update check on recursive calls when using -a (1.41) # 2016-09-21 changed shebang for portability (1.42) +# 2016-09-21 Included option to Deactivate an Authorization (1.43) # --------------------------------------------------------------------------- PROGNAME=${0##*/} -VERSION="1.42" +VERSION="1.43" # defaults CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" @@ -129,6 +130,7 @@ DNS_WAIT=10 DNS_EXTRA_WAIT="" PUBLIC_DNS_SERVER="" CHALLENGE_CHECK_TYPE="http" +DEACTIVATE_AUTH="false" ORIG_UMASK=$(umask) _USE_DEBUG=0 _CREATE_CONFIG=0 @@ -196,6 +198,12 @@ check_challenge_completion() { # checks with the ACME server if our challenge is debug "sleep 5 secs before testing verify again" sleep 5 done + + if [[ "$DEACTIVATE_AUTH" == "true" ]]; then + deactivate_url=$(echo "$responseHeaders" | os_grep "^Link" | cut -d " " -f 2| cut -d ';' -f 1 | os_sed 's///g') + deactivate_url_list="$deactivate_url_list $deactivate_url" + debug "adding url to deactivate list - $deactivate_url" + fi } check_getssl_upgrade() { # check if a more recent version of code is available available @@ -1099,6 +1107,11 @@ for d in $alldomains; do if [[ $response_status == "valid" ]]; then info "$d is already validated" + if [[ "$DEACTIVATE_AUTH" == "true" ]]; then + deactivate_url=$(echo "$responseHeaders" | os_grep "^Location" | cut -d " " -f 2) + deactivate_url_list="$deactivate_url_list $deactivate_url" + debug "url added to deactivate list $deactivate_url" + fi # increment domain-counter let dn=dn+1; else @@ -1359,6 +1372,21 @@ fi reload_service +# deactivate authorizations +if [[ "$DEACTIVATE_AUTH" == "true" ]]; then + debug " in deactivate list should be $deactivate_url_list " + for deactivate_url in $deactivate_url_list; do + debug "deactivating $deactivate_url" + send_signed_request "$deactivate_url" "{\"resource\": \"authz\", \"status\": \"deactivated\"}" + # check respose + if [ "$code" == "200" ]; then + debug "Authorization deactivated" + else + error_exit "$domain: Deactivation error: $code" + fi + done +fi + # Check if the certificate is installed correctly if [[ ${CHECK_REMOTE} == "true" ]]; then # shellcheck disable=SC2086